[midPoint] storing passwords for external applications

Ivan Noris ivan.noris at evolveum.com
Mon Jul 11 16:10:28 CEST 2016 

Hi Oskar,

I have a bad feeling that I had this problem last week when doing some
experiments. We should explore that. Please create a new JIRA for the
$user (maybe also other) variable not visible in credentials mappings.

Regards,
Ivan

On 07/11/2016 04:06 PM, Oskar Butovič - AMI Praha a.s. wrote:
> Hi,
>
> I have been able to make it work. Setting implicit location of xsd
> solved the issue.
> <xsd:import
> namespace="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> schemaLocation="http://serverIp:8080/schema/common-3.xsd=http://midpoint.evolveum.com/xml/ns/public/common/common-3"/>
>
> But I have another issue with storing multiple passwords. When I try
> to write outbound mapping for password in credentials in resource
> handling I am unable to get to any other variables then the input.
> Following code throws
> "com.evolveum.midpoint.util.exception.SchemaException: No variable
> with name user in source definition in mapping in outbound password
> mapping in account type Discr(RSD(account (default)
> @AD-connector-resource))"
>
> <credentials>
>             <password>
>                <outbound>
>                   <source>
>                      <c:path>$user/extension/googleAppsPassword</c:path>
>                   </source>
>                   <expression>
>                      <script>
>                         <code>
>                             result = googleAppsPassword;
>                             return result;
>                         </code>
>                      </script>
>                   </expression>
>                </outbound>
>             </password>
>          </credentials>
>
> is there any way how to get to the user variable from the password
> mapping?
>
> Best regards
>
> Oskar Butovič
>
> 2016-06-16 14:52 GMT+02:00 Radovan Semancik
> <radovan.semancik at evolveum.com <mailto:radovan.semancik at evolveum.com>>:
>
>     Hi,
>
>     Congratulations. It looks like you have found a bug.
>
>     This should work exactly the way as you are trying to use it.
>     Please report that bug in the Jira. Also please specify the
>     operation that you are trying to do when you are getting the
>     exception so we can reproduce the issue easier. Thanks.
>
>     -- 
>     Radovan Semancik
>     Software Architect
>     evolveum.com <http://evolveum.com>
>
>
>
>     On 06/13/2016 10:17 AM, Oskar Butovič - AMI Praha a.s. wrote:
>>     Hello Everybody,
>>
>>     I am trying to add password for external application (google
>>     apps) as a new attribute for user because i need to store it and
>>     be able to edit it later. I tried to use ProtectedStringType in
>>     extension schema. But somehow this type doesnt work. Midpoint
>>     throws exception.
>>
>>     relevant configuration:
>>
>>     <xsd:schema elementFormDefault="qualified"
>>                 targetNamespace="http://avast.com/xml/ns/idmSchema"
>>                 xmlns:tns="http://avast.com/xml/ns/idmSchema"
>>                
>>     xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3"
>>                
>>     xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>>     xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
>>                 xmlns:xsd="http://www.w3.org/2001/XMLSchema">
>>      
>>         <xsd:complexType name="UserExtensionType">
>>             <xsd:annotation>
>>                 <xsd:appinfo>
>>                     <a:extension ref="c:UserType"/>
>>                 </xsd:appinfo>
>>             </xsd:annotation>
>>             <xsd:sequence>
>>     <xsd:element name="googleAppsPassword"
>>     type="t:ProtectedStringType" minOccurs="0" maxOccurs="unbounded">
>>                     <xsd:annotation>
>>                         <xsd:appinfo>
>>                             <a:displayName>Google Apps
>>     Password</a:displayName>
>>                             <a:displayOrder>110</a:displayOrder>
>>                             <a:help>Password for google apps
>>     account</a:help>
>>                         </xsd:appinfo>
>>                     </xsd:annotation>
>>                 </xsd:element>
>>
>>     exception:
>>
>>     Caused by: org.xml.sax.SAXParseException: undefined simple or
>>     complex type 't:ProtectedStringType'
>>             at
>>     com.sun.xml.xsom.impl.parser.ParserContext$1.reportError(ParserContext.java:180)
>>     ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>>             at
>>     com.sun.xml.xsom.impl.parser.NGCCRuntimeEx.reportError(NGCCRuntimeEx.java:175)
>>     ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>>             at
>>     com.sun.xml.xsom.impl.parser.DelayedRef.resolve(DelayedRef.java:110)
>>     ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>>             at
>>     com.sun.xml.xsom.impl.parser.DelayedRef.run(DelayedRef.java:85)
>>     ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>>             at
>>     com.sun.xml.xsom.impl.parser.ParserContext.getResult(ParserContext.java:135)
>>     ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>>             at
>>     com.sun.xml.xsom.parser.XSOMParser.getResult(XSOMParser.java:214)
>>     ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>>             at
>>     com.evolveum.midpoint.prism.schema.DomToSchemaProcessor.parseSchema(DomToSchemaProcessor.java:233)
>>     ~[prism-3.3.1.jar:na]
>>             ... 75 common frames omitted
>>
>>
>>     Is it a right approach for storing passwords for external
>>     applications? Should i use another type? 
>>
>>
>>     Thanks.
>>
>>     Regards,
>>
>>     Oskar Butovič
>>
>>     -- 
>>
>>     Oskar Butovič
>>     solution architect
>>
>>     gsm: [+420] 774 480 101 <tel:%5B%2B420%5D%20774%20480%20101>
>>     e-mail: oskar.butovic at ami.cz <mailto:oskar.butovic at ami.cz>
>>
>>     	    	    	
>>
>>     AMI Praha a.s.
>>     Pláničkova 11
>>     162 00 Praha 6
>>     tel.: [+420] 274 783 239 <tel:%5B%2B420%5D%20274%20783%20239>
>>     web: www.ami.cz <http://www.ami.cz/>
>>
>>     	    	    	
>>
>>     AMI Praha a.s.
>>
>>
>>     AMI Praha a.s.
>>     <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>
>>
>>     Textem tohoto e-mailu podepisující neslibuje uzavřít ani
>>     neuzavírá za společnost AMI Praha a.s.
>>     jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
>>     výhradně písemnou formu.
>>
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> -- 
>
> Oskar Butovič
> solution architect
>
> gsm: [+420] 774 480 101
> e-mail: oskar.butovic at ami.cz <mailto:oskar.butovic at ami.cz>
>
> 	    	    	
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239
> web: www.ami.cz <http://www.ami.cz/>
>
> 	    	    	
>
> AMI Praha a.s.
>
>
> AMI Praha a.s.
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít
> výhradně písemnou formu.
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  evolveum.com                     evolveum.com/blog/
  ___________________________________________________
  "Semper ID(e)M Vix."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160711/81421d57/attachment.htm>

More information about the midPoint mailing list