On 24/05/2015 19:15, Francesco Chicchiriccò wrote:
On 2015-05-23 09:06 Suresh wrote:
hi,
Please find below scenarios which are not working in syncope.
First Try:
1. End user creates his profile using self-registration with approval
enabled
2. Manager gets approval request, he approves and user get created
successfully.
3. Manager edits the user to add resource and role id for providing
entitlements successfully.
4. User logs into syncope application and end application using this
username/password successfully.
5. User locks his password by attempting wrong passwords and account
gets locked.
6. User tries to self-password reset from login page link
7. User provides his username and security question answer and
submits the request.
8. User receives mail notification with link to change the password.
9. User provides new password and submits successfully.
10. User is able to successfully login into Syncope but not from
target application
*Issue: *We see the password is not propagating to target application
database and hence unable to login.
Confirmed: see SYNCOPE-671 [1] (just fixed on 1.2.5 / 2.0.0).
Second Try:
We tried resetting password through self login using following steps.
1. Follow steps till 1-10 above.
2. End User logs in into Syncope and search himself
3. User clicks'Manage Resouce' link for his profile.
4. User tries to change password using 'Assign' / 'Provision' links.
5. Syncope throws error "ConcurrentModification [mismatch Etag value]"
Again confirmed: this seems to be an issue on console side due to some
concurrent update (since 1.2.0 in fact, support for ETag is available
which prevents concurrent modifications of the same user / role).
Update: after more attempts, I was actually unable to reproduce this:
it's probably been something related to unwanted / unaware concurrent
updates on the same object.
Third Try:
We also tried pushing the password to target application by Push
Task. The task gets successfully executed, but the password is not
pushed into target.
This will never work unless you are using AES as password cipher
algorithm, or DBPasswordPropagationActions is configured (see
SYNCOPE-505 [2] for details); basically, Syncope does not (obviously)
store password values as clear-text; with AES (which is not default
BTW) password values can be decrypted before being sent externally,
while with DBPasswordPropagationActions it is possible to send
encrypted password values to the external database.
Regards.
[1] https://issues.apache.org/jira/browse/SYNCOPE-671
[2] https://issues.apache.org/jira/browse/SYNCOPE-505
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
