Thx, workaround 1 did the job! ;) Regards, Martin
On Mon, Oct 27, 2014 at 1:39 PM, Francesco Chicchiriccò <ilgro...@apache.org> wrote: > On 27/10/2014 13:17, Martin van Es wrote: >> >> Hi, >> >> I've just started looking at Syncope again and installed 1.2.0 from >> debian packages on a fresh ubuntu 14.04LTS server. All works well, and >> I'm able to propagate a test user to a test OpenLDAP server, but not >> without reentering the user's password. >> >> I thought Syncope had acquired possibility to 2-way encrypt syncope >> password with AES so that it could be propagated? >> >> When I look at the Syncope configuration parameters in console, I see >> password.cipher.algorithm set to SHA1, so that probably should be set >> to AES. But whenever I do that and click "save", when I return to the >> configuration page, it's set to SHA1 again. I found the corresponding >> setting in content.xml in the syncope/WEB-INF/class directory, but >> changing that to AES and restarting tomcat didn't help either (still >> SHA1). >> >> What am I doing wrong? > > > Hi Martin, > you are right, using AES to propagate password values without re-entering is > supported since 1.1.0 [1]. > > The problem you are experiencing ATM is SYNCOPE-576 [2] whose fix is planned > for 1.2.1. > > The content.xml is transferred to the actual database only when no > pre-existing content is found on it, so here's why you keep seeing SHA1; > should you need to change any configuration file, please consider that using > Syncope 1.2.0 DEB packages you can just go and modify it under > /etc/apache-syncope, then restart Tomcat. > > While waiting for SYNCOPE-576 you still have option to > > 1. change this value via REST (see reference [3] for more information) - > e.g. via > > curl -u admin:password -X PUT -H "Content-Type: application/json" -H > "Accept: application/json" -d '{"values": ["AES"]}' > http://host.port/syncope/rest/configurations/password.cipher.algorithm > > 2. change this value in the underlying database table and restart Tomcat > > HTH > Regards. > > [1] https://issues.apache.org/jira/browse/SYNCOPE-136 > [2] https://issues.apache.org/jira/browse/SYNCOPE-576 > [3] http://syncope.apache.org/rest/1.2/index.html > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Involved at The Apache Software Foundation: > member, Syncope PMC chair, Cocoon PMC, Olingo PMC > http://people.apache.org/~ilgrosso/ > > -- If 'but' was any useful, it would be a logic operator