On 2015-05-23 09:06 Suresh wrote:
> hi, > > Please find below scenarios which are not working in syncope. > > First Try: > 1. End user creates his profile using self-registration with approval enabled > 2. Manager gets approval request, he approves and user get created > successfully. > 3. Manager edits the user to add resource and role id for providing > entitlements successfully. > 4. User logs into syncope application and end application using this > username/password successfully. > 5. User locks his password by attempting wrong passwords and account gets > locked. > 6. User tries to self-password reset from login page link > 7. User provides his username and security question answer and submits the > request. > 8. User receives mail notification with link to change the password. > 9. User provides new password and submits successfully. > 10. User is able to successfully login into Syncope but not from target > application > ISSUE: We see the password is not propagating to target application database > and hence unable to login. Confirmed: see SYNCOPE-671 [1] (just fixed on 1.2.5 / 2.0.0). > Second Try: > We tried resetting password through self login using following steps. > 1. Follow steps till 1-10 above. > 2. End User logs in into Syncope and search himself > 3. User clicks'Manage Resouce' link for his profile. > 4. User tries to change password using 'Assign' / 'Provision' links. > 5. Syncope throws error "ConcurrentModification [mismatch Etag value]" Again confirmed: this seems to be an issue on console side due to some concurrent update (since 1.2.0 in fact, support for ETag is available which prevents concurrent modifications of the same user / role). > Third Try: > We also tried pushing the password to target application by Push Task. The > task gets successfully executed, but the password is not pushed into target. This will never work unless you are using AES as password cipher algorithm, or DBPasswordPropagationActions is configured (see SYNCOPE-505 [2] for details); basically, Syncope does not (obviously) store password values as clear-text; with AES (which is not default BTW) password values can be decrypted before being sent externally, while with DBPasswordPropagationActions it is possible to send encrypted password values to the external database. Regards. [1] https://issues.apache.org/jira/browse/SYNCOPE- [1]671 [2] https://issues.apache.org/jira/browse/SYNCOPE-505 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ [2] Involved at The Apache Software Foundation: member, Syncope PMC chair, Cocoon PMC, Olingo PMC http://people.apache.org/~ilgrosso/ [3] Links: ------ [1] https://issues.apache.org/jira/browse/SYNCOPE-505 [2] http://www.tirasa.net/ [3] http://people.apache.org/~ilgrosso/
