nuxsmin
commented
3 years ago Hello,
regarding your questions:
Is it possible to connect syspass 3.1 to a Microsoft ADFS system (auto redirect to the adfs autification page using a SAMaccountName for example).
I will be in next major release, because it requires some major changes to the auth schema in order to generate a secure key for the master password encryption.
I have tested the ldap connection. I find it strange that the password rotation is not easier. I found that if an AD account had its password replaced, I must have known the old one. If I understood correctly. When you lose your password, the account is lost. Is it good?
Yes, every password rotation implies a re-encryption of the user's master password, because it's saved using a secure key generated from some well known user data plus a sever side data. The master password is decrypted from user's data upon login to make it available (encrypted in user's session) for viewing encrypted data. https://syspass-doc.readthedocs.io/en/3.1/application/encryption.html
Kind regards.
gwendal-tlg
Hello,
Is it possible to connect syspass 3.1 to a Microsoft ADFS system (auto redirect to the adfs autification page using a SAMaccountName for example).
Second question, I have tested the ldap connection. I find it strange that the password rotation is not easier. I found that if an AD account had its password replaced, I must have known the old one. If I understood correctly. When you lose your password, the account is lost. Is it good?
Per advance, thanks.
Kind regards,
Gwen