<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi,<br>
<br>
Thanks a lot, sponsoring/endorsement would really help here. I
have created issue in Jira to track this:
<a class="moz-txt-link-freetext" href="https://jira.evolveum.com/browse/MID-3298">https://jira.evolveum.com/browse/MID-3298</a><br>
<br>
<pre class="moz-signature" cols="72">--
Radovan Semancik
Software Architect
evolveum.com
</pre>
<br>
<br>
On 07/17/2016 08:15 PM, Gustavo J Gallardo wrote:<br>
</div>
<blockquote
cite="mid:CAA68kP_pdak-9kkSxsrG==exsYRzYfaGhhAMd0Znna-aanD9yQ@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Radovan,
<div>thanks for your response.</div>
<div><br>
</div>
<div>Yes, we tested it and it works, but as you mentioned it is
not very efficient.</div>
<div>The approach you mention is the one I was hoping it
existed, that's why I entered the question to the list. I'll
try to get our customer to subscribe and endorse it.</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks,</div>
<div><br>
</div>
<div>GJG</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Jul 14, 2016 at 11:41 AM,
Radovan Semancik <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:radovan.semancik@evolveum.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:radovan.semancik@evolveum.com">radovan.semancik@evolveum.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> Hi Gustavo,<br>
<br>
Yes, this is a correct approach. I'm am slightly concerned
about the step 2, though. If the user has the ability to
read it's own object ("self") then that step should work.
But I'm not sure if we have tested this. But I'm sure you
are going to try it. So in case that it does not work
please report a bug, because it is supposed to work.<br>
<br>
Thinking about this ... I can see that this process might
be a bit cumbersome and a bit inefficient. Especially
considering that midPoint knows the identity of logged-in
user (even in REST). So I can imagine having a resource
something like <a moz-do-not-send="true"
href="http://xxxxx/midpoint/ws/rest/users/self"
target="_blank">http://xxxxx/midpoint/ws/rest/users/self</a>
that could return the object representing the logged-in
user. This will make it all easier. However, this is not
implemented now. If you want that please add that as a new
feature in jira. However it will need sponsoring or
subscriber endorsement to get implemented anytime soon.<br>
<br>
<pre cols="72">--
Radovan Semancik
Software Architect
<a moz-do-not-send="true" href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
<div>
<div class="h5"> <br>
<br>
<div>On 07/01/2016 07:50 PM, Gustavo J Gallardo wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5">
<div dir="ltr">Hi all,
<div>we are running midPoint 3.4 and our customer
has an existing web portal where they want to
maintain all end-user interaction.</div>
<div>They are building a component to allow
end-users to change their passwords. We would
like them to use the REST API. From the portal,
they will have the username from the session and
present a form to ask the user's old_password
and new_password.</div>
<div><br>
</div>
<div>Our idea so far:</div>
<div>1) Grant our end-users a custom role with <a
moz-do-not-send="true"
href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#all"
target="_blank"><a class="moz-txt-link-freetext" href="http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#all">http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#all</a></a>
authorization, in addition to the minimum
requirements to change his own credentials and
it's shadow's credentials.<br>
</div>
<div>2) use <a moz-do-not-send="true"
href="http://xxxxx/midpoint/ws/rest/users/search"
target="_blank">http://xxxxx/midpoint/ws/rest/users/search</a>,
to find the user by name and parsing the XML
result to get his oid.</div>
<div>3) use <a moz-do-not-send="true"
href="http://xxxxxx/midpoint/ws/rest/users/%7Buser_oid%7D"
target="_blank">http://xxxxxx/midpoint/ws/rest/users/{user_oid}</a>
to POST an objectModification to set
credentials/password</div>
<div>(both REST calls would use
username:old_password for authorization)</div>
<div><br>
</div>
<div>Is this the correct approach? Is there any
better/easier way to achieve this?</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks,</div>
<div><br>
</div>
<div>GJG</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
midPoint mailing list
<a moz-do-not-send="true" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a moz-do-not-send="true" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a moz-do-not-send="true"
href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a moz-do-not-send="true"
href="http://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
</body>
</html>