Somehow we are still getting concurrent updates issue. Anyways, what date 1.2.5 be releasing?
Regards, Suresh On Mon, May 25, 2015 at 11:24 AM, Francesco Chicchiriccò < [email protected]> wrote: > On 24/05/2015 19:15, Francesco Chicchiriccò wrote: > > On 2015-05-23 09:06 Suresh wrote: > > hi, > > Please find below scenarios which are not working in syncope. > > First Try: > 1. End user creates his profile using self-registration with approval > enabled > 2. Manager gets approval request, he approves and user get created > successfully. > 3. Manager edits the user to add resource and role id for providing > entitlements successfully. > 4. User logs into syncope application and end application using this > username/password successfully. > 5. User locks his password by attempting wrong passwords and account gets > locked. > 6. User tries to self-password reset from login page link > 7. User provides his username and security question answer and submits the > request. > 8. User receives mail notification with link to change the password. > 9. User provides new password and submits successfully. > 10. User is able to successfully login into Syncope but not from target > application > *Issue: *We see the password is not propagating to target application > database and hence unable to login. > > > Confirmed: see SYNCOPE-671 [1] (just fixed on 1.2.5 / 2.0.0). > > > Second Try: > We tried resetting password through self login using following steps. > 1. Follow steps till 1-10 above. > 2. End User logs in into Syncope and search himself > 3. User clicks'Manage Resouce' link for his profile. > 4. User tries to change password using 'Assign' / 'Provision' links. > 5. Syncope throws error "ConcurrentModification [mismatch Etag value]" > > > Again confirmed: this seems to be an issue on console side due to some > concurrent update (since 1.2.0 in fact, support for ETag is available which > prevents concurrent modifications of the same user / role). > > > Update: after more attempts, I was actually unable to reproduce this: it's > probably been something related to unwanted / unaware concurrent updates on > the same object. > > > Third Try: > We also tried pushing the password to target application by Push Task. The > task gets successfully executed, but the password is not pushed into target. > > This will never work unless you are using AES as password cipher > algorithm, or DBPasswordPropagationActions is configured (see SYNCOPE-505 > [2] for details); basically, Syncope does not (obviously) store password > values as clear-text; with AES (which is not default BTW) password values > can be decrypted before being sent externally, while > with DBPasswordPropagationActions it is possible to send encrypted password > values to the external database. > > Regards. > > [1] https://issues.apache.org/jira/browse/SYNCOPE-671 > > [2] https://issues.apache.org/jira/browse/SYNCOPE-505 > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellencehttp://www.tirasa.net/ > > Involved at The Apache Software Foundation: > member, Syncope PMC chair, Cocoon PMC, Olingo > PMChttp://people.apache.org/~ilgrosso/ > >
