On 22/05/2018 11:00, Alexandr Anatolievich wrote:
Thank you for your response.
I updated my Authenticate groovy script. I have next exception when
user puts wrong credentials
org.identityconnectors.framework.common.exceptions.InvalidCredentialException:
Authentication failed for "My User".
But I still have an issue with passthrough resource.
It is automatically removed by Syncope from Account Policy after
Authenticate fails with "Invalid Credential" Exception in 1-3 min
(sometimes immediately).
I am debugging
org.apache.syncope.core.persistence.jpa.entity.policy.JPAAccountPolicy
and org.apache.syncope.core.persistence.jpa.dao.JPAUserDAO for
possible issues now.
Could it be an issue with Syncope cache/transactions?
Could you please check the other aspects of the Account Policy you are
using for the pass-through authentication? What is the value set for
"maxAuthenticationAttempts"?
Regards.
2018-05-22 9:18 GMT+03:00 Francesco Chicchiriccò <[email protected]
<mailto:[email protected]>>:
On 21/05/2018 16:47, Alex123 wrote:
Hi!
I have :My REST Connector" with corresponding "My Resource" and I
implemented Authenticate groovy script for it.
In Syncope console I attached resource to My Account Policy
(Configuration
-> Policies -> Account -> Edit)
I set
- "Max Authentication Attempts" to 0
- "Propagate Suspension" is disabled
- I selected "My Resource" among Available Passthrough Resources
I attached this "My Account Policy" to "My Realm"
When users from "My REST Connector" use valid username and
valid password
all works fine.
But when users from "My REST Connector" use valid username
and INVALID
password one or more times "My Resource" will be
automatically removed by
Syncope from "My Account Policy" in 3-5 minutes.
On BE the only error I have is
org.identityconnectors.framework.common.exceptions.ConnectorException:
Authenticate script didn't return with the __UID__ value.
I do not return __UID__ because user put wrong password and
external server
does not confirm it so I return null from Authenticate groovy
script.
I am using Syncope 2.0.8 and net.tirasa.connid.bundles.rest 1.0.2
Thank you in advance for your help!
Hi,
your authenticate script is expected to implement the ConnId's
AuthenticateOp [1]; from Javadoc:
"Simple authentication with two parameters presumed to be user
name and password. The Connector developer is expected to attempt
to authenticate these credentials natively. If the authentication
fails the developer should throw a type of RuntimeException either
IllegalArgumentException or if a native exception is available and
if its of type RuntimeException simple throw it. If the native
exception is not a RuntimeException wrap it in one and throw it.
This will provide the most detail for logging problem and failed
attempts.
The developer is of course encourage to try and throw the most
informative exception as possible. In that regards there are
several exceptions provided in the exceptions package. For
instance one of the most common is InvalidPasswordException."
Compared with the behavior described above, e.g.
I do not return __UID__ because user put wrong password and
external server
does not confirm it so I return null from Authenticate groovy
script.
you should raise one of the given exceptions, instead.
HTH
Regards.
[1]
http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/framework/spi/operations/AuthenticateOp.html
<http://connid.tirasa.net/apidocs/1.4/org/identityconnectors/framework/spi/operations/AuthenticateOp.html>
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
