[midPoint-git] [Evolveum/midpoint] b3fe40: Implement password caching
mederly
noreply at github.com
Tue Nov 5 11:13:51 CET 2024
Branch: refs/heads/master
Home: https://github.com/Evolveum/midpoint
Commit: b3fe40e0e4497da8fe6e1757a489c3c52d28cbe9
https://github.com/Evolveum/midpoint/commit/b3fe40e0e4497da8fe6e1757a489c3c52d28cbe9
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2024-11-05 (Tue, 05 Nov 2024)
Changed paths:
M docs/resources/attribute-caching.adoc
M docs/security/credentials/password-policy.adoc
M docs/security/credentials/password-related-configuration.adoc
M docs/security/credentials/password-storage-configuration.adoc
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/self/credentials/PropagatePasswordPanel.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/CapabilityUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/AbstractResourceObjectDefinitionImpl.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/ResourceObjectDefinition.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/ShadowAssociation.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/AbstractShadow.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ShadowUtil.java
M infra/schema/src/main/resources/xml/ns/public/common/common-provisioning-3.xsd
M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/stringpolicy/ObjectValuePolicyEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/credentials/CredentialPolicyEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/credentials/ProjectionCredentialsProcessor.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/loader/ProjectionFullLoadOperation.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/ObjectModificationConstraintEvaluator.java
M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/SecurityHelper.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestIteration.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestModelServiceContract.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/manual/AbstractDirectManualResourceTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/manual/AbstractManualResourceTest.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/password/TestPasswordDefaultHashing.java
M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/sync/TestImportRecon.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/ProvisioningContext.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/shadows/ShadowsLocalBeans.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/shadows/manager/ShadowComputerUtil.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/shadows/manager/ShadowDeltaComputerAbsolute.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/shadows/manager/ShadowDeltaComputerRelative.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/shadows/manager/ShadowObjectComputer.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/util/ShadowItemsToReturnProvider.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/dummy/AbstractBasicDummyTest.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/dummy/TestDummy.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/manual/AbstractManualResourceTest.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/AbstractOpenDjTest.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDj.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDjIncompletePassword.java
M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDjReadablePassword.java
M provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj-readable-password.xml
M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/SqaleRepoModifyObjectTest.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/AbstractIntegrationTest.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/ShadowAsserter.java
M testing/story/src/test/java/com/evolveum/midpoint/testing/story/ldap/TestLdapComplex.java
Log Message:
-----------
Implement password caching
The password caching was not implemented as part of the shadow caching
feature provided in midPoint 4.9. It is implemented now. Please see
https://docs.evolveum.com/midpoint/devel/design/password-caching-4.9.1/
for more information.
Related behavior changes in this commit:
- The somewhat chaotic behavior of cached vs retrieved password value
(hashed vs empty/hashed/encrypted) requires more elaborate approach
to comparing password values in ObjectModificationConstraintEvaluator.
- MidPoint no longer provide INCOMPLETE flag for attributes passed
from the LDAP connector when "tolerantMultivalueReduction" feature
is turned on. Please see
https://docs.evolveum.com/midpoint/devel/design/incomplete-items-4.9.1/
Unrelated changes:
- Slightly updated credentials documentation.
- Minor code improvements at various places.
- Activation data is erased from the cache when an account is fetched
and the caching is disabled.
- Re-enabled some methods in TestOpenDj (forgotten in disabled state).
- Fixed checking whether password capability is enabled when asking
about "isPasswordReturnedByDefault".
Related to MID-10050 and MID-9958 (duplicate).
