[midPoint] Possibility to check Password validity?

Alexander Grzesik alexander.grzesik at medisite.de
Thu May 22 18:59:49 CEST 2014 

Hi,
 
I was thinking the answer is no. In fact we use an LDAP integrated for authentication and connecting external systems.
My question was because it would be nice for smaller deployments and development instances to not have the need to add this complexity but simply verify a user with password against midpoint directly.
An alternative could be addition of a method to the model-client-api to encrypt a password by midpoint. Then we could simply compare this encrypted password against the one stored in the user for a simple authentication use case.
Best Regards
Alexander
 
Von: midpoint-bounces at lists.evolveum.com [mailto:midpoint-bounces at lists.evolveum.com] Im Auftrag von Radovan Semancik
Gesendet: Donnerstag, 22. Mai 2014 17:38
An: midpoint at lists.evolveum.com
Betreff: Re: [midPoint] Possibility to check Password validity?
 
Hi Alexander,

I'm afraid that the answer is again "no". MidPoint was not designed as an authentication server therefore we haven't considered such function. Provisioning system are relatively complex and therefore they are not ideal as high-performance authentication systems.

What we usually do is an LDAP server that contains all the midPoint users (provisioned by usual LDAP connector). And the you can check password against that LDAP server using usual BIND operation. This solution may seem slightly complex but it has many advantages such as performance, scalability and availability.


--                                             Radovan Semancik                                          Software Architect                                             evolveum.com

On 05/22/2014 01:55 PM, Alexander Grzesik wrote:
Just another question regaridng passwords.
Is it possible to verify a user password via API, so check if a given password matches the ones a user had stored?
 
Von: midpoint-bounces at lists.evolveum.com [mailto:midpoint-bounces at lists.evolveum.com] Im Auftrag von Pavol Mederly
Gesendet: Donnerstag, 22. Mai 2014 13:17
An: midpoint at lists.evolveum.com
Betreff: Re: [midPoint] Possibility to check Password validity?
 
Hello Alexander,

that's a meaningful request. 

Such feature is planned (see https://jira.evolveum.com/browse/MID-1876 - your scenario could be realized e.g. via setting "don't execute changes" flag), unfortunately, it is not implemented yet and probably will not be part of 3.0.
Hopefully it will be in some of the maintenance/patch releases after 3.0.

Best regards,
Pavol
Hi,
 
is there a way to check if a password is valid according to the Password Policy from the ModelClient before saving a user?
This would be helpful for us, as we create users from an external application and store in midpoint and would like to provide a validation in the GUI form.
Best Regards
Alexander




_______________________________________________midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint 



_______________________________________________midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140522/a242f885/attachment.htm>

More information about the midPoint mailing list