[midPoint] Possibility to check Password validity?

Radovan Semancik radovan.semancik at evolveum.com
Fri May 23 10:19:44 CEST 2014 

Hi,

Yes. I understand that this may be helpful for these cases. And maybe 
even for some "check password" GUI functionality. Now I see that this is 
a good idea. So I've created a feature request:

https://jira.evolveum.com/browse/MID-1906

However the bad news is that given our roadmap and schedule it is quite 
unlikely that we can find a time to implement this anytime soon. Unless 
some contributor or subscriber raises a similar request.

-- 

                                            Radovan Semancik
                                           Software Architect
                                              evolveum.com



On 05/22/2014 06:59 PM, Alexander Grzesik wrote:
>
> Hi,
>
> I was thinking the answer is no. In fact we use an LDAP integrated for 
> authentication and connecting external systems.
>
> My question was because it would be nice for smaller deployments and 
> development instances to not have the need to add this complexity but 
> simply verify a user with password against midpoint directly.
>
> An alternative could be addition of a method to the model-client-api 
> to encrypt a password by midpoint. Then we could simply compare this 
> encrypted password against the one stored in the user for a simple 
> authentication use case.
>
> Best Regards
>
> Alexander
>
> *Von:*midpoint-bounces at lists.evolveum.com 
> [mailto:midpoint-bounces at lists.evolveum.com] *Im Auftrag von *Radovan 
> Semancik
> *Gesendet:* Donnerstag, 22. Mai 2014 17:38
> *An:* midpoint at lists.evolveum.com
> *Betreff:* Re: [midPoint] Possibility to check Password validity?
>
> Hi Alexander,
>
> I'm afraid that the answer is again "no". MidPoint was not designed as 
> an authentication server therefore we haven't considered such 
> function. Provisioning system are relatively complex and therefore 
> they are not ideal as high-performance authentication systems.
>
> What we usually do is an LDAP server that contains all the midPoint 
> users (provisioned by usual LDAP connector). And the you can check 
> password against that LDAP server using usual BIND operation. This 
> solution may seem slightly complex but it has many advantages such as 
> performance, scalability and availability.
>
>
> -- 
>   
>                                             Radovan Semancik
>                                            Software Architect
>                                               evolveum.com
>
>
>
> On 05/22/2014 01:55 PM, Alexander Grzesik wrote:
>
>     Just another question regaridng passwords.
>
>     Is it possible to verify a user password via API, so check if a
>     given password matches the ones a user had stored?
>
>     *Von:*midpoint-bounces at lists.evolveum.com
>     <mailto:midpoint-bounces at lists.evolveum.com>
>     [mailto:midpoint-bounces at lists.evolveum.com] *Im Auftrag von
>     *Pavol Mederly
>     *Gesendet:* Donnerstag, 22. Mai 2014 13:17
>     *An:* midpoint at lists.evolveum.com <mailto:midpoint at lists.evolveum.com>
>     *Betreff:* Re: [midPoint] Possibility to check Password validity?
>
>     Hello Alexander,
>
>     that's a meaningful request.
>
>     Such feature is planned (see
>     https://jira.evolveum.com/browse/MID-1876 - your scenario could be
>     realized e.g. via setting "don't execute changes" flag),
>     unfortunately, it is not implemented yet and probably will not be
>     part of 3.0.
>     Hopefully it will be in some of the maintenance/patch releases
>     after 3.0.
>
>     Best regards,
>     Pavol
>
>         Hi,
>
>         is there a way to check if a password is valid according to
>         the Password Policy from the ModelClient before saving a user?
>
>         This would be helpful for us, as we create users from an
>         external application and store in midpoint and would like to
>         provide a validation in the GUI form.
>
>         Best Regards
>
>         Alexander
>
>
>
>
>
>         _______________________________________________
>
>         midPoint mailing list
>
>         midPoint at lists.evolveum.com  <mailto:midPoint at lists.evolveum.com>
>
>         http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
>     _______________________________________________
>
>     midPoint mailing list
>
>     midPoint at lists.evolveum.com  <mailto:midPoint at lists.evolveum.com>
>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20140523/2d3c964a/attachment.htm>

More information about the midPoint mailing list