>> Okay now I'm a bit confused. Does that mean Syncope is kind of handling the >> passwords internally by default >> and that I can not tell syncope to authenticate users against an external DB? > Not yet. Yikes... this is almost a show stopper :| But I can still update the password using REST right? If not do you know a technology that enables the this?
Regards Carlo Am 12.06.2013 um 09:38 schrieb Fabio Martelli <[email protected]>: > Il 11/06/2013 16:42, Giancarlo Dessena ha scritto: >>> Right. Just pay attention to the syncope password: it cannot be virtual. >>> Maybe you can use a different syncope attribute (virtual) to be mapped with >>> the resource password. >> >> Okay now I'm a bit confused. Does that mean Syncope is kind of handling the >> passwords internally by default >> and that I can not tell syncope to authenticate users against an external DB? > Not yet. > Please take a look at the following issues: > https://issues.apache.org/jira/browse/SYNCOPE-160 > https://issues.apache.org/jira/browse/SYNCOPE-164 > > Contributions in this sense are welcome. ;) >> I mean in the resources i can set the user schema to read any field I want. >> >>> right taking care my comment above and if and only if password is not >>> ciphered (or reversible). >> can you rephrase that please? :D > Usually, a password is encrypted before storing. Right? > Sometimes this encryption can be reversible: you can retrieve the original > clear-text password by using a secret key. > > So, you can read the value stored onto the resource password field by using a > virtual attribute but, if this password is encrypted, may be this value is > useless. > >>> Unfortunately not. You can implement your ad-hoc solution to trigger these >>> info. >>> To communicate changes to Apache Syncope you can implement a REST client >>> (in your solution)that can ask for a specific user update/create/delete >>> based on triggered event. >> So there is a REST Web Service which i can tell to add a new User? > Of course. Please take a look at the integration test file [1], test create(). >> Can the user be synchronized to other resources or is he internal? > By assigning resources the new user will be propagated as specified. > Please take a look at [1], test createUserWithDbPropagation(). > > [1] > http://svn.apache.org/viewvc/syncope/tags/syncope-1.1.1/core/src/test/java/org/apache/syncope/core/rest/UserTestITCase.java?view=markup > > Best regards, > F. > >> >> >> >> Am 11.06.2013 um 16:17 schrieb Fabio Martelli <[email protected]>: >> >>> Il 11/06/2013 15:12, Giancarlo Dessena ha scritto: >>>>> You cannot. The owner (syncope user) is required otherwise no link will >>>>> be in place. >>>> Ah ok, makes sense. I kind of confused myself there :| >>>> >>>>> I cannot understand this requirement. >>>> >>>> Some of the applications I'm targeting are time sensitive and need to have >>>> access to the freshest credentials. >>>> To solve this I have this Idea of directly accessing the external Database >>>> for the email and password field. >>>> >>>>> Fine but the AccountId mapping is mandatory and cannot be based on a >>>>> virtual attribute. >>>> >>>> As you said a syncope user is needed to establish a link. >>>> But since the email field can change i need to add an id column to my >>>> table which i then can use as AccountID instead >>>> >>>> +-------------------------+ >>>> | id | email | password | >>>> |-------------------------| >>>> | ... | ... | ... | >>>> +-------------------------+ >>>> >>>> After this i can make email and password fields virtual in the schema. >>> Right. Just pay attention to the syncope password: it cannot be virtual. >>> Maybe you can use a different syncope attribute (virtual) to be mapped with >>> the resource password. >>>> >>>> With this setup it would be possible to get the latest email and password >>>> from the Database, right? >>> right taking care my comment above and if and only if password is not >>> ciphered (or reversible). >>>> >>>> If so there is still one last thing which I would like to improve. >>>> Creation and deletion of users would only be noticed after a sync. >>>> Is there a way to trigger a sync from outside Syncope? >>> Unfortunately not. You can implement your ad-hoc solution to trigger these >>> info. >>> To communicate changes to Apache Syncope you can implement a REST client >>> (in your solution)that can ask for a specific user update/create/delete >>> based on triggered event. >>> >>> Best regards, >>> F. >
