[midPoint] Password Reset Email Notifier Configuration

Pálos Gustáv gustav.palos at gmail.com
Thu Mar 9 20:11:12 CET 2017


Hi Peter,

do you correctly set up keystore?
https://wiki.evolveum.com/display/midPoint/Installing+midPoint+from+Binary+Distribution+v3.5#InstallingmidPointfromBinaryDistributionv3.5-Tomcat
"setenv.sh/setenv.bat"Customization

second one is already fixed in master (missing value for key
PageForgotPassword.send.nonce.failed=User's password could'n be reset.
Please contact system administrator.)

Best regards,

Gustav


2017-03-09 19:55 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:

> Hi Gustav,
> Thank you, it works!
> I set the global policy to the Mail Reset, that made the link appear.
>
> I do have a couple of remaining questions.
>
> 1. While we get our email relay set up I am temporarily using gmail. I get
> this error in the logs when trying to use gmail:
>  The ssl 2017-03-09 15:53:04,632 [] [http-nio-8080-exec-10] ERROR
> (com.evolveum.midpoint.notifications.impl.api.transports.MailTransport):
> Couldn't send mail message to [peter.healy at odhsolutions.com] via
> smtp.gmail.com, trying another mail server, if there is any, reason:
> Could not convert socket to TLS (class javax.mail.MessagingException)
>
> Which I believe is related to the gmail certificate not being in the trust
> store.
> So I used "openssl s_client -starttls smtp -connect smtp.gmail.com:587"
> to get the PEM certificate and then imported with
> "keytool -keystore /var/opt/midpoint/keystore.jceks -storetype jceks
> -storepass [$PASSWORD] -import -alias smtp.gmail.com -trustcacerts -file
> gmail.cert"
>
> But it still doesn't work with the gmail relay, same error:
> 2017-03-09 18:45:38,945 [] [http-nio-8080-exec-7] ERROR
> (com.evolveum.midpoint.notifications.impl.api.transports.MailTransport):
> Couldn't send mail message to [peter.healy at odhsolutions.com] via
> smtp.gmail.com, trying another mail server, if there is any, reason:
> Could not convert socket to TLS (class javax.mail.MessagingException)
>
> Do you have any advice on managing the trust store or what could be going
> on here?
>
> In the meantime I setup a temporary Debian based exim4 relay that Midpoint
> connects to on port 25 with no authentication. This is working right now.
>
> 2. When an email can't be sent from the forgot password page I see:
>  [Warning: Property for 'PageForgotPassword.send.nonce.failed' not found]
>
> Is this because I have not defined an error page for when the reset
> password email can't be sent?
> Where can I set this property and what kind of format is it? (HTML, XHTML,
> etc.)
>
> Thank you again!
> -Peter
>
> On Wed, Mar 8, 2017 at 1:59 AM, <midpoint-request at lists.evolveum.com>
> wrote:
>
>> Send midPoint mailing list submissions to
>>         midpoint at lists.evolveum.com
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>> or, via email, send a message with subject or body 'help' to
>>         midpoint-request at lists.evolveum.com
>>
>> You can reach the person managing the list at
>>         midpoint-owner at lists.evolveum.com
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of midPoint digest..."
>>
>>
>> Today's Topics:
>>
>>    1. Re: Password Reset Email Notifier Configuration (Pálos Gustáv)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Wed, 8 Mar 2017 07:58:30 +0100
>> From: Pálos Gustáv <gustav.palos at evolveum.com>
>> To: midPoint General Discussion <midpoint at lists.evolveum.com>
>> Subject: Re: [midPoint] Password Reset Email Notifier Configuration
>> Message-ID:
>>         <CAPXQVkc+FsidMQEgeeh-V=1t=2i8LJ4vLuZ8cY8W0euJoYqVPQ at mail.gm
>> ail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>>
>> and do you also set Global security policy to "Mail Reset Security Policy"
>> in Configuration-->System-->Basic?
>> (or assigned to org where do you need this or another mechanism to enable
>> it?)
>>
>> Best regards,
>>
>> Gustav
>>
>> 2017-03-08 0:23 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
>>
>> > Yes, I followed that document, excluding the custom form at the end.
>> >
>> > First I created a new ValuePolicy object named "Mail Nonce Policy",
>> then I
>> > created a new SecurityPolicy object named "Mail Reset Security Policy"
>> > based on the wiki example (titled "Reset password by mail
>> configuration")
>> > and used to OID of the Mail Nonce Policy I created where needed.
>> >
>> > Then I copied the "Example for notification configuration" changing the
>> > URL to the hostname of my install and as you suggested copied that into
>> a
>> > <handler> block underneath    <notificationConfiguration>  into the
>> System
>> > Configuration object.
>> >
>> >
>> >
>> > On Tue, Mar 7, 2017 at 3:13 PM, <midpoint-request at lists.evolveum.com>
>> > wrote:
>> >
>> >> Send midPoint mailing list submissions to
>> >>         midpoint at lists.evolveum.com
>> >>
>> >> To subscribe or unsubscribe via the World Wide Web, visit
>> >>         http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> or, via email, send a message with subject or body 'help' to
>> >>         midpoint-request at lists.evolveum.com
>> >>
>> >> You can reach the person managing the list at
>> >>         midpoint-owner at lists.evolveum.com
>> >>
>> >> When replying, please edit your Subject line so it is more specific
>> >> than "Re: Contents of midPoint digest..."
