[midPoint] Custom Schema and ProtectedString

Wed Oct 2 09:32:06 CEST 2013

Hi,

MidPoint should be able to synchronize properties of type 
ProtectedStringType. However I must confess we have probably never tried 
to do this (except for password obviously, but credentials are using a 
different code path than ordinary attributes).

However, there may be an obvious drawback if you synchronize 
ProtectedStringType with plain string. The value becomes "unprotected" 
during the conversion to string. Also you might need to explicitly 
decrypt the value in some cases (I can provide method for that).

I can have a look at this later:
https://jira.evolveum.com/browse/MID-1625
How important is this for you? Is it critical or can you live without it 
for a couple of days?

-- 

                                            Radovan Semancik
                                           Software Architect
                                              evolveum.com

On 10/01/2013 09:11 PM, Paul Heaney wrote:
> Hi Radovan,
>
> Many thanks for this, I'm now trying to synchronise the 
> ProtectedString though it is not synchronising.  I have the following 
> attribute map:
>
> <c:attribute>
> <c:ref 
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-2">ri:carLicense</c:ref>
> <c:displayName>Car License</c:displayName>
> <c:access>create</c:access>
> <c:access>read</c:access>
> <c:access>update</c:access>
> <c:outbound>
> <c:source>
> <c:path xmlns:jim="http://justidm.salfordsoftware.co.uk/xml/ns/justIDM"
> xmlns:gen859="http://midpoint.evolveum.com/xml/ns/fake/sqlRepository-1.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-2"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">$user/extension/jim:topSecret</c:path>
> </c:source>
> <c:expression>
> <c:script>
> <c:language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</c:language> 
>
> <c:returnType>scalar</c:returnType>
> <c:code xmlns:jim="http://justidm.salfordsoftware.co.uk/xml/ns/justIDM"
> xmlns:gen859="http://midpoint.evolveum.com/xml/ns/fake/sqlRepository-1.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-2"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>                           topSecret.getClearValue()
> </c:code>
> </c:script>
> </c:expression>
> </c:outbound>
> </c:attribute>
>
> though this never appears to attempt to synchronise the value, (if I 
> leave of the getClearValue I get an exception about a type mismatch 
> between String and ProtectedStringType which is what I would expect).
>
> Also I suspect this is inteded behaviour though via the UI two text 
> entry boxes appear for protected strings as if it was a password.
>
> Thanks
> Paul
>
> On 01/10/13 15:49, Radovan Semancik wrote:
>> Hi Paul,
>>
>> Yes, it should work. However midPoint schema extension is XSD schema 
>> as any other. If you want to use datatypes from other schema you have 
>> to import it. Therefore use proper <xsd:import>:
>>
>> <xsd:schema elementFormDefault="qualified"
>> targetNamespace="http://justidm.salfordsoftware.co.uk/xml/ns/justIDM"
>> xmlns:tns="http://justidm.salfordsoftware.co.uk/xml/ns/justIDM"
>> xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-2"
>> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"
>>             xmlns:xsd="http://www.w3.org/2001/XMLSchema">
>>
>> <xsd:import 
>> namespace="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"/>
>>
>> <xsd:complexType name="UserExtensionType">
>>
>> ................
>>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint