[
https://issues.apache.org/jira/browse/SYNCOPE-223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13476921#comment-13476921
]
Jan Bernhardt commented on SYNCOPE-223:
---------------------------------------
Hi Francesco,
Why did you marked this jira issue as duplicate to SYNCOPE-122 ?
>From my view these tickets are not duplicates.
SYNCOPE-122 focuses on Password changes in external systems, whereas
SYNCOPE-223 talks about publishing passwords to external systems.
The challenge in SYNCOPE-122 is to detect password changes, whereas in
SYNCOPE-223 you don't even want to change your password.
As far as I understood SYNCOPE-223, the goal is to propagate passwords to
(newly added) external systems, without the need to re-enter a user's password.
This could be quite important for a usecase, when you have already hundreds of
users active in syncope and if you need to propagate those user accounts to
another (new) resource (e.g. SSO purposes). Currently an administrator would
have to set a new password for all users, to be able to add a new resource to
that account. And then all users need to be informed about their new password
and must change it. But if the password is available in syncope (because of a
symmetric encryption), all users could keep their current password and still be
propagated to another resource.
Best regards
Jan
> Allow new resources subscription without password using AES or other
> Symmetric Algorithms
> -----------------------------------------------------------------------------------------
>
> Key: SYNCOPE-223
> URL: https://issues.apache.org/jira/browse/SYNCOPE-223
> Project: Syncope
> Issue Type: Improvement
> Components: core
> Reporter: Denis Signoretto
> Priority: Critical
>
> Related to http://code.google.com/p/syncope/issues/detail?id=264
> Scenario: an user is subscribing to a new resource (e.g. has a new role
> subscribing new resources)
> Case 1: 2-way (a.k.a. symmetric) password cipher algorithm is configured in
> Syncope
> Use decrypted password from SyncopeUser to subscribe new resource.
> Case 2: 1-way (a.k.a. hash or asymmetric) password cipher algorithm is
> configured in Syncope and no clear-text password is available (for example,
> passed via UserMod or provided by a synchronizing resource)
> Provide, on a resource-basis, a mean to configure how new password should be
> generated:
> * constant
> * random password generation (compliant with resource password policy, if
> present - see issue 218 )
> * provide custom Java class
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