>> >>
>> >>
>> >> Today's Topics:
>> >>
>> >>    1. Re: Password Reset Email Notifier Configuration (Pálos Gustáv)
>> >>
>> >>
>> >> ----------------------------------------------------------------------
>> >>
>> >> Message: 1
>> >> Date: Tue, 7 Mar 2017 21:13:24 +0100
>> >> From: Pálos Gustáv <gustav.palos at gmail.com>
>> >> To: midPoint General Discussion <midpoint at lists.evolveum.com>
>> >> Subject: Re: [midPoint] Password Reset Email Notifier Configuration
>> >> Message-ID:
>> >>         <CAPXQVkc5mbrY05xtV3SKLJ8DH_sOLtoKDYVuY06iain86PoXgg at mail.gm
>> >> ail.com>
>> >> Content-Type: text/plain; charset="utf-8"
>> >>
>> >>
>> >> Hi,
>> >>
>> >> are you done with this?
>> >> https://wiki.evolveum.com/display/midPoint/Reset+Password+
>> >> Configuration#ResetPasswordConfiguration-EnablingResetPassword
>> >> To enable reset password feature, it is needed to configure it in
>> security
>> >> policy referenced from system configuration.
>> >>
>> >> best regards,
>> >>
>> >> Gustav
>> >>
>> >> 2017-03-07 19:06 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
>> >>
>> >> > Hi Gustav, I don't see the forgot password link on the login page at
>> >> > "midpoint/login?0"
>> >> > Where should I check to make this link active? Is there another step
>> I
>> >> > have to take?
>> >> >
>> >> > Thanks,
>> >> > Peter
>> >> >
>> >> > On Mon, Mar 6, 2017 at 11:27 PM, <midpoint-request at lists.evolve
>> um.com>
>> >> > wrote:
>> >> >
>> >> >> Send midPoint mailing list submissions to
>> >> >>         midpoint at lists.evolveum.com
>> >> >>
>> >> >> To subscribe or unsubscribe via the World Wide Web, visit
>> >> >>         http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> >> or, via email, send a message with subject or body 'help' to
>> >> >>         midpoint-request at lists.evolveum.com
>> >> >>
>> >> >> You can reach the person managing the list at
>> >> >>         midpoint-owner at lists.evolveum.com
>> >> >>
>> >> >> When replying, please edit your Subject line so it is more specific
>> >> >> than "Re: Contents of midPoint digest..."
>> >> >>
>> >> >>
>> >> >> Today's Topics:
>> >> >>
>> >> >>    1. Re: Password Reset Email Notifier Configuration (Pálos Gustáv)
>> >> >>
>> >> >>
>> >> >> ------------------------------------------------------------
>> ----------
>> >> >>
>> >> >> Message: 1
>> >> >> Date: Tue, 7 Mar 2017 05:26:43 +0100
>> >> >> From: Pálos Gustáv <gustav.palos at evolveum.com>
>> >> >> To: midPoint General Discussion <midpoint at lists.evolveum.com>
>> >> >> Subject: Re: [midPoint] Password Reset Email Notifier Configuration
>> >> >> Message-ID:
>> >> >>         <CAPXQVkfi2=rVEu4VtKZJFaJMAJ4psGzyrpruz3vfJ2-EKeYAKw at mail.
>> gm
>> >> >> ail.com>
>> >> >> Content-Type: text/plain; charset="utf-8"
>> >> >>
>> >> >> Hi Peter,
>> >> >>
>> >> >> on login page you can now see "Forgot Password" link.
>> >> >>
>> >> >> Best regards,
>> >> >>
>> >> >> Gustav
>> >> >>
>> >> >> 2017-03-06 23:55 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
>> >> >>
>> >> >> > Thanks Gustav, I put the notifier in as you described and it
>> appears
>> >> to
>> >> >> > have saved OK.
>> >> >> > Now that the notifier is there how can I allow users to actually
>> >> reset
>> >> >> > passwords via email? Is there a URL I can give them to visit?
>> >> >> >
>> >> >> > Thanks again,
>> >> >> > Peter
>> >> >> >
>> >> >> > On Mon, Mar 6, 2017 at 4:35 PM, <midpoint-request at lists.evolve
>> um.com
>> >> >
>> >> >> > wrote:
>> >> >> >
>> >> >> >> Send midPoint mailing list submissions to
>> >> >> >>         midpoint at lists.evolveum.com
>> >> >> >>
>> >> >> >> To subscribe or unsubscribe via the World Wide Web, visit
>> >> >> >>         http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> >> >> or, via email, send a message with subject or body 'help' to
>> >> >> >>         midpoint-request at lists.evolveum.com
>> >> >> >>
>> >> >> >> You can reach the person managing the list at
>> >> >> >>         midpoint-owner at lists.evolveum.com
>> >> >> >>
>> >> >> >> When replying, please edit your Subject line so it is more
>> specific
>> >> >> >> than "Re: Contents of midPoint digest..."
>> >> >> >>
>> >> >> >>
>> >> >> >> Today's Topics:
>> >> >> >>
>> >> >> >>    1. Re: Password Reset Email Notifier Configuration (Pálos
>> Gustáv)
>> >> >> >>
>> >> >> >>
>> >> >> >> ------------------------------------------------------------
>> >> ----------
>> >> >> >>
>> >> >> >> Message: 1
>>
>> >> >> >> Date: Mon, 6 Mar 2017 22:35:10 +0100
>> >> >> >> From: Pálos Gustáv <gustav.palos at evolveum.com>
>> >> >> >> To: midPoint General Discussion <midpoint at lists.evolveum.com>
>> >> >> >> Subject: Re: [midPoint] Password Reset Email Notifier
>> Configuration
>> >> >> >> Message-ID:
>> >> >> >>         <CAPXQVkeypuuT6rbU-G7X57GWGXJ
>> AD+viqN7AC9F-SkqV0hoLXA at mail.
