On 21/05/2018 16:47, Alex123 wrote:
Hi!
I have :My REST Connector" with corresponding "My Resource" and I
implemented Authenticate groovy script for it.
In Syncope console I attached resource to My Account Policy (Configuration
-> Policies -> Account -> Edit)
I set
- "Max Authentication Attempts" to 0
- "Propagate Suspension" is disabled
- I selected "My Resource" among Available Passthrough Resources
I attached this "My Account Policy" to "My Realm"
When users from "My REST Connector" use valid username and valid password
all works fine.
But when users from "My REST Connector" use valid username and INVALID
password one or more times "My Resource" will be automatically removed by
Syncope from "My Account Policy" in 3-5 minutes.
On BE the only error I have is
org.identityconnectors.framework.common.exceptions.ConnectorException:
Authenticate script didn't return with the __UID__ value.
I do not return __UID__ because user put wrong password and external server
does not confirm it so I return null from Authenticate groovy script.
I am using Syncope 2.0.8 and net.tirasa.connid.bundles.rest 1.0.2
Thank you in advance for your help!
Hi,
your authenticate script is expected to implement the ConnId's
AuthenticateOp [1]; from Javadoc:
"Simple authentication with two parameters presumed to be user name and
password. The Connector developer is expected to attempt to authenticate
these credentials natively. If the authentication fails the developer
should throw a type of RuntimeException either IllegalArgumentException
or if a native exception is available and if its of type
RuntimeException simple throw it. If the native exception is not a
RuntimeException wrap it in one and throw it. This will provide the most
detail for logging problem and failed attempts.
The developer is of course encourage to try and throw the most
informative exception as possible. In that regards there are several
exceptions provided in the exceptions package. For instance one of the
most common is InvalidPasswordException."
Compared with the behavior described above, e.g.
I do not return __UID__ because user put wrong password and external server
does not confirm it so I return null from Authenticate groovy script.
you should raise one of the given exceptions, instead.
HTH
Regards.
[1]
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/framework/spi/operations/AuthenticateOp.html
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
