Today we see how to create a user without saving the password in the Apache Syncope repository. The user password will be stored only on Active Directory.
Today we see how to create a user without saving the password in the Apache Syncope repository. The user password will be stored only on Active Directory.
Use Case: Created users on Apache Syncope who have AD as assigned resource, can authenticate to the console using the external provisioned password. Apache Syncope console use a NTLMv2 filter for authentication. This filter performs an NTLMv2 authentication with the browser client. After successful authentication, a HTTP session is created and access to the Apache Syncope console is granted.
To do this, we have modified some classes:
1) org.apache.syncope.core.persistence.beans.user.SyncopeUser
@Column(nullable = true)
private String password; 2) org.apache.syncope.core.persistence.dao.impl.UserDAOImpl
public SyncopeUser save(final SyncopeUser user) {
user.setPassword(null, CipherAlgorithm.SHA256, 0);
3) org.apache.syncope.console.pages.panels.StatusPanel
final Check check = new Check("check", item.getModel(), checkGroup);
check.setEnabled(
"Syncope".equals(item.getModelObject().getResourceName()) ? false : checkVisibility);
In the StatusPanel, CheckBox for Syncope is disabled.
See you soon
Not rated yet 