>> >> >> >> gmail.com>
>> >> >> >> Content-Type: text/plain; charset="utf-8"
>> >> >> >>
>> >> >> >>
>> >> >> >> you need not to import, but edit configuration --> repository
>> >> objects
>> >> >> -->
>> >> >> >> system configuration -->
>> >> >> >> find section <notificationConfiguration> and put here:
>> >> >> >>   <handler>
>> >> >> >>          <simpleUserNotifier>
>> >> >> >>   .....
>> >> >> >>          </simpleUserNotifier>
>> >> >> >>   </handler>
>> >> >> >>
>> >> >> >> and please also read & use this:
>> >> >> >> https://wiki.evolveum.com/display/midPoint/Configuring+notif
>> >> ications
>> >> >> >>
>> >> >> >> You can start with redirecting e-mail to file over redirectToFile
>> >> >> >>
>> >> >> >> best regards,
>> >> >> >>
>> >> >> >> Gustav
>> >> >> >>
>> >> >> >> 2017-03-06 22:29 GMT+01:00 Peter Healy <phealy3330 at gmail.com>:
>> >> >> >>
>> >> >> >> > Hi Gustav,
>> >> >> >> > I have
>> >> >> >> > Version 3.5
>> >> >> >> > Git describe git-v3.5
>> >> >> >> > Build at Wed, 21 Dec 2016 14:01:34 +0000
>> >> >> >> >
>> >> >> >> > I copied and pasted verbatim from the wiki page into the
>> embedded
>> >> >> editor
>> >> >> >> > or the Import Object GUI page, I don't get any output from
>> idm.log
>> >> >> but
>> >> >> >> I do
>> >> >> >> > get this in catalina.out:
>> >> >> >> > ==> catalina.out <==
>> >> >> >> > java.lang.ClassCastException
>> >> >> >> >
>> >> >> >> > And the error in the GUI has changed to "Object validation
>> failed
>> >> (no
>> >> >> >> > reason given)"
>> >> >> >> >
>> >> >> >> > On Mon, Mar 6, 2017 at 3:31 PM, <midpoint-request at lists.evolve
>> >> um.com
>> >> >> >
>> >> >> >> > wrote:
>> >> >> >> >
>> >> >> >> >> Send midPoint mailing list submissions to
>> >> >> >> >>         midpoint at lists.evolveum.com
>> >> >> >> >>
>> >> >> >> >> To subscribe or unsubscribe via the World Wide Web, visit
>> >> >> >> >>         http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> >> >> >> or, via email, send a message with subject or body 'help' to
>> >> >> >> >>         midpoint-request at lists.evolveum.com
>> >> >> >> >>
>> >> >> >> >> You can reach the person managing the list at
>> >> >> >> >>         midpoint-owner at lists.evolveum.com
>> >> >> >> >>
>> >> >> >> >> When replying, please edit your Subject line so it is more
>> >> specific
>> >> >> >> >> than "Re: Contents of midPoint digest..."
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> Today's Topics:
>> >> >> >> >>
>> >> >> >> >>    1. JMS based workflow configuration (Prabhakara Rao
>> >> Doddapaneni)
>> >> >> >> >>    2. Password Reset Email Notifier Configuration (Peter
>> Healy)
>> >> >> >> >>    3. Re: Password Reset Email Notifier Configuration (Pálos
>> >> Gustáv)
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> ------------------------------------------------------------
>> >> >> ----------
>> >> >> >> >>
>> >> >> >> >> Message: 1
>> >> >> >> >> Date: Mon, 6 Mar 2017 19:30:26 +0000 (UTC)
>> >> >> >> >> From: Prabhakara Rao Doddapaneni <dp_rao at yahoo.com>
>> >> >> >> >> To: "midpoint at lists.evolveum.com" <
>> midpoint at lists.evolveum.com>
>> >> >> >> >> Subject: [midPoint] JMS based workflow configuration
>> >> >> >> >> Message-ID: <1001644321.2237664.1488828626312 at mail.yahoo.com>
>> >> >> >> >> Content-Type: text/plain; charset="utf-8"
>> >> >> >> >>
>> >> >> >> >> One of my resources cannot be configured to respond to sync
>> >> poll.  I
>> >> >> >> plan
>> >> >> >> >> to send a message in JMS Q so that midpoint can listen to that
>> >> >> message
>> >> >> >> and
>> >> >> >> >> reconcile/add the user into repository.  What is the ideal
>> >> solution
>> >> >> to
>> >> >> >> >> achieve this?  has anybody come across this situation?
>> >> >> >> >> Thanks,Prabhakar.
>> >> >> >> >> -------------- next part --------------
>> >> >> >> >> An HTML attachment was scrubbed...
>> >> >> >> >> URL: <http://lists.evolveum.com/pip
>> ermail/midpoint/attachments/
>> >> >> >> >> 20170306/a715dd11/attachment-0001.html>
>> >> >> >> >>
>> >> >> >> >> ------------------------------
>> >> >> >> >>
>> >> >> >> >> Message: 2
>> >> >> >> >> Date: Mon, 6 Mar 2017 15:24:27 -0500
>> >> >> >> >> From: Peter Healy <phealy3330 at gmail.com>
>> >> >> >> >> To: midpoint at lists.evolveum.com
>> >> >> >> >> Subject: [midPoint] Password Reset Email Notifier
>> Configuration
>> >> >> >> >> Message-ID:
>> >> >> >> >>         <CADnbc=wtq+Suhc6LUG-r04OppN4
>> >> AQshDzgk5wGNf7MScsvzbTQ at mail.
