[midPoint] End-user "Change Password" custom web component
Radovan Semancik
radovan.semancik at evolveum.com
Mon Jul 18 09:42:52 CEST 2016
Hi,
Thanks a lot, sponsoring/endorsement would really help here. I have
created issue in Jira to track this:
https://jira.evolveum.com/browse/MID-3298
--
Radovan Semancik
Software Architect
evolveum.com
On 07/17/2016 08:15 PM, Gustavo J Gallardo wrote:
> Hi Radovan,
> thanks for your response.
>
> Yes, we tested it and it works, but as you mentioned it is not very
> efficient.
> The approach you mention is the one I was hoping it existed, that's
> why I entered the question to the list. I'll try to get our customer
> to subscribe and endorse it.
>
>
> Thanks,
>
> GJG
>
> On Thu, Jul 14, 2016 at 11:41 AM, Radovan Semancik
> <radovan.semancik at evolveum.com <mailto:radovan.semancik at evolveum.com>>
> wrote:
>
> Hi Gustavo,
>
> Yes, this is a correct approach. I'm am slightly concerned about
> the step 2, though. If the user has the ability to read it's own
> object ("self") then that step should work. But I'm not sure if we
> have tested this. But I'm sure you are going to try it. So in case
> that it does not work please report a bug, because it is supposed
> to work.
>
> Thinking about this ... I can see that this process might be a bit
> cumbersome and a bit inefficient. Especially considering that
> midPoint knows the identity of logged-in user (even in REST). So I
> can imagine having a resource something like
> http://xxxxx/midpoint/ws/rest/users/self that could return the
> object representing the logged-in user. This will make it all
> easier. However, this is not implemented now. If you want that
> please add that as a new feature in jira. However it will need
> sponsoring or subscriber endorsement to get implemented anytime soon.
>
> --
> Radovan Semancik
> Software Architect
> evolveum.com <http://evolveum.com>
>
>
>
> On 07/01/2016 07:50 PM, Gustavo J Gallardo wrote:
>> Hi all,
>> we are running midPoint 3.4 and our customer has an existing web
>> portal where they want to maintain all end-user interaction.
>> They are building a component to allow end-users to change their
>> passwords. We would like them to use the REST API. From the
>> portal, they will have the username from the session and present
>> a form to ask the user's old_password and new_password.
>>
>> Our idea so far:
>> 1) Grant our end-users a custom role with
>> http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#all
>> authorization, in addition to the minimum requirements to change
>> his own credentials and it's shadow's credentials.
>> 2) use http://xxxxx/midpoint/ws/rest/users/search, to find the
>> user by name and parsing the XML result to get his oid.
>> 3) use http://xxxxxx/midpoint/ws/rest/users/{user_oid}
>> <http://xxxxxx/midpoint/ws/rest/users/%7Buser_oid%7D> to POST an
>> objectModification to set credentials/password
>> (both REST calls would use username:old_password for authorization)
>>
>> Is this the correct approach? Is there any better/easier way to
>> achieve this?
>>
>>
>> Thanks,
>>
>> GJG
>>
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160718/14e628c7/attachment.htm>
More information about the midPoint
mailing list