Thank you for your response. I updated my Authenticate groovy script. I have next exception when user puts wrong credentials org.identityconnectors.framework.common.exceptions.InvalidCredentialException: Authentication failed for "My User".
But I still have an issue with passthrough resource. It is automatically removed by Syncope from Account Policy after Authenticate fails with "Invalid Credential" Exception in 1-3 min (sometimes immediately). I am debugging org.apache.syncope.core.persistence.jpa.entity.policy.JPAAccountPolicy and org.apache.syncope.core.persistence.jpa.dao.JPAUserDAO for possible issues now. Could it be an issue with Syncope cache/transactions? 2018-05-22 9:18 GMT+03:00 Francesco Chicchiriccò <[email protected]>: > On 21/05/2018 16:47, Alex123 wrote: > >> Hi! >> >> I have :My REST Connector" with corresponding "My Resource" and I >> implemented Authenticate groovy script for it. >> In Syncope console I attached resource to My Account Policy (Configuration >> -> Policies -> Account -> Edit) >> I set >> - "Max Authentication Attempts" to 0 >> - "Propagate Suspension" is disabled >> - I selected "My Resource" among Available Passthrough Resources >> I attached this "My Account Policy" to "My Realm" >> >> When users from "My REST Connector" use valid username and valid password >> all works fine. >> >> But when users from "My REST Connector" use valid username and INVALID >> password one or more times "My Resource" will be automatically removed by >> Syncope from "My Account Policy" in 3-5 minutes. >> >> >> On BE the only error I have is >> >> org.identityconnectors.framework.common.exceptions.ConnectorException: >> Authenticate script didn't return with the __UID__ value. >> >> I do not return __UID__ because user put wrong password and external >> server >> does not confirm it so I return null from Authenticate groovy script. >> >> I am using Syncope 2.0.8 and net.tirasa.connid.bundles.rest 1.0.2 >> >> Thank you in advance for your help! >> > > > Hi, > your authenticate script is expected to implement the ConnId's > AuthenticateOp [1]; from Javadoc: > > "Simple authentication with two parameters presumed to be user name and > password. The Connector developer is expected to attempt to authenticate > these credentials natively. If the authentication fails the developer > should throw a type of RuntimeException either IllegalArgumentException or > if a native exception is available and if its of type RuntimeException > simple throw it. If the native exception is not a RuntimeException wrap it > in one and throw it. This will provide the most detail for logging problem > and failed attempts. > > The developer is of course encourage to try and throw the most informative > exception as possible. In that regards there are several exceptions > provided in the exceptions package. For instance one of the most common is > InvalidPasswordException." > > Compared with the behavior described above, e.g. > > I do not return __UID__ because user put wrong password and external server >> does not confirm it so I return null from Authenticate groovy script. >> > > you should raise one of the given exceptions, instead. > > HTH > Regards. > > [1] http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/ > framework/spi/operations/AuthenticateOp.html > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Member at The Apache Software Foundation > Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail > http://home.apache.org/~ilgrosso/ > >
