Allow new resources subscription without password using AES or other Symmetric Algorithms

ilgrosso / oldSyncopeIdM

Exported from Google Code for historical reasons; now at The Apache Software Foundation

http:/syncope.apache.org

Apache License 2.0

1 stars 0 forks source link

Allow new resources subscription without password using AES or other Symmetric Algorithms #264

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?

1. Setup (in configuration) password.cipher.algorithm AES or another symmetric 
algorithm
2. Create a user
3. Create a resource
4. Edit user and associate a new Resource

What is the expected output? What do you see instead?

The user is associated and provisioned using the same
password previously defined. (Not a real issue, it's an
improvement). Instead password change requied with the
error message "Error:{[RequiredValuesMissing [password cannot be empty when 
subscribing to new resources]], }"

What version of the product are you using? On what operating system?

- Product rev: trunk (1354)
- Operative System: x86_64 x86_64 GNU/Linux, 
- JVM: Java HotSpot(TM) 64-Bit Server VM (build 21.0-b17, mixed mode)
- Apache Tomcat 7.0.22

Please provide any additional information below.

Original issue reported on code.google.com by denis.si...@gmail.com on 28 Dec 2011 at 9:16

GoogleCodeExporter commented 9 years ago

Let's discuss this in syncope-dev: can you start a thread, please?

Original comment by chicchiricco on 29 Dec 2011 at 9:17

Added labels: Type-Enhancement, Milestone-Release-2012Q1, Component-Logic
Removed labels: Type-Defect

GoogleCodeExporter commented 9 years ago

Original comment by fabio.ma...@gmail.com on 18 Jan 2012 at 10:12

Added labels: Release-Virtuoso-2.0
Removed labels: Milestone-Release-2012Q1

GoogleCodeExporter commented 9 years ago

Scenario: an user is subscribing to a new resource

Case 1: 2-way (a.k.a. symmetric) password cipher algorithm is configured in 
Syncope

Use decrypted password from SyncopeUser to subscribe new resource.

Case 2: 1-way (a.k.a. hash or asymmetric) password cipher algorithm is 
configured in Syncope and no clear-text password is available (for example, 
passed via UserMod or provided by a synchronizing resource)

Provide, on a resource-basis, a mean to configure how new password should be 
generated:
 * constant
 * random password generation (compliant with resource password policy, if present - see issue 218)
 * provide custom Java class

Original comment by chicchiricco on 28 May 2012 at 8:42

GoogleCodeExporter commented 9 years ago

As far as I understand, case 2 is actually what happens when a user gets 
subscribed to a resource based on template, coming from a source without 
password.

Original comment by mrva...@gmail.com on 15 Oct 2012 at 7:34

GoogleCodeExporter commented 9 years ago

This issue was moved to https://issues.apache.org/jira/browse/SYNCOPE-122

Original comment by chicchiricco on 16 Oct 2012 at 6:36

Changed state: Duplicate

GoogleCodeExporter commented 9 years ago

Hmm... although I see how SYNCOPY-122 could solve some of the original ideas 
reported in this bug, it does not mention a 2-way encrypted pwd as a solution, 
nor delayed (or random) pwd synchronization untill someone resets pwd on 
Syncope. Do you want me to open a new issue in Jira for this?

Original comment by mrva...@gmail.com on 16 Oct 2012 at 7:32

GoogleCodeExporter commented 9 years ago

opened an issue on Jira.

https://issues.apache.org/jira/browse/SYNCOPE-223

Original comment by denis.si...@gmail.com on 16 Oct 2012 at 9:13