[midPoint] midPoint SAML2 login + disable Identity Manager Repository current password
Frech, Robin
Robin.Frech at enventa-group.com
Mon Oct 21 15:27:24 CEST 2024
Hey Markus,
thanks for this information. I have changed it like you said and it worked!
For systems, I do not want password changes, I have disabled the capability.
Resources > All resources > "resource XY" > Schema handling > "account XY" > Capabilities > Credentials > Enabled > false
It will not hide the resources but it will change the behaivor, that Self Service will not change passwords.
Mit freundlichen Grüßen | with kind regards
Robin Frech
________________________________
Von: midPoint <midpoint-bounces at lists.evolveum.com> im Auftrag von Markus Calmius via midPoint <midpoint at lists.evolveum.com>
Gesendet: Montag, 21. Oktober 2024 15:19
An: midpoint at lists.evolveum.com <midpoint at lists.evolveum.com>
Cc: Markus Calmius <markus.calmius at proton.ch>
Betreff: Re: [midPoint] midPoint SAML2 login + disable Identity Manager Repository current password
Hi Robin,
We're having the same issue here, and I've come closer, but not found a way for everything yet.
We're using Keycloak/OIDC to login to midpoint, so no MP-passwords used here either.
What I have been able to do is to remove the hint-field (requires 4.8.1 or above) and remove the "old password"-field by adding this to the security policy:
<credentials>
<password>
<passwordChangeSecurity>none</passwordChangeSecurity> <passwordHintConfigurability>neverConfigure</passwordHintConfigurability>
<storageMethod>
<storageType>none</storageType>
</storageMethod>
....
</password>
</credentials>
Our use case is just to be able to set the password for one other resource. To disable passwords for MP.
Still trying to find a solution to that...
Markus
On Monday, 21 October 2024 at 15:06, midpoint-request at lists.evolveum.com <midpoint-request at lists.evolveum.com> wrote:
> Send midPoint mailing list submissions to
> midpoint at lists.evolveum.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.evolveum.com/mailman/listinfo/midpoint
> or, via email, send a message with subject or body 'help' to
> midpoint-request at lists.evolveum.com
>
> You can reach the person managing the list at
> midpoint-owner at lists.evolveum.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of midPoint digest..."
>
>
> Today's Topics:
>
> 1. midPoint SAML2 login + disable Identity Manager Repository
> current password (Frech, Robin)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 21 Oct 2024 13:06:33 +0000
> From: "Frech, Robin" Robin.Frech at enventa-group.com
>
> To: midpoint mailing list midpoint at lists.evolveum.com
>
> Subject: [midPoint] midPoint SAML2 login + disable Identity Manager
> Repository current password
> Message-ID:
> FR3P281MB1584A30912A3678E3C3CF724A8432 at FR3P281MB1584.DEUP281.PROD.OUTLOOK.COM
>
>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello all,
> I am struggling with midPoint configuration.
>
> 1.
> Users will log in to midPoint via SAML2 (Microsoft account)
> 2.
> They will not get their midPoint password
> 3.
> How could I disable changing password for Resource "Identity Manager Repository" and the question for changig their other resource password "current password"
> *
> Authenticating via SAML2 is enough to change your resources passwords.
>
> [cid:75af7132-c160-4079-91a3-b4718f04b096]
>
>
> Best regards
>
> Robin
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.evolveum.com/pipermail/midpoint/attachments/20241021/4d2396b8/attachment.htm
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: image.png
> Type: image/png
> Size: 72569 bytes
> Desc: image.png
> URL: https://lists.evolveum.com/pipermail/midpoint/attachments/20241021/4d2396b8/attachment.png
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
> ------------------------------
>
> End of midPoint Digest, Vol 150, Issue 10
> *****************************************
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com
https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20241021/6de92a5c/attachment.htm>
More information about the midPoint
mailing list