>> >> >> >> >> gmail.com>
>> >> >> >> >> Content-Type: text/plain; charset="utf-8"
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> I am trying to implement:
>> >> >> >> >> https://wiki.evolveum.com/display/midPoint/Reset+Password+
>> >> >> >> Configuration
>> >> >> >> >>
>> >> >> >> >> But I get an error importing the Simple User Notifier XML
>> object
>> >> >> that
>> >> >> >> is
>> >> >> >> >> in
>> >> >> >> >> the wiki page:
>> >> >> >> >>
>> >> >> >> >> com.evolveum.midpoint.prism.PrismProperty cannot be cast to
>> >> >> >> >> com.evolveum.midpoint.prism.PrismObject
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> I created and successfully imported this Mail Nonce Policy:
>> >> >> >> >> <valuePolicy xmlns="
>> >> >> >> >> http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> >> >> >> >>              xmlns:q="http://prism.evolveum
>> >> >> .com/xml/ns/public/query-3"
>> >> >> >> >>              xmlns:c="
>> >> >> >> >> http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> >> >> >> >>              xmlns:t="http://prism.evolveum
>> >> >> .com/xml/ns/public/types-3"
>> >> >> >> >>              xmlns:icfs="
>> >> >> >> >> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/r
>> >> >> >> >> esource-schema-3
>> >> >> >> >> "
>> >> >> >> >>              xmlns:ri="
>> >> >> >> >> http://midpoint.evolveum.com/xml/ns/public/resource/instance
>> -3"
>> >> >> >> >>              oid="c0c8a80d-1818-42d1-b3ad-e7f8993593a0"
>> >> >> >> >>              version="0">
>> >> >> >> >>    <name>Mail Nonce Policy</name>
>> >> >> >> >>    <description>Mail Nonce Policy</description>
>> >> >> >> >>    <metadata>
>> >> >> >> >>       <createTimestamp>2017-03-06T1
>> >> 9:56:44.233Z</createTimestamp>
>> >> >> >> >>       <creatorRef oid="00000000-0000-0000-0000-000000000002"
>> >> >> >> >> type="c:UserType"><!-- administrator --></creatorRef>
>> >> >> >> >>       <createChannel>
>> >> >> >> >> http://midpoint.evolveum.com/xml/ns/public/model/channels-3#
>> >> >> >> objectImport
>> >> >> >> >> </createChannel>
>> >> >> >> >>    </metadata>
>> >> >> >> >>    <lifetime>
>> >> >> >> >>       <expiration>999</expiration>
>> >> >> >> >>       <warnBeforeExpiration>9</warnBeforeExpiration>
>> >> >> >> >>       <lockAfterExpiration>0</lockAfterExpiration>
>> >> >> >> >>       <minPasswordAge>0</minPasswordAge>
>> >> >> >> >>       <passwordHistoryLength>0</passwordHistoryLength>
>> >> >> >> >>    </lifetime>
>> >> >> >> >>    <stringPolicy>
>> >> >> >> >>       <description>Testing string policy</description>
>> >> >> >> >>       <limitations>
>> >> >> >> >>          <minLength>20</minLength>
>> >> >> >> >>          <maxLength>20</maxLength>
>> >> >> >> >>          <minUniqueChars>3</minUniqueChars>
>> >> >> >> >>          <limit>
>> >> >> >> >>             <description>Alphas</description>
>> >> >> >> >>             <minOccurs>1</minOccurs>
>> >> >> >> >>             <mustBeFirst>false</mustBeFirst>
>> >> >> >> >>             <characterClass>
>> >> >> >> >>
>> >> >> >> >>  <value>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ<
>> >> >> /value>
>> >> >> >> >>             </characterClass>
>> >> >> >> >>          </limit>
>> >> >> >> >>          <limit>
>> >> >> >> >>             <description>Numbers</description>
>> >> >> >> >>             <minOccurs>1</minOccurs>
>> >> >> >> >>             <mustBeFirst>false</mustBeFirst>
>> >> >> >> >>             <characterClass>
>> >> >> >> >>                <value>1234567890</value>
>> >> >> >> >>             </characterClass>
>> >> >> >> >>          </limit>
>> >> >> >> >>       </limitations>
>> >> >> >> >>    </stringPolicy>
>> >> >> >> >> </valuePolicy>
>> >> >> >> >>
>> >> >> >> >> And I successfully imported this security policy for the Mail
>> >> reset:
>> >> >> >> >> <securityPolicy xmlns="
>> >> >> >> >> http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> >> >> >> >>                 xmlns:q="http://prism.evolveu
>> >> >> >> m.com/xml/ns/public/query-3"
>> >> >> >> >>                 xmlns:c="
>> >> >> >> >> http://midpoint.evolveum.com/xml/ns/public/common/common-3"
>> >> >> >> >>                 xmlns:t="http://prism.evolveu
>> >> >> >> m.com/xml/ns/public/types-3"
>> >> >> >> >>                 xmlns:icfs="
>> >> >> >> >> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/r
>> >> >> >> >> esource-schema-3
>> >> >> >> >> "
>> >> >> >> >>                 xmlns:ri="
>> >> >> >> >> http://midpoint.evolveum.com/xml/ns/public/resource/instance
>> -3"
>> >> >> >> >>                 oid="28bf845a-b107-11e3-85bc-001e8c717e5b"
>> >> >> >> >>                 version="19">
>> >> >> >> >>    <name>Mail Reset Security Policy</name>