Commit: 3dc8607328fdc98badc7910400389addabf6fb20
https://github.com/Evolveum/midpoint/commit/3dc8607328fdc98badc7910400389addabf6fb20
Author: Pavol Mederly <mederly at evolveum.com>
Date: 2024-11-05 (Tue, 05 Nov 2024)
Changed paths:
M docs/concepts/query/midpoint-query-language/searchable-items.adoc
M docs/resources/resource-configuration/capabilities.adoc
M docs/security/authentication/flexible-authentication/modules/oidc.adoc
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/WebComponentUtil.java
A gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/factory/wrapper/ShadowAssociationsContainerWrapperFactoryImpl.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/certification/component/CampaignTilePanel.html
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/certification/component/CampaignTilePanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/certification/component/CertificationItemsPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/certification/helpers/CertMiscUtil.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/component/AssignmentHolderOperationalButtonsPanel.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/admin/shadow/ShadowAssociationsTable.java
M gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/certification/PageCertDecisions.java
M icf-connectors/dummy-connector/src/main/java/com/evolveum/icf/dummy/connector/AbstractModernObjectDummyConnector.java
M icf-connectors/dummy-connector/src/main/java/com/evolveum/icf/dummy/connector/AbstractObjectDummyConnector.java
M icf-connectors/dummy-connector/src/main/java/com/evolveum/icf/dummy/connector/DummyConfiguration.java
M icf-connectors/dummy-connector/src/main/java/com/evolveum/icf/dummy/connector/DummyConnectorLegacyUpdate.java
M icf-connectors/dummy-resource/src/main/java/com/evolveum/icf/dummy/resource/DummyObject.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/CapabilityUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/GetOperationOptions.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/GetOperationOptionsBuilder.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/GetOperationOptionsBuilderImpl.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/AbstractResourceObjectDefinitionImpl.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/CompositeObjectDefinitionImpl.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/ResourceObjectClassDefinitionImpl.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/ResourceObjectDefinition.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/deleg/ResourceObjectDefinitionDelegator.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/GetOperationOptionsUtil.java
M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ShadowUtil.java
M infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
M infra/schema/src/main/resources/xml/ns/public/common/common-provisioning-3.xsd
M infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd
M infra/schema/src/main/resources/xml/ns/public/resource/capabilities-3.xsd
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/oidc/OidcAuthorizationRequestRedirectFilter.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/oidc/OidcLoginConfigurer.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configuration/OidcAdditionalConfiguration.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configuration/OidcClientModuleWebSecurityConfiguration.java
M model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configurer/OidcClientModuleWebSecurityConfigurer.java
M model/model-common/src/main/java/com/evolveum/midpoint/model/common/expression/evaluator/AssignmentTargetSearchExpressionEvaluator.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/resourceobjects/ActivationConverter.java
A provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/resourceobjects/BehaviorConverter.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/resourceobjects/ResourceObjectAddOperation.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/resourceobjects/ResourceObjectCompleter.java
M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/util/ShadowItemsToReturnProvider.java
A provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/dummy/TestCapabilityBehavior.java
A provisioning/provisioning-impl/src/test/resources/dummy/capability/resource-dummy-behavior-native-simulated.xml
A provisioning/provisioning-impl/src/test/resources/dummy/capability/resource-dummy-behavior-native.xml
A provisioning/provisioning-impl/src/test/resources/dummy/capability/resource-dummy-behavior-none.xml
A provisioning/provisioning-impl/src/test/resources/dummy/capability/resource-dummy-behavior-simulated.xml
M provisioning/provisioning-impl/testng-integration.xml
M provisioning/ucf-api/src/main/java/com/evolveum/midpoint/provisioning/ucf/api/ShadowItemsToReturn.java
M provisioning/ucf-impl-connid/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/connid/ConnIdCapabilitiesAndSchemaParser.java
M provisioning/ucf-impl-connid/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/connid/ConnIdObjectConvertor.java
M provisioning/ucf-impl-connid/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/connid/ConnIdSchemaParser.java
M provisioning/ucf-impl-connid/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/connid/ConnIdToUcfObjectConversion.java
M provisioning/ucf-impl-connid/src/main/java/com/evolveum/midpoint/provisioning/ucf/impl/connid/ConnectorInstanceConnIdImpl.java
M release-notes.adoc
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/ReferenceIterativeSearch.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/SqaleRepositoryService.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/qmodel/focus/QFocusMapping.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/qmodel/object/MObjectType.java
M repo/repo-sqale/src/main/java/com/evolveum/midpoint/repo/sqale/qmodel/object/QObjectMapping.java
M repo/repo-sqlbase/src/main/java/com/evolveum/midpoint/repo/sqlbase/mapping/QueryModelMapping.java
M repo/repo-sqlbase/src/main/java/com/evolveum/midpoint/repo/sqlbase/mapping/QueryTableMapping.java
M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/DummyResourceContoller.java
Log Message:
-----------
Merge remote-tracking branch 'origin/master'
Compare: https://github.com/Evolveum/midpoint/compare/a3280c8ec6fe...3dc8607328fd
To unsubscribe from these emails, change your notification settings at https://github.com/Evolveum/midpoint/settings/notifications
More information about the midPoint-svn
mailing list