[midPoint] User Token / API key management

[Sylvaire kevin TIPA]

Hey all,

I search some idee / sample about user token management. I explain, in many application, it's possible to manage access token (like gitlab) for make action. We want to manage this with midpoint.

Problem, user token cannot be set from MP, in most case, it's generated by application when calling a specific API endpoint. So I can read it in ressource and map it to user filed (Application --to--> MP), but how to call action in ressource for saying "reset user token" or "revoc user token" ?

MP use a simple process : 1 filed in User is map to 1 filed in Account. It my case, I cannot do this because User filed "user token"cannot be set AsIs to Account (api do not allow to choice user token). Of course, I can use outbound mapping for set a defined value, like "regenerate" ou "0". But than need to create "hack" in connector saying "when this field == 0, call reset user token endpoint"..

Any idee / doc of how to manage this case ? How to declench specific action in connector not base on field conten ?

Br,


Cordialement,



[https://attachment.outlook.office.net/owa/sylvaire-kevin.tipa@mythalesgroup.io/service.svc/s/GetFileAttachment?id=AAMkAGY1ZjY5NWRmLTQ0ZDgtNGNjMy05NzNkLWJmMDRiMWE1MzRlZABGAAAAAABh4WdBWT4xR7DMeIEaHdTyBwAoAS%2FqG5cHS6e%2BmMV1HZP5AAAAAAEJAAAoAS%2FqG5cHS6e%2BmMV1HZP5AAA6Qq2YAAABEgAQABu5cy33gBtFlMD7DO8YR0A%3D&X-OWA-CANARY=ChiPfpk72ke8XYNev7RaMjBqkl3Gx9UY9Eb1nD0ESaO9Vu49v6lQFICf4be4xrzkFIas0KMHQr8.&token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjA2MDBGOUY2NzQ2MjA3MzdFNzM0MDRFMjg3QzQ1QTgxOENCN0NFQjgiLCJ4NXQiOiJCZ0Q1OW5SaUJ6Zm5OQVRpaDhSYWdZeTN6cmciLCJ0eXAiOiJKV1QifQ.eyJ2ZXIiOiJFeGNoYW5nZS5DYWxsYmFjay5WMSIsImFwcGN0eHNlbmRlciI6Ik93YURvd25sb2FkQGNkOTQzYmVhLTZjYmQtNGI1Mi05ZWVkLTY1MDE1MjYwMzBlYSIsImFwcGN0eCI6IntcIm1zZXhjaHByb3RcIjpcIm93YVwiLFwicHJpbWFyeXNpZFwiOlwiUy0xLTUtMjEtMTg2Mjg2NDE5LTE3ODA1Mzc0ODItMzc3MTQ0MjUwMy0xNzA1MDkzXCIsXCJwdWlkXCI6XCIxMTUzODM2Mjk2ODEyMDA2MTcyXCIsXCJvaWRcIjpcImUwNDllZjY1LTA3OTctNGFlNC04YTlkLTI4ZDg4NTU5ZDAzMVwiLFwic2NvcGVcIjpcIk93YURvd25sb2FkXCJ9IiwibmJmIjoxNTI3ODYwODc3LCJleHAiOjE1Mjc4NjE0NzcsImlzcyI6IjAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMEBjZDk0M2JlYS02Y2JkLTRiNTItOWVlZC02NTAxNTI2MDMwZWEiLCJhdWQiOiIwMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAvYXR0YWNobWVudC5vdXRsb29rLm9mZmljZS5uZXRAY2Q5NDNiZWEtNmNiZC00YjUyLTllZWQtNjUwMTUyNjAzMGVhIn0.nd8YaoCszRU3J-pTpf2fo2Sjs4X8EeyDVIGRODX-WaLwtbDHAXqMEVMw2_wldyedQ07nJYXTXI7yJ8JwPB09H30wKs9ytHcuchZNPhJZWc6x2ssYRUfiW4dtcuFpSIV16vXS_Lu61-cjbcKGtHNAbGDYFgKiv3vMLzge_N95-xkvLd0GDbPrk743gK0l9TUIjfLTgnrK2uqlSwpVRUeL_dSG-_kKqaMyvJNo0Eh55dKUckmZhws2shczl72V4Ftt-dWzklX6lDGZ6goiYMWb3i0T-_QekdsXRNXlCRO7nIUSlBRndBjtfCMaOE40RBI9lcp9VQKmxWAWQDJpNEUhtQ&owa=outlook.office365.com&isImagePreview=True]

Sylvaire-Kevin TIPA
Thales Services / OIC / DevOps Automatisation Infrastructures
…………………………………………………………………………………………
THALES SERVICES SAS
44 Quai Charles de Gaulle
CS 20100
69463 Lyon Cedex 06
…………………………………………………………………………………………
www.thalesgroup.com<http://www.thalesgroup.com/>





This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20201008/646b7a14/attachment.htm>