Uploaded image for project: 'Syncope'
  1. Syncope
  2. SYNCOPE-313

Support synchronizing non-cleartext passwords from external resources

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.2.0-M1
    • Component/s: None
    • Labels:
      None

      Description

      Currently we can synchronize cleartext passwords from external resources. However, we can't handle non-cleartext passwords, as they get treated as if they are plaintext passwords when imported into Syncope, and hence hashed again according to user.cipherAlgorithm().

      This task is to treat an imported password as hashed according to a give cipher algorithm configured on the connector (for example via 'Password Cipher Algorithm' for the DB Connector).

      This is specific to each individual connector, as for example for the DB Connector, it might just be a hashed value stored in a table, whereas for LDAP it'll be of the form "CIPHER}VALUE" etc.

      Note that we we cannot refer to any specific connector bundle from inside the SyncopeSyncResultHandler, hence we should find the cleanest place to encapsulate the following logic:

      if (password.isClearText()) {
      // do as currently done
      } else {
      if (connector.isLDAP())

      { // extract cipher and value }

      else if (connector.isDBTable())

      { // treat value as ciphered with the cipher defined in connector configuration }

      else

      { ... }

      }

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                coheigea Colm O hEigeartaigh
                Reporter:
                coheigea Colm O hEigeartaigh
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: