Hi, Yes we were able to send out e-mails, thanks for the quick response. Though initially we tried to modify the existing NotificationJob.java (1.1.8 Release file) and build, but did not work. It worked with java file that you had provided in the link and adding the Property for smpt.auth.mail and build.
Regarding the password being sent in cleartext, consider below scenario: User has locked his password by attempting n attempts in the end application. The locked account attribute is syncope to temporarily suspend his account. User cannot reset his own password through syncope (account suspended). He sends a mail to admin requesting to reset his password. Admin logs in to the application and resets users password. On resetting his password, mail is sent to user with his new password. User logs in to the system and changes his password manually. (since the first time sign-in functionality is scheduled to release later). Since the password is sent into the users inbox directly, cleartext password sending out does not breach security. (Passwords though should be stored and propagated to end application in encrypted form only). Can the User Forgot Password(self) functionality be taken on priority (I see in the syncope roadmap, its too late in priority list), so that user need not request admin to reset his password. The user will be able to reset his own password from syncope (without logging in, similar to Self-User Registration) answering few challenge questions. This will solve the above problem. Regards, Suresh On Fri, Sep 12, 2014 at 7:26 PM, Francesco Chicchiriccò <[email protected] > wrote: > Hi, > it seems you've finally been able to sent e-mails out [1]: I am curious, > did the fix work? > > About your specific question, sending the cleartext password out is not > definitely a good security practice; for this reason the password value > provided for creation is removed before being made available to the > template engine. > You should better empower some kind of double opt-in. > > Naturally you can always tweak things - by overriding some components - to > do it anyway but this is complex, not documented and nevertheless > discouraged. > > Regards. > > > On 12/09/2014 11:35, Suresh Ajja wrote: > > hi, The cipher encryption kept is SHA1 in the syncope. on user creation, > I need to send mail to the user with username and password. But the > password should be cleartext. > How do I convert the below encrypted password to a clear text password. > > Mail received: > Hi $user.getAttributeMap().get("firstname").getValues().get(0) > $user.getAttributeMap().get("surname").getValues().get(0), welcome to > Syncope! > > Your username is suresh. > Your password is 5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8. > Your email address is [email protected]. Your email address inside a > link <http://localhost/?email=suresh.ajja%40gmail.com>. > > > Thanks > > Suresh > > [1] http://markmail.org/message/t3yfs2eyj67yrnft > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellencehttp://www.tirasa.net/ > > Involved at The Apache Software Foundation: > member, Syncope PMC chair, Cocoon PMC, Olingo > PMChttp://people.apache.org/~ilgrosso/ > >
