[midPoint] End-user "Change Password" custom web component

Radovan Semancik radovan.semancik at evolveum.com
Thu Jul 14 16:41:17 CEST 2016 

Hi Gustavo,

Yes, this is a correct approach. I'm am slightly concerned about the 
step 2, though. If the user has the ability to read it's own object 
("self") then that step should work. But I'm not sure if we have tested 
this. But I'm sure you are going to try it. So in case that it does not 
work please report a bug, because it is supposed to work.

Thinking about this ... I can see that this process might be a bit 
cumbersome and a bit inefficient. Especially considering that midPoint 
knows the identity of logged-in user (even in REST). So I can imagine 
having a resource something like 
http://xxxxx/midpoint/ws/rest/users/self that could return the object 
representing the logged-in user. This will make it all easier. However, 
this is not implemented now. If you want that please add that as a new 
feature in jira. However it will need sponsoring or subscriber 
endorsement to get implemented anytime soon.

-- 
Radovan Semancik
Software Architect
evolveum.com



On 07/01/2016 07:50 PM, Gustavo J Gallardo wrote:
> Hi all,
> we are running midPoint 3.4 and our customer has an existing web 
> portal where they want to maintain all end-user interaction.
> They are building a component to allow end-users to change their 
> passwords. We would like them to use the REST API. From the portal, 
> they will have the username from the session and present a form to ask 
> the user's old_password and new_password.
>
> Our idea so far:
> 1) Grant our end-users a custom role with 
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#all 
> authorization, in addition to the minimum requirements to change his 
> own credentials and it's shadow's credentials.
> 2) use http://xxxxx/midpoint/ws/rest/users/search, to find the user by 
> name and parsing the XML result to get his oid.
> 3) use http://xxxxxx/midpoint/ws/rest/users/{user_oid} 
> <http://xxxxxx/midpoint/ws/rest/users/%7Buser_oid%7D> to POST an 
> objectModification to set credentials/password
> (both REST calls would use username:old_password for authorization)
>
> Is this the correct approach? Is there any better/easier way to 
> achieve this?
>
>
> Thanks,
>
> GJG
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160714/a2ad4acb/attachment.htm>

More information about the midPoint mailing list