>> >> >> >> >>    <metadata>
>> >> >> >> >>       <createTimestamp>2017-02-14T1
>> >> 7:10:13.860Z</createTimestamp>
>> >> >> >> >>       <creatorRef oid="00000000-0000-0000-0000-000000000002"
>> >> >> >> >> type="c:UserType"><!-- administrator --></creatorRef>
>> >> >> >> >>       <createChannel>
>> >> >> >> >> http://midpoint.evolveum.com/xml/ns/public/model/channels-3#
>> >> >> >> objectImport
>> >> >> >> >> </createChannel>
>> >> >> >> >>    </metadata>
>> >> >> >> >>    <authentication>
>> >> >> >> >>       <mailAuthentication>
>> >> >> >> >>          <name>confirmationLink</name>
>> >> >> >> >>          <displayName>Additional mail
>> >> authnetication</displayName>
>> >> >> >> >>          <mailNonce>mailNonce</mailNonce>
>> >> >> >> >>       </mailAuthentication>
>> >> >> >> >>    </authentication>
>> >> >> >> >>    <credentials>
>> >> >> >> >>       <nonce>
>> >> >> >> >>          <maxAge>PT2M</maxAge>
>> >> >> >> >>          <name>mailNonce</name>
>> >> >> >> >>          <valuePolicyRef oid="c0c8a80d-1818-42d1-b3ad-e
>> >> 7f8993593a0"
>> >> >> >> >> type="c:ValuePolicyType"><!-- Mail Nonce Policy
>> >> --></valuePolicyRef>
>> >> >> >> >>       </nonce>
>> >> >> >> >>    </credentials>
>> >> >> >> >>    <credentialsReset>
>> >> >> >> >>       <mailReset>
>> >> >> >> >>          <name>Reset password using mail</name>
>> >> >> >> >>
>> >> >> >> >>  <additionalAuthenticationName>confirmationLink</additionalAu
>> t
>> >> >> >> >> henticationName>
>> >> >> >> >>       </mailReset>
>> >> >> >> >>    </credentialsReset>
>> >> >> >> >> </securityPolicy>
>> >> >> >> >>
>> >> >> >> >> This is the Simple User Notifier form the wiki page:
>> >> >> >> >> <simpleUserNotifier>
>> >> >> >> >>     <expressionFilter>
>> >> >> >> >>         <script>
>> >> >> >> >>             <code>
>> >> >> >> >>                     import
>> >> >> >> >> com.evolveum.midpoint.notifications.api.events.ModelEvent
>> >> >> >> >>                     import
>> >> >> >> >> com.evolveum.midpoint.xml.ns._public.common.common_3.OrgType
>> >> >> >> >>                     import com.evolveum.midpoint.prism.de
>> >> >> >> lta.ChangeType
>> >> >> >> >>
>> >> >> >> >>                    (event instanceof ModelEvent &&
>> >> >> >> >> event.getChannel().equals("
>> >> >> >> >> http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#re
>> >> >> >> setPassword
>> >> >> >> >> "))
>> >> >> >> >>             </code>
>> >> >> >> >>         </script>
>> >> >> >> >>     </expressionFilter>
>> >> >> >> >>     <recipientExpression>
>> >> >> >> >>         <script>
>> >> >> >> >>             <code>return requestee.getEmailAddress()</code>
>> >> >> >> >>         </script>
>> >> >> >> >>     </recipientExpression>
>> >> >> >> >>     <bodyExpression>
>> >> >> >> >>         <script>
>> >> >> >> >>             <code>
>> >> >> >> >>
>> >> >> >> >>                 import
>> >> >> >> >> com.evolveum.midpoint.notifications.api.events.ModelEvent
>> >> >> >> >>                 modelEvent = (ModelEvent) event
>> >> >> >> >>                 newUser = modelEvent.getFocusContext().g
>> >> >> etObjectNew();
>> >> >> >> >>                 userType = newUser.asObjectable();
>> >> >> >> >>
>> >> >> >> >>                 link = "
>> >> >> >> >> http://localhost:8080/midpoint/resetPasswordConfrimation/use
>> r/"
>> >> +
>> >> >> >> >> userType.getName().getOrig() +"/token/" +
>> >> >> >> >> midpoint.getPlaintext(userType.getCredentials().getNonce().
>> >> >> >> getValue());
>> >> >>
>> >> >> >> >>                 bodyMessage = "Did you request password
>> reset? If
>> >> >> yes,
>> >> >> >> >> click on the link bellow \n" + link
>> >> >> >> >>
>> >> >> >> >>                 return bodyMessage;
>> >> >> >> >>             </code>
>> >> >> >> >>         </script>
>> >> >> >> >>     </bodyExpression>
>> >> >> >> >>     <transport>mail</transport>
>> >> >> >> >> </simpleUserNotifier>
>> >> >> >> >> -------------- next part --------------
>> >> >> >> >> An HTML attachment was scrubbed...
>> >> >> >> >> URL: <http://lists.evolveum.com/pip
>> ermail/midpoint/attachments/
>> >> >> >> >> 20170306/4448fc63/attachment-0001.html>
>> >> >> >> >>
>> >> >> >> >> ------------------------------
>> >> >> >> >>
>> >> >> >> >> Message: 3
>> >> >> >> >> Date: Mon, 6 Mar 2017 21:31:06 +0100
>> >> >> >> >> From: Pálos Gustáv <gustav.palos at evolveum.com>
>> >> >> >> >> To: midPoint General Discussion <midpoint at lists.evolveum.com>
>> >> >> >> >> Subject: Re: [midPoint] Password Reset Email Notifier
>> >> Configuration
>> >> >> >> >> Message-ID:
>> >> >> >> >>         <CAPXQVkdrEFOqZxKLZFxNtx-2Z=
>> >> v==PHTzEnkQhjdXcJXY6Mp=g at mail.
