[midPoint] Unsetting User Password RESTfully

Radovan Semancik radovan.semancik at evolveum.com
Thu Jun 16 18:06:33 CEST 2016


Hi Florin,

 From the nature of item deltas you need to specify the value that you 
are deleting for such delta to work. Which is not very desirable when 
working with passwords. But you can use "replace" delta instead of 
"delete" and replace the password with no value. Like this:

                         <objectModification 
xmlns='http://midpoint.evolveum.com/xml/ns/public/common/api-types-3'
                                 
xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
                                 
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3">
                                         <t:itemDelta>
<t:modificationType>replace</t:modificationType>
<t:path>credentials/password/value</t:path>
                                         </t:itemDelta>
                         </objectModification>

This should remove all existing password values and repalce them with no 
value at all. Exactly what you want. Even though I'm not sure if we have 
ever tested that with password over REST we use that approach at several 
places in midPoint and it seems to work well in general case. Please 
give it a try.

-- 
Radovan Semancik
Software Architect
evolveum.com



On 04/29/2016 12:44 AM, Florin. Stingaciu wrote:
> Hello,
>
> I have a particular use case that requires me to unset a user password 
> for its Midpoint account. I understand I could disable the account or 
> change its End User role to prevent a user from logging in, but due to 
> the nature of my use case, I can only achieve this by unsetting the 
> user password.
>
> Another requirement is that I also need to do this using the RESTfull 
> API. I tried to use the following:
>
>
>     <?xml version="1.0"?>
>                             <objectModification
>     xmlns='http://midpoint.evolveum.com/xml/ns/public/common/api-types-3'
>                                    
>     xmlns:c='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
>                                    
>     xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3">
>                                             <t:itemDelta>
>     <t:modificationType>delete</t:modificationType>
>     <t:path>credentials/password/value</t:path>
>                                             </t:itemDelta>
>                             </objectModification>
>
>
> with a POST request to
>
>     "http://localhost:8080/midpoint/ws/rest/users/{USER_OID}
>     <http://localhost:8080/midpoint/ws/rest/users/%7BUSER_OID%7D>"
>
>
> And I get a 204 Response, however it appears the user's credentials 
> are still there.
>
> Another requirement of this is that this password update action must 
> only be applicable to the Midpoint account and any other accounts that 
> user has must retain whatever password was initially set.
>
> Any help would be greatly appreciated.
>
> Thanks,
> -F
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160616/bed53b69/attachment.htm>


More information about the midPoint mailing list