[midPoint] Synchronizing Encrypted User Password
pdbogen at cernu.us
pdbogen at cernu.us
Wed Sep 14 01:59:00 CEST 2016
Hi, guys!
Me, again.
I think there's one last thing standing in the way of me and a 'stateless' /
immutable Midpoint- that being user passwords.
I 100% understand the need for midpoint to be able to access plaintext user
passwords, and I want to make this possible; but without needing to actually
persiste the data on the Midpoint side.
Therefore I'd like to sync it to LDAP. I've amended our custom schema to
include a very restricted `encryptedPassword` field, and I'd like to sync the
midpoint-encrypted password there.
I'm having a little bit of trouble accomplishing this, however. It is not
clear to me how I can reliably obtain a serializable value from
$user/credentials/password/value.
I was hoping to use getClearValue(), but that seems to usually be null (see
also MID-3399). It seems non-trivial to get the serializable encrypted value,
which is a three-member class. I suppose I could create three fields, but I'd
rather at least serialize it as JSON or something; but the groovy environment
doesn't seem to have JSON support, as far as I can tell.
Anyway, I'm probably overthinking this- I'd greatly appreciate advice.
Thanks,
--
.
Patrick Bogen .
...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160913/ec28f9b2/attachment.sig>
More information about the midPoint
mailing list