>> >> >> gm
>> >> >> >> >> ail.com>
>> >> >> >> >> Content-Type: text/plain; charset="utf-8"
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> Hi Peter
>> >> >> >> >>
>> >> >> >> >> I successfully imported Simple User Notifier snippet in
>> midPoint
>> >> >> 3.5.
>> >> >> >> What
>> >> >> >> >> version do you try?
>> >> >> >> >> This feature is supported only from v3.5.
>> >> >> >> >>
>> >> >> >> >> If you have same midPoint version, please send more detailed
>> >> track
>> >> >> >> trace
>> >> >> >> >> from idm.log
>> >> >> >> >>
>> >> >> >> >> Best regards,
>> >> >> >> >>
>> >> >> >> >> Gustav
>> >> >> >> >>
>> >> >> >> >> 2017-03-06 21:24 GMT+01:00 Peter Healy <phealy3330 at gmail.com
>> >:
>> >> >> >> >>
>> >> >> >> >> > I am trying to implement:
>> >> >> >> >> > https://wiki.evolveum.com/display/midPoint/Reset+Password+
>> >> >> >> Configuration
>> >> >> >> >> >
>> >> >> >> >> > But I get an error importing the Simple User Notifier XML
>> >> object
>> >> >> >> that is
>> >> >> >> >> > in the wiki page:
>> >> >> >> >> >
>> >> >> >> >> > com.evolveum.midpoint.prism.PrismProperty cannot be cast to
>> >> >> >> >> > com.evolveum.midpoint.prism.PrismObject
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >> > I created and successfully imported this Mail Nonce Policy:
>> >> >> >> >> > <valuePolicy xmlns="http://midpoint.evolveu
>> >> m.com/xml/ns/public/
>> >> >> >> >> > common/common-3"
>> >> >> >> >> >              xmlns:q="http://prism.evolveum
>> >> >> >> .com/xml/ns/public/query-3"
>> >> >> >> >> >              xmlns:c="http://midpoint.evolv
>> >> eum.com/xml/ns/public/
>> >> >> >> >> > common/common-3"
>> >> >> >> >> >              xmlns:t="http://prism.evolveum
>> >> >> >> .com/xml/ns/public/types-3"
>> >> >> >> >> >              xmlns:icfs="http://midpoint.ev
>> >> >> olveum.com/xml/ns/public/
>> >> >> >> >> > connector/icf-1/resource-schema-3"
>> >> >> >> >> >              xmlns:ri="http://midpoint.evol
>> >> >> veum.com/xml/ns/public/
>> >> >> >> >> > resource/instance-3"
>> >> >> >> >> >              oid="c0c8a80d-1818-42d1-b3ad-e7f8993593a0"
>> >> >> >> >> >              version="0">
>> >> >> >> >> >    <name>Mail Nonce Policy</name>
>> >> >> >> >> >    <description>Mail Nonce Policy</description>
>> >> >> >> >> >    <metadata>
>> >> >> >> >> >       <createTimestamp>2017-03-06T1
>> >> 9:56:44.233Z</createTimestamp>
>> >> >> >> >> >       <creatorRef oid="00000000-0000-0000-0000-0
>> 00000000002"
>> >> >> >> >> > type="c:UserType"><!-- administrator --></creatorRef>
>> >> >> >> >> >       <createChannel>http://midpoint.evolveum.com/xml/ns/
>> >> >> >> >> > public/model/channels-3#objectImport</createChannel>
>> >> >> >> >> >    </metadata>
>> >> >> >> >> >    <lifetime>
>> >> >> >> >> >       <expiration>999</expiration>
>> >> >> >> >> >       <warnBeforeExpiration>9</warnBeforeExpiration>
>> >> >> >> >> >       <lockAfterExpiration>0</lockAfterExpiration>
>> >> >> >> >> >       <minPasswordAge>0</minPasswordAge>
>> >> >> >> >> >       <passwordHistoryLength>0</passwordHistoryLength>
>> >> >> >> >> >    </lifetime>
>> >> >> >> >> >    <stringPolicy>
>> >> >> >> >> >       <description>Testing string policy</description>
>> >> >> >> >> >       <limitations>
>> >> >> >> >> >          <minLength>20</minLength>
>> >> >> >> >> >          <maxLength>20</maxLength>
>> >> >> >> >> >          <minUniqueChars>3</minUniqueChars>
>> >> >> >> >> >          <limit>
>> >> >> >> >> >             <description>Alphas</description>
>> >> >> >> >> >             <minOccurs>1</minOccurs>
>> >> >> >> >> >             <mustBeFirst>false</mustBeFirst>
>> >> >> >> >> >             <characterClass>
>> >> >> >> >> >                <value>abcdefghijklmnopqrstuvwxyzABCD
>> >> >> >> >> > EFGHIJKLMNOPQRSTUVWXYZ</value>
>> >> >> >> >> >             </characterClass>
>> >> >> >> >> >          </limit>
>> >> >> >> >> >          <limit>
>> >> >> >> >> >             <description>Numbers</description>
>> >> >> >> >> >             <minOccurs>1</minOccurs>
>> >> >> >> >> >             <mustBeFirst>false</mustBeFirst>
>> >> >> >> >> >             <characterClass>
>> >> >> >> >> >                <value>1234567890</value>
>> >> >> >> >> >             </characterClass>
>> >> >> >> >> >          </limit>
>> >> >> >> >> >       </limitations>
>> >> >> >> >> >    </stringPolicy>
>> >> >> >> >> > </valuePolicy>
>> >> >> >> >> >
>> >> >> >> >> > And I successfully imported this security policy for the
>> Mail
>> >> >> reset:
>> >> >> >> >> > <securityPolicy xmlns="http://midpoint.evolveu
