[midPoint-git] [Evolveum/midpoint] b6f7da: Implement password caching

mederly noreply at github.com
Thu Nov 7 22:03:44 CET 2024 

  Branch: refs/heads/support-4.9
  Home:   https://github.com/Evolveum/midpoint
  Commit: b6f7da3cdf2d2d6039226648ccb9c3333ce785c8
      https://github.com/Evolveum/midpoint/commit/b6f7da3cdf2d2d6039226648ccb9c3333ce785c8
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2024-11-07 (Thu, 07 Nov 2024)

  Changed paths:
    M docs/resources/attribute-caching.adoc
    M docs/security/credentials/password-policy.adoc
    M docs/security/credentials/password-related-configuration.adoc
    M docs/security/credentials/password-storage-configuration.adoc
    M gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/self/credentials/PropagatePasswordPanel.java
    M infra/schema/src/main/java/com/evolveum/midpoint/schema/CapabilityUtil.java
    M infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/AbstractResourceObjectDefinitionImpl.java
    M infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/ResourceObjectDefinition.java
    M infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/ShadowAssociation.java
    M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/AbstractShadow.java
    M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ShadowUtil.java
    M infra/schema/src/main/resources/xml/ns/public/common/common-provisioning-3.xsd
    M model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java
    M model/model-common/src/main/java/com/evolveum/midpoint/model/common/stringpolicy/ObjectValuePolicyEvaluator.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/credentials/CredentialPolicyEvaluator.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/credentials/ProjectionCredentialsProcessor.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/loader/ProjectionFullLoadOperation.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/lens/projector/policy/evaluators/ObjectModificationConstraintEvaluator.java
    M model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/security/SecurityHelper.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestIteration.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestModelServiceContract.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/manual/AbstractDirectManualResourceTest.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/manual/AbstractManualResourceTest.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/password/TestPasswordDefaultHashing.java
    M model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/sync/TestImportRecon.java
    M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/ProvisioningContext.java
    M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/shadows/ShadowsLocalBeans.java
    M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/shadows/manager/ShadowComputerUtil.java
    M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/shadows/manager/ShadowDeltaComputerAbsolute.java
    M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/shadows/manager/ShadowDeltaComputerRelative.java
    M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/impl/shadows/manager/ShadowObjectComputer.java
    M provisioning/provisioning-impl/src/main/java/com/evolveum/midpoint/provisioning/util/ShadowItemsToReturnProvider.java
    M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/dummy/AbstractBasicDummyTest.java
    M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/dummy/TestDummy.java
    M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/manual/AbstractManualResourceTest.java
    M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/AbstractOpenDjTest.java
    M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDj.java
    M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDjIncompletePassword.java
    M provisioning/provisioning-impl/src/test/java/com/evolveum/midpoint/provisioning/impl/opendj/TestOpenDjReadablePassword.java
    M provisioning/provisioning-impl/src/test/resources/opendj/resource-opendj-readable-password.xml
    M repo/repo-sqale/src/test/java/com/evolveum/midpoint/repo/sqale/func/SqaleRepoModifyObjectTest.java
    M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/AbstractIntegrationTest.java
    M repo/repo-test-util/src/main/java/com/evolveum/midpoint/test/asserter/ShadowAsserter.java
    M testing/story/src/test/java/com/evolveum/midpoint/testing/story/ldap/TestLdapComplex.java

  Log Message:
  -----------
  Implement password caching

The password caching was not implemented as part of the shadow caching
feature provided in midPoint 4.9. It is implemented now. Please see
https://docs.evolveum.com/midpoint/devel/design/password-caching-4.9.1/
for more information.

Related behavior changes in this commit:

- The somewhat chaotic behavior of cached vs retrieved password value
(hashed vs empty/hashed/encrypted) requires more elaborate approach
to comparing password values in ObjectModificationConstraintEvaluator.

- MidPoint no longer provide INCOMPLETE flag for attributes passed
from the LDAP connector when "tolerantMultivalueReduction" feature
is turned on. Please see
https://docs.evolveum.com/midpoint/devel/design/incomplete-items-4.9.1/

Unrelated changes:

- Slightly updated credentials documentation.
- Minor code improvements at various places.
- Activation data is erased from the cache when an account is fetched
and the caching is disabled.
- Re-enabled some methods in TestOpenDj (forgotten in disabled state).
- Fixed checking whether password capability is enabled when asking
about "isPasswordReturnedByDefault".

Related to MID-10050 and MID-9958 (duplicate).

(cherry picked from commit b3fe40e0e4497da8fe6e1757a489c3c52d28cbe9)


  Commit: 3db4021ee8f9fd117f4b1fd50f889a1715aada56
      https://github.com/Evolveum/midpoint/commit/3db4021ee8f9fd117f4b1fd50f889a1715aada56
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2024-11-07 (Thu, 07 Nov 2024)

  Changed paths:
    A docs/admin-gui/resource-wizard/association-type/accessing-from-accounts.png
    M docs/admin-gui/resource-wizard/index.adoc

  Log Message:
  -----------
  Merge remote-tracking branch 'origin/support-4.9' into support-4.9


  Commit: df6dc3734de0f1e36703dfd7bfcca772645a9393
      https://github.com/Evolveum/midpoint/commit/df6dc3734de0f1e36703dfd7bfcca772645a9393
  Author: Pavol Mederly <mederly at evolveum.com>
  Date:   2024-11-07 (Thu, 07 Nov 2024)

  Changed paths:
    M infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ShadowAssociationsCollection.java

  Log Message:
  -----------
  Fix manual manipulation of associations

This fixes the situation when one adds the first association value
right on the projection.


Compare: https://github.com/Evolveum/midpoint/compare/5feceb1328b3...df6dc3734de0

To unsubscribe from these emails, change your notification settings at https://github.com/Evolveum/midpoint/settings/notifications

More information about the midPoint-svn mailing list