[midPoint] End-user "Change Password" custom web component
Gustavo J Gallardo
ggallard at identicum.com
Sun Jul 17 20:15:11 CEST 2016
Hi Radovan,
thanks for your response.
Yes, we tested it and it works, but as you mentioned it is not very
efficient.
The approach you mention is the one I was hoping it existed, that's why I
entered the question to the list. I'll try to get our customer to subscribe
and endorse it.
Thanks,
GJG
On Thu, Jul 14, 2016 at 11:41 AM, Radovan Semancik <
radovan.semancik at evolveum.com> wrote:
> Hi Gustavo,
>
> Yes, this is a correct approach. I'm am slightly concerned about the step
> 2, though. If the user has the ability to read it's own object ("self")
> then that step should work. But I'm not sure if we have tested this. But
> I'm sure you are going to try it. So in case that it does not work please
> report a bug, because it is supposed to work.
>
> Thinking about this ... I can see that this process might be a bit
> cumbersome and a bit inefficient. Especially considering that midPoint
> knows the identity of logged-in user (even in REST). So I can imagine
> having a resource something like http://xxxxx/midpoint/ws/rest/users/self
> that could return the object representing the logged-in user. This will
> make it all easier. However, this is not implemented now. If you want that
> please add that as a new feature in jira. However it will need sponsoring
> or subscriber endorsement to get implemented anytime soon.
>
> --
> Radovan Semancik
> Software Architectevolveum.com
>
>
>
> On 07/01/2016 07:50 PM, Gustavo J Gallardo wrote:
>
> Hi all,
> we are running midPoint 3.4 and our customer has an existing web portal
> where they want to maintain all end-user interaction.
> They are building a component to allow end-users to change their
> passwords. We would like them to use the REST API. From the portal, they
> will have the username from the session and present a form to ask the
> user's old_password and new_password.
>
> Our idea so far:
> 1) Grant our end-users a custom role with
> <http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#all>
> http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#all
> authorization, in addition to the minimum requirements to change his own
> credentials and it's shadow's credentials.
> 2) use http://xxxxx/midpoint/ws/rest/users/search, to find the user by
> name and parsing the XML result to get his oid.
> 3) use http://xxxxxx/midpoint/ws/rest/users/{user_oid} to POST an
> objectModification to set credentials/password
> (both REST calls would use username:old_password for authorization)
>
> Is this the correct approach? Is there any better/easier way to achieve
> this?
>
>
> Thanks,
>
> GJG
>
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttp://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160717/55cb4259/attachment.htm>
More information about the midPoint
mailing list