>> >> >> m.com/xml/ns/public/
>> >> >> >> >> > common/common-3"
>> >> >> >> >> >                 xmlns:q="http://prism.evolveu
>> >> >> >> >> m.com/xml/ns/public/query-3"
>> >> >> >> >> >                 xmlns:c="http://midpoint.evol
>> >> >> veum.com/xml/ns/public/
>> >> >> >> >> > common/common-3"
>> >> >> >> >> >                 xmlns:t="http://prism.evolveu
>> >> >> >> >> m.com/xml/ns/public/types-3"
>> >> >> >> >> >                 xmlns:icfs="http://midpoint.e
>> >> >> >> volveum.com/xml/ns/public/
>> >> >> >> >> > connector/icf-1/resource-schema-3"
>> >> >> >> >> >                 xmlns:ri="http://midpoint.evo
>> >> >> >> lveum.com/xml/ns/public/
>> >> >> >> >> > resource/instance-3"
>> >> >> >> >> >                 oid="28bf845a-b107-11e3-85bc-001e8c717e5b"
>> >> >> >> >> >                 version="19">
>> >> >> >> >> >    <name>Mail Reset Security Policy</name>
>> >> >> >> >> >    <metadata>
>> >> >> >> >> >       <createTimestamp>2017-02-14T1
>> >> 7:10:13.860Z</createTimestamp>
>> >> >> >> >> >       <creatorRef oid="00000000-0000-0000-0000-0
>> 00000000002"
>> >> >> >> >> > type="c:UserType"><!-- administrator --></creatorRef>
>> >> >> >> >> >       <createChannel>http://midpoint.evolveum.com/xml/ns/
>> >> >> >> >> > public/model/channels-3#objectImport</createChannel>
>> >> >> >> >> >    </metadata>
>> >> >> >> >> >    <authentication>
>> >> >> >> >> >       <mailAuthentication>
>> >> >> >> >> >          <name>confirmationLink</name>
>> >> >> >> >> >          <displayName>Additional mail
>> >> authnetication</displayName>
>> >> >> >> >> >          <mailNonce>mailNonce</mailNonce>
>> >> >> >> >> >       </mailAuthentication>
>> >> >> >> >> >    </authentication>
>> >> >> >> >> >    <credentials>
>> >> >> >> >> >       <nonce>
>> >> >> >> >> >          <maxAge>PT2M</maxAge>
>> >> >> >> >> >          <name>mailNonce</name>
>> >> >> >> >> >          <valuePolicyRef oid="c0c8a80d-1818-42d1-b3ad-e
>> >> >> 7f8993593a0"
>> >> >> >> >> > type="c:ValuePolicyType"><!-- Mail Nonce Policy
>> >> >> --></valuePolicyRef>
>> >> >> >> >> >       </nonce>
>> >> >> >> >> >    </credentials>
>> >> >> >> >> >    <credentialsReset>
>> >> >> >> >> >       <mailReset>
>> >> >> >> >> >          <name>Reset password using mail</name>
>> >> >> >> >> >          <additionalAuthenticationName>confirmationLink</
>> >> >> >> >> > additionalAuthenticationName>
>> >> >> >> >> >       </mailReset>
>> >> >> >> >> >    </credentialsReset>
>> >> >> >> >> > </securityPolicy>
>> >> >> >> >> >
>> >> >> >> >> > This is the Simple User Notifier form the wiki page:
>> >> >> >> >> > <simpleUserNotifier>
>> >> >> >> >> >     <expressionFilter>
>> >> >> >> >> >         <script>
>> >> >> >> >> >             <code>
>> >> >> >> >> >                     import com.evolveum.midpoint.notifica
>> >> >> >> >> tions.api.events.
>> >> >> >> >> > ModelEvent
>> >> >> >> >> >                     import com.evolveum.midpoint.xml.ns._
>> >> >> >> >> > public.common.common_3.OrgType
>> >> >> >> >> >                     import com.evolveum.midpoint.prism.de
>> >> >> >> lta.ChangeType
>> >> >> >> >> >
>> >> >> >> >> >                    (event instanceof ModelEvent &&
>> >> >> >> >> > event.getChannel().equals("htt
>> p://midpoint.evolveum.com/xml/
>> >> >> >> >> > ns/public/gui/channels-3#resetPassword"))
>> >> >> >> >> >             </code>
>> >> >> >> >> >         </script>
>> >> >> >> >> >     </expressionFilter>
>> >> >> >> >> >     <recipientExpression>
>> >> >> >> >> >         <script>
>> >> >> >> >> >             <code>return requestee.getEmailAddress()</code>
>> >> >> >> >> >         </script>
>> >> >> >> >> >     </recipientExpression>
>> >> >> >> >> >     <bodyExpression>
>> >> >> >> >> >         <script>
>> >> >> >> >> >             <code>
>> >> >> >> >> >
>> >> >> >> >> >                 import com.evolveum.midpoint.notifica
>> >> >> >> tions.api.events.
>> >> >> >> >> > ModelEvent
>> >> >> >> >> >                 modelEvent = (ModelEvent) event
>> >> >> >> >> >                 newUser = modelEvent.getFocusContext().g
>> >> >> >> etObjectNew();
>> >> >> >> >> >                 userType = newUser.asObjectable();
>> >> >> >> >> >
>> >> >> >> >> >                 link = "http://localhost:8080/midpoint/
>> >> >> >> >> > resetPasswordConfrimation/user/" +
>> >> userType.getName().getOrig()
>> >> >> >> >> > +"/token/" + midpoint.getPlaintext(userType
>> .getCredentials().
>> >> >> >> >> > getNonce().getValue());
>> >> >> >> >> >                 bodyMessage = "Did you request password
>> reset?
