<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi,<br>
<br>
Yes. I understand that this may be helpful for these cases. And
maybe even for some "check password" GUI functionality. Now I see
that this is a good idea. So I've created a feature request:<br>
<br>
<a class="moz-txt-link-freetext" href="https://jira.evolveum.com/browse/MID-1906">https://jira.evolveum.com/browse/MID-1906</a><br>
<br>
However the bad news is that given our roadmap and schedule it is
quite unlikely that we can find a time to implement this anytime
soon. Unless some contributor or subscriber raises a similar
request.<br>
<br>
<pre class="moz-signature" cols="72">--
Radovan Semancik
Software Architect
evolveum.com
</pre>
<br>
<br>
On 05/22/2014 06:59 PM, Alexander Grzesik wrote:<br>
</div>
<blockquote
cite="mid:d1c52502-1abb-47ff-bb0c-f5561f6a4920@medisite.de"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Courier New \;color\:\#1F497D";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Vorformatiert Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLVorformatiertZchn
{mso-style-name:"HTML Vorformatiert Zchn";
mso-style-priority:99;
mso-style-link:"HTML Vorformatiert";
font-family:Consolas;
color:black;}
span.E-MailFormatvorlage19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.E-MailFormatvorlage20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.E-MailFormatvorlage21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D" lang="EN-US">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D" lang="EN-US">I was thinking the
answer is no. In fact we use an LDAP integrated for
authentication and connecting external systems.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D" lang="EN-US">My question was
because it would be nice for smaller deployments and
development instances to not have the need to add this
complexity but simply verify a user with password against
midpoint directly.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D" lang="EN-US">An alternative could
be addition of a method to the model-client-api to encrypt a
password by midpoint. Then we could simply compare this
encrypted password against the one stored in the user for a
simple authentication use case.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D" lang="EN-US">Best Regards<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier
New";color:#1F497D" lang="EN-US">Alexander<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext">Von:</span></b><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext">
<a class="moz-txt-link-abbreviated" href="mailto:midpoint-bounces@lists.evolveum.com">midpoint-bounces@lists.evolveum.com</a>
[<a class="moz-txt-link-freetext" href="mailto:midpoint-bounces@lists.evolveum.com">mailto:midpoint-bounces@lists.evolveum.com</a>] <b>Im
Auftrag von </b>Radovan Semancik<br>
<b>Gesendet:</b> Donnerstag, 22. Mai 2014 17:38<br>
<b>An:</b> <a class="moz-txt-link-abbreviated" href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
<b>Betreff:</b> Re: [midPoint] Possibility to check
Password validity?<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Hi Alexander,<br>
<br>
I'm afraid that the answer is again "no". MidPoint was not
designed as an authentication server therefore we haven't
considered such function. Provisioning system are relatively
complex and therefore they are not ideal as high-performance
authentication systems.<br>
<br>
What we usually do is an LDAP server that contains all the
midPoint users (provisioned by usual LDAP connector). And
the you can check password against that LDAP server using
usual BIND operation. This solution may seem slightly
complex but it has many advantages such as performance,
scalability and availability.<br>
<br>
<br>
<o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre> Radovan Semancik<o:p></o:p></pre>
<pre> Software Architect<o:p></o:p></pre>
<pre> evolveum.com<o:p></o:p></pre>
<p class="MsoNormal"><br>
<br>
On 05/22/2014 01:55 PM, Alexander Grzesik wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier New
;color:#1F497D","serif"" lang="EN-US">Just
another question regaridng passwords.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Courier New
;color:#1F497D","serif"" lang="EN-US">Is it
possible to verify a user password via API, so check if a
given password matches the ones a user had stored?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext">Von:</span></b><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext">
<a moz-do-not-send="true"
href="mailto:midpoint-bounces@lists.evolveum.com">midpoint-bounces@lists.evolveum.com</a>
[<a moz-do-not-send="true"
href="mailto:midpoint-bounces@lists.evolveum.com">mailto:midpoint-bounces@lists.evolveum.com</a>]
<b>Im Auftrag von </b>Pavol Mederly<br>
<b>Gesendet:</b> Donnerstag, 22. Mai 2014 13:17<br>
<b>An:</b> <a moz-do-not-send="true"
href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><br>
<b>Betreff:</b> Re: [midPoint] Possibility to check
Password validity?</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hello
Alexander,<br>
<br>
that's a meaningful request. <br>
<br>
Such feature is planned (see <a moz-do-not-send="true"
href="https://jira.evolveum.com/browse/MID-1876">https://jira.evolveum.com/browse/MID-1876</a>
- your scenario could be realized e.g. via setting "don't
execute changes" flag), unfortunately, it is not
implemented yet and probably will not be part of 3.0.<br>
Hopefully it will be in some of the maintenance/patch
releases after 3.0.<br>
<br>
Best regards,<br>
Pavol<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hi,</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">is there a way to check if a password is
valid according to the Password Policy from the
ModelClient before saving a user?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">This would be helpful for us, as we create
users from an external application and store in midpoint
and would like to provide a validation in the GUI form.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">Best Regards</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">Alexander</span><o:p></o:p></p>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>midPoint mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>midPoint mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
</body>
</html>