[midPoint] Password setting for a demonstration

Kromhout, Ethan A. ethan at unc.edu
Thu May 3 14:50:08 CEST 2018 

Thank you so much Mikko, that worked perfectly.

Ethan
________________________________________
From: midPoint <midpoint-bounces at lists.evolveum.com> on behalf of Mikko Pekkarinen <mikko.pekkarinen at datactica.fi>
Sent: Wednesday, May 2, 2018 5:28 AM
To: midPoint General Discussion
Subject: Re: [midPoint] Password setting for a demonstration

This works for us:

         <credentials>
            <password>
               <inbound>
                  <strength>weak</strength>
                  <expression>
                     <script>
                        <code>basic.encrypt("123456")</code>
                     </script>
                  </expression>
               </inbound>
            </password>
         </credentials>

Mikko

________________________________________
Lähettäjä: midPoint <midpoint-bounces at lists.evolveum.com> käyttäjän Kromhout, Ethan A. <ethan at unc.edu> puolesta
Lähetetty: 30. huhtikuuta 2018 17:57:49
Vastaanottaja: midPoint General Discussion
Aihe: [midPoint] Password setting for a demonstration

I was trying to have a connector set the same password for each user object on an import operation, this isn't in any way a real world application, just something where I'm trying to remove a password reset from to save time in demonstration steps for some other midPoint capabilities.

It seemed like something that would be very straight forward to add to my inbound rules for the connector, but I keep missing something.  First I tried just sending in the <value>password_value</value> that failed as makes perfect sense since nothing indicated it was a protected or guarded string.

I tried variations on an example from the wiki similar to:

<credentials xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
             <password>
                  <value>
                        <t:clearValue>mvQLW</t:clearValue>
                   </value>
        </password>
  </credentials>

But receive an error related to the fields not existing in ResourcePasswordDefinitionType.

I tried some groovy variations like the below, but I think I would need to set the return type for the script explicitly to avoid an error of the incorrect class, perhaps via ScriptExpressionReturnType?

               <script>
                        <code>
                            import org.identityconnectors.common.security.GuardedString;
                            import org.identityconnectors.common.security.SecurityUtil;
                            String pwd = '123456';
                            GuardedString gs = (pwd.toCharArray());
                            return gs;
                     </code>
              </script>

I haven't pursued trying to bring the password in across the connector,  it seems like that would be supported, but a fairly uncommon use case.

This probably just isn't worth the few minutes of demo time I'm trying to save, but I thought I'd check in with the list to see if there was some incredibly simple approach I was missing.

Thanks,

Ethan
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
http://lists.evolveum.com/mailman/listinfo/midpoint

More information about the midPoint mailing list