[midPoint] storing passwords for external applications

Oskar Butovič - AMI Praha a.s. oskar.butovic at ami.cz
Mon Jul 11 16:21:48 CEST 2016


added as https://jira.evolveum.com/browse/MID-3283

2016-07-11 16:10 GMT+02:00 Ivan Noris <ivan.noris at evolveum.com>:

> Hi Oskar,
>
> I have a bad feeling that I had this problem last week when doing some
> experiments. We should explore that. Please create a new JIRA for the $user
> (maybe also other) variable not visible in credentials mappings.
>
> Regards,
> Ivan
>
>
> On 07/11/2016 04:06 PM, Oskar Butovič - AMI Praha a.s. wrote:
>
> Hi,
>
> I have been able to make it work. Setting implicit location of xsd solved
> the issue.
> <xsd:import namespace="
> http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> schemaLocation="
> http://serverIp:8080/schema/common-3.xsd=http://midpoint.evolveum.com/xml/ns/public/common/common-3
> "/>
>
> But I have another issue with storing multiple passwords. When I try to
> write outbound mapping for password in credentials in resource handling I
> am unable to get to any other variables then the input. Following code
> throws "com.evolveum.midpoint.util.exception.SchemaException: No variable
> with name user in source definition in mapping in outbound password mapping
> in account type Discr(RSD(account (default) @AD-connector-resource))"
>
> <credentials>
>             <password>
>                <outbound>
>                   <source>
>                      <c:path>$user/extension/googleAppsPassword</c:path>
>                   </source>
>                   <expression>
>                      <script>
>                         <code>
>                             result = googleAppsPassword;
>                             return result;
>                         </code>
>                      </script>
>                   </expression>
>                </outbound>
>             </password>
>          </credentials>
>
> is there any way how to get to the user variable from the password mapping?
>
> Best regards
>
> Oskar Butovič
>
> 2016-06-16 14:52 GMT+02:00 Radovan Semancik <radovan.semancik at evolveum.com
> >:
>
>> Hi,
>>
>> Congratulations. It looks like you have found a bug.
>>
>> This should work exactly the way as you are trying to use it. Please
>> report that bug in the Jira. Also please specify the operation that you are
>> trying to do when you are getting the exception so we can reproduce the
>> issue easier. Thanks.
>>
>> --
>> Radovan Semancik
>> Software Architectevolveum.com
>>
>>
>>
>> On 06/13/2016 10:17 AM, Oskar Butovič - AMI Praha a.s. wrote:
>>
>> Hello Everybody,
>>
>> I am trying to add password for external application (google apps) as a
>> new attribute for user because i need to store it and be able to edit it
>> later. I tried to use ProtectedStringType in extension schema. But somehow
>> this type doesnt work. Midpoint throws exception.
>>
>> relevant configuration:
>>
>> <xsd:schema elementFormDefault="qualified"
>>             targetNamespace="http://avast.com/xml/ns/idmSchema"
>>             xmlns:tns="http://avast.com/xml/ns/idmSchema"
>>             xmlns:a="http://prism.evolveum.com/xml/ns/public/annotation-3
>> "
>>             xmlns:c="
>> http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> xmlns:t=" <http://prism.evolveum.com/xml/ns/public/types-3>
>> http://prism.evolveum.com/xml/ns/public/types-3"
>>             xmlns:xsd="http://www.w3.org/2001/XMLSchema">
>>
>>     <xsd:complexType name="UserExtensionType">
>>         <xsd:annotation>
>>             <xsd:appinfo>
>>                 <a:extension ref="c:UserType"/>
>>             </xsd:appinfo>
>>         </xsd:annotation>
>>         <xsd:sequence>
>> <xsd:element name="googleAppsPassword" type="t:ProtectedStringType"
>> minOccurs="0" maxOccurs="unbounded">
>>                 <xsd:annotation>
>>                     <xsd:appinfo>
>>                         <a:displayName>Google Apps
>> Password</a:displayName>
>>                         <a:displayOrder>110</a:displayOrder>
>>                         <a:help>Password for google apps account</a:help>
>>                     </xsd:appinfo>
>>                 </xsd:annotation>
>>             </xsd:element>
>>
>> exception:
>>
>> Caused by: org.xml.sax.SAXParseException: undefined simple or complex
>> type 't:ProtectedStringType'
>>         at
>> com.sun.xml.xsom.impl.parser.ParserContext$1.reportError(ParserContext.java:180)
>> ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>>         at
>> com.sun.xml.xsom.impl.parser.NGCCRuntimeEx.reportError(NGCCRuntimeEx.java:175)
>> ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>>         at
>> com.sun.xml.xsom.impl.parser.DelayedRef.resolve(DelayedRef.java:110)
>> ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>>         at
>> com.sun.xml.xsom.impl.parser.DelayedRef.run(DelayedRef.java:85)
>> ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>>         at
>> com.sun.xml.xsom.impl.parser.ParserContext.getResult(ParserContext.java:135)
>> ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>>         at
>> com.sun.xml.xsom.parser.XSOMParser.getResult(XSOMParser.java:214)
>> ~[jaxb-xjc-2.2.10-b140310.1920.jar:2.2.10-b140310.1920]
>>         at
>> com.evolveum.midpoint.prism.schema.DomToSchemaProcessor.parseSchema(DomToSchemaProcessor.java:233)
>> ~[prism-3.3.1.jar:na]
>>         ... 75 common frames omitted
>>
>>
>> Is it a right approach for storing passwords for external applications?
>> Should i use another type?
>>
>>
>> Thanks.
>>
>> Regards,
>>
>> Oskar Butovič
>>
>> --
>>
>> Oskar Butovič
>> solution architect
>>
>> gsm: [+420] 774 480 101 <%5B%2B420%5D%20774%20480%20101>
>> e-mail:  <oskar.butovic at ami.cz>oskar.butovic at ami.cz
>>
>>
>> AMI Praha a.s.
>> Pláničkova 11
>> 162 00 Praha 6
>> tel.: [+420] 274 783 239 <%5B%2B420%5D%20274%20783%20239>
>> web:  <http://www.ami.cz/>www.ami.cz
>>
>>
>> [image: AMI Praha a.s.]
>>
>> [image: AMI Praha a.s.]
>> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>>
>> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
>> společnost AMI Praha a.s.
>> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
>> písemnou formu.
>>
>>
>>
>> _______________________________________________
>> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>
>
> --
>
> Oskar Butovič
> solution architect
>
> gsm: [+420] 774 480 101
> e-mail: oskar.butovic at ami.cz
>
>
> AMI Praha a.s.
> Pláničkova 11
> 162 00 Praha 6
> tel.: [+420] 274 783 239
> web: www.ami.cz
>
>
> [image: AMI Praha a.s.]
>
> [image: AMI Praha a.s.]
> <http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>
>
> Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
> společnost AMI Praha a.s.
> jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
> písemnou formu.
>
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> --
>   Ing. Ivan Noris
>   Senior Identity Management Engineer & IDM Architect
>   evolveum.com                     evolveum.com/blog/
>   ___________________________________________________
>   "Semper ID(e)M Vix."
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 

Oskar Butovič
solution architect

gsm: [+420] 774 480 101
e-mail: oskar.butovic at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz


[image: AMI Praha a.s.]

[image: AMI Praha a.s.]
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/identity-management>

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160711/0746b44f/attachment.htm>


More information about the midPoint mailing list