[midPoint] Self Credentials Page - Old Password - Keycloak AND reset password for LDAP only (gui config)
Markus Calmius
markus.calmius at proton.ch
Fri Oct 18 10:41:36 CEST 2024
Hi,
thanks to João Paulo Ribeiro for the question regarding Keycloak and old password.
That helped me moving forward with my question(s).
I'm running 4.8(.0) and, it looks like the password hint cannot be removed until 4.8.1, is that correct?
So, I only have one issue left to solve:
How to specify that only specific resources are available for password resets.
Markus Calmius
Proton AG
On Wednesday, 16 October 2024 at 12:00, midpoint-request at lists.evolveum.com <midpoint-request at lists.evolveum.com> wrote:
> Send midPoint mailing list submissions to
> midpoint at lists.evolveum.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.evolveum.com/mailman/listinfo/midpoint
> or, via email, send a message with subject or body 'help' to
> midpoint-request at lists.evolveum.com
>
> You can reach the person managing the list at
> midpoint-owner at lists.evolveum.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of midPoint digest..."
>
>
> Today's Topics:
>
> 1. reset password for LDAP only (gui config) (Markus Calmius)
> 2. Self Credentials Page - Old Password - Keycloak
> (João Paulo Ribeiro)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 15 Oct 2024 14:17:25 +0000
> From: Markus Calmius markus.calmius at proton.ch
>
> To: midPoint General Discussion midpoint at lists.evolveum.com
>
> Subject: [midPoint] reset password for LDAP only (gui config)
> Message-ID:
> yLBnWn-8W3-LXa9a7Jsb8hcHT1aQTeJdMrtvx7QIG7rufdi--KTb-ZatTAi4Pnys6wFeEPwTRDz18YILzq-gBZiCr0F28IkEDlxKQyX6USM=@proton.ch
>
>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> we use OIDC/Keycloak to login to midPoint and many other webapps using passkeys/passwordless authentication.
> Some systems or non webapps that do not support OIDC/SAML usually support LDAP though.
>
> I would like to configure the Credentials-page to only show the LDAP-resource.
> Any tips on how to do that?
>
> Thanks in Advance,
>
> Markus
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.evolveum.com/pipermail/midpoint/attachments/20241015/8707b398/attachment-0001.htm
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 15 Oct 2024 15:28:25 -0300
> From: João Paulo Ribeiro joparibeiro at gmail.com
>
> To: midpoint at lists.evolveum.com
> Subject: [midPoint] Self Credentials Page - Old Password - Keycloak
> Message-ID:
> CAMP=YZwk8VL3hfM891jyk5+9NaubGYVyi1k0pCF_gPAYJ+SxfA at mail.gmail.com
>
> Content-Type: text/plain; charset="utf-8"
>
> Hello!
>
> I have a midPoint 4.8.4 + Keycloak scenario. I would like to know if there
> is any configuration I can do so that while an end user is changing his/her
> own password (in credentials self-service page), midpoint would prompt for
> the old OIDC password instead of the old password from the midPoint
> respository. I am using AD as user federation in Keycloak.
>
> I've set storageType=none in the security policy, but when I try to change
> the own password by entering the old AD password in "Old Password" field,
> midPoint says that the old password is incorrect.I think it is looking for
> the old password in the repository, in m_object.fullobject, but obviously,
> there is no password defined there, due to storageType=none.
>
> I could simply remove the "Old Password" field from the self-service
> credentials UI (using passwordChangeSecurity=none in the security policy),
> but for security reasons I think it's important that the end user to
> provide the old password.
>
> Thanks in advance.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.evolveum.com/pipermail/midpoint/attachments/20241015/006af5a9/attachment-0001.htm
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> ------------------------------
>
> End of midPoint Digest, Vol 150, Issue 6
> ****************************************
More information about the midPoint
mailing list