>> >> If
>> >> >> >> yes,
>> >> >> >> >> > click on the link bellow \n" + link
>> >> >> >> >> >
>> >> >> >> >> >                 return bodyMessage;
>> >> >> >> >> >             </code>
>> >> >> >> >> >         </script>
>> >> >> >> >> >     </bodyExpression>
>> >> >> >> >> >     <transport>mail</transport>
>> >> >> >> >> > </simpleUserNotifier>
>> >> >> >> >> >
>> >> >> >> >> > _______________________________________________
>> >> >> >> >> > midPoint mailing list
>> >> >> >> >> > midPoint at lists.evolveum.com
>> >> >> >> >> > http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> >> >> >> >
>> >> >> >> >> >
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> --
>> >> >> >> >> Gustáv Pálos
>> >> >> >> >> Identity Engineer
>> >> >> >> >> evolveum.com
>> >> >> >> >> -------------- next part --------------
>> >> >> >> >> An HTML attachment was scrubbed...
>> >> >> >> >> URL: <http://lists.evolveum.com/pip
>> ermail/midpoint/attachments/
>> >> >> >> >> 20170306/85ab3d27/attachment.html>
>> >> >> >> >>
>> >> >> >> >> ------------------------------
>> >> >> >> >>
>> >> >> >> >> Subject: Digest Footer
>> >> >> >> >>
>> >> >> >> >> _______________________________________________
>> >> >> >> >> midPoint mailing list
>> >> >> >> >> midPoint at lists.evolveum.com
>> >> >> >> >> http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> ------------------------------
>> >> >> >> >>
>> >> >> >> >> End of midPoint Digest, Vol 59, Issue 26
>> >> >> >> >> ****************************************
>> >> >> >> >>
>> >> >> >> >
>> >> >> >> >
>> >> >> >> > _______________________________________________
>> >> >> >> > midPoint mailing list
>> >> >> >> > midPoint at lists.evolveum.com
>> >> >> >> > http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> >> >> >
>> >> >> >> >
>> >> >> >>
>> >> >> >>
>> >> >> >> --
>> >> >> >> Gustáv Pálos
>> >> >> >> Identity Engineer
>> >> >> >> evolveum.com
>> >> >> >> -------------- next part --------------
>> >> >> >> An HTML attachment was scrubbed...
>> >> >> >> URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/
>> >> >> >> 20170306/3dfbadb0/attachment.html>
>> >> >> >>
>> >> >> >> ------------------------------
>> >> >> >>
>> >> >> >> Subject: Digest Footer
>> >> >> >>
>> >> >> >> _______________________________________________
>> >> >> >> midPoint mailing list
>> >> >> >> midPoint at lists.evolveum.com
>> >> >> >> http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> >> >>
>> >> >> >>
>> >> >> >> ------------------------------
>> >> >> >>
>> >> >> >> End of midPoint Digest, Vol 59, Issue 28
>> >> >> >> ****************************************
>> >> >> >>
>> >> >> >
>> >> >> >
>> >> >> > _______________________________________________
>> >> >> > midPoint mailing list
>> >> >> > midPoint at lists.evolveum.com
>> >> >> > http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> >> >
>> >> >> >
>> >> >>
>> >> >>
>> >> >> --
>> >> >> Gustáv Pálos
>> >> >> Identity Engineer
>> >> >> evolveum.com
>> >> >> -------------- next part --------------
>> >> >> An HTML attachment was scrubbed...
>> >> >> URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/
>> >> >> 20170307/c28dfbb3/attachment.html>
>> >> >>
>> >> >> ------------------------------
>> >> >>
>> >> >> Subject: Digest Footer
>> >> >>
>> >> >> _______________________________________________
>> >> >> midPoint mailing list
>> >> >> midPoint at lists.evolveum.com
>> >> >> http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> >>
>> >> >>
>> >> >> ------------------------------
>> >> >>
>> >> >> End of midPoint Digest, Vol 59, Issue 56
>> >> >> ****************************************
>> >> >>
>> >> >
>> >> >
>> >> > _______________________________________________
>> >> > midPoint mailing list
>> >> > midPoint at lists.evolveum.com
>> >> > http://lists.evolveum.com/mailman/listinfo/midpoint
>> >> >
>> >> >
>> >>
>> >>
>> >> --
>> >> s pozdravom
>> >>
>> >> Gustáv Pálos
>> >> -------------- next part --------------
>> >> An HTML attachment was scrubbed...
>> >> URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/
>> >> 20170307/420ea1a4/attachment.html>
>> >>
>> >> ------------------------------
>> >>
>> >> Subject: Digest Footer
>> >>
>> >> _______________________________________________
>> >> midPoint mailing list
>> >> midPoint at lists.evolveum.com
>> >> http://lists.evolveum.com/mailman/listinfo/midpoint
>> >>
>> >>
>> >> ------------------------------
>> >>
>> >> End of midPoint Digest, Vol 59, Issue 62
>> >> ****************************************
>> >>
>> >
>> >
>> > _______________________________________________
>> > midPoint mailing list
>> > midPoint at lists.evolveum.com
>> > http://lists.evolveum.com/mailman/listinfo/midpoint
>> >
>> >
>>
>>
>> --
>> Gustáv Pálos
>> Identity Engineer
>> evolveum.com
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/
>> 20170308/3a2fb997/attachment.html>
>>
>> ------------------------------
>>
>> Subject: Digest Footer
>>
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>> ------------------------------
>>
>> End of midPoint Digest, Vol 59, Issue 64
>> ****************************************
>>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
>


-- 
s pozdravom

Gustáv Pálos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170309/cac83cc0/attachment.htm>


More information about the midPoint mailing list