Il 11/06/2013 16:42, Giancarlo Dessena ha scritto:
Right. Just pay attention to the syncope password: it cannot be virtual.
Maybe you can use a different syncope attribute (virtual) to be
mapped with the resource password.
Okay now I'm a bit confused. Does that mean Syncope is kind of
handling the passwords internally by default
and that I can not tell syncope to authenticate users against an
external DB?
Not yet.
Please take a look at the following issues:
https://issues.apache.org/jira/browse/SYNCOPE-160
https://issues.apache.org/jira/browse/SYNCOPE-164
Contributions in this sense are welcome. ;)
I mean in the resources i can set the user schema to read any field I
want.
right taking care my comment above and if and only if password is not
ciphered (or reversible).
can you rephrase that please? :D
Usually, a password is encrypted before storing. Right?
Sometimes this encryption can be reversible: you can retrieve the
original clear-text password by using a secret key.
So, you can read the value stored onto the resource password field by
using a virtual attribute but, if this password is encrypted, may be
this value is useless.
Unfortunately not. You can implement your ad-hoc solution to trigger
these info.
To communicate changes to Apache Syncope you can implement a REST
client (in your solution)that can ask for a specific user
update/create/delete based on triggered event.
So there is a REST Web Service which i can tell to add a new User?
Of course. Please take a look at the integration test file [1], test
create().
Can the user be synchronized to other resources or is he internal?
By assigning resources the new user will be propagated as specified.
Please take a look at [1], test createUserWithDbPropagation().
[1]
http://svn.apache.org/viewvc/syncope/tags/syncope-1.1.1/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java?view=markup
Best regards,
F.
Am 11.06.2013 um 16:17 schrieb Fabio Martelli
<[email protected] <mailto:[email protected]>>:
Il 11/06/2013 15:12, Giancarlo Dessena ha scritto:
You cannot. The owner (syncope user) is required otherwise no link
will be in place.
Ah ok, makes sense. I kind of confused myself there :|
I cannot understand this requirement.
Some of the applications I'm targeting are time sensitive and need
to have access to the freshest credentials.
To solve this I have this Idea of directly accessing the external
Database for the email and password field.
Fine but the AccountId mapping is mandatory and cannot be based on
a virtual attribute.
As you said a syncope user is needed to establish a link.
But since the email field can change i need to add an id column to
my table which i then can use as AccountID instead
+-------------------------+
| id | email | password |
|-------------------------|
| ... | ... | ... |
+-------------------------+
After this i can make email and password fields virtual in the schema.
Right. Just pay attention to the syncope password: it cannot be virtual.
Maybe you can use a different syncope attribute (virtual) to be
mapped with the resource password.
With this setup it would be possible to get the latest email and
password from the Database, right?
right taking care my comment above and if and only if password is not
ciphered (or reversible).
If so there is still one last thing which I would like to improve.
Creation and deletion of users would only be noticed after a sync.
Is there a way to trigger a sync from outside Syncope?
Unfortunately not. You can implement your ad-hoc solution to trigger
these info.
To communicate changes to Apache Syncope you can implement a REST
client (in your solution)that can ask for a specific user
update/create/delete based on triggered event.
Best regards,
F.
