[midPoint] API call to get password change events
Matus Macik
matus.macik at evolveum.com
Wed May 22 13:21:41 CEST 2024
Hello,
the general information about when credentials were created and when modified is a part of the user object data. Here we have an example of how get a specific object via the REST API https://docs.evolveum.com/midpoint/reference/support-4.8/interfaces/rest/endpoints/users/#get-user-object
The returned object will contain a “credentials” container, where each type of credentials holds a “metadata” container with parameters. Amongst the “metadata” properties you can also find the “createTimestamp” and “modifyTimestamp” parameters. These indicate the times of creation and modification of a credential's value.
Getting the information on attempts to modify the credentials (e.g. without success) is a bit tricky, we store this kind of information in the audit log. Currently, there is no REST endpoint with which you can directly query the audit log.
A possible workaround would be to create a report for events related to password modification and parse the reports for this information. We have an example of a similar report configuration here https://docs.evolveum.com/midpoint/reference/support-4.8/misc/reports/examples/audit-report-with-changed-attributes/
Alternatively, a more advanced possibility would be to add this timestamp as an extension attribute and fill it with the data via the usage of scripting hooks https://docs.evolveum.com/midpoint/reference/support-4.8/concepts/clockwork/scripting-hooks/ . After this is done the extension attribute will be a part of the payload returned when you issue a REST get request for the user.
--
Best Regards,
Matus Macik | Developer and Identity Management Engineer
matus.macik at evolveum.com | www.evolveum.com
Evolveum
----- Original Message -----
From: "midPoint General Discussion" <midpoint at lists.evolveum.com>
To: "midPoint General Discussion" <midpoint at lists.evolveum.com>
Cc: "Ashwill, Steven L" <sashwill at uillinois.edu>
Sent: Monday, May 20, 2024 5:10:13 PM
Subject: [midPoint] API call to get password change events
Hello,
If anyone can save me a lot of time and investment in to trying to figure this out...
Is there an API that will tell me the times that a successful password change has occurred?
Secondly, when an attempt was made to change a password?
Thanks,
Steven Ashwill
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint
More information about the midPoint
mailing list