| Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
devel:documentation:uniform_password:password_filter_idm [2021/05/20 09:40]
kotynekv [Password validation request] explenation of error message improved |
devel:documentation:uniform_password:password_filter_idm [2021/06/28 16:16] (current)
kopro [Find correct identity by username from system] |
| |
| Parameters ''logIdentifier'' and ''version'' is part for **every log record** written into application log. Both these parameter is not required. Parameters ''password'', ''username'' and ''resource'' is **required**. | Parameters ''logIdentifier'' and ''version'' is part for **every log record** written into application log. Both these parameter is not required. Parameters ''password'', ''username'' and ''resource'' is **required**. |
| | <note important> |
| | Both REST endpoints has new permissions ''SYSTEM\_PASSWORDFILTERVALIDATE'' for validation and for change ''SYSTEM\_PASSWORDFILTERCHANGE''. Identity that password filter used for calling these REST endpoint must have both these permissions. For authentization can be used standard **basic** authentization or **CIDMST** token. Recommended is use **CIDMST** token with long expiration date. It's recommend create new identity with these permissions. </note> |
| |
| Both REST endpoints has new permissions ''SYSTEM\_PASSWORDFILTERVALIDATE'' for validation and for change ''SYSTEM\_PASSWORDFILTERCHANGE''. Identity that password filter used for calling these REST endpoint must have both these permissions. For authentization can be used standard **basic** authentization or **CIDMST** token. Recommended is use **CIDMST** token with long expiration date. It's recommend create new identity with these permissions. | === Permission settings for password filter === |
| | |
| | {{:devel:documentation:uniform_password:pf_permissions_setting.png?500|}} |
| | |
| ==== Why we want check echos? ==== | ==== Why we want check echos? ==== |
| {{:devel:documentation:uniform_password:100.png |}} | {{:devel:documentation:uniform_password:100.png |}} |
| |
| ==== Find correct identity by username from system ==== | ==== Find correct identity by username from system ==== |
| | |
| | <note tip>The script used to transform the username** must be of type** ''Transform from a system''!</note> |
| |
| From external system IdM receives **user identifier** - ''username'' parameter. If for the identifier exists equal account (UID) the owner of the account will be used as owner of the password change request. If doesn't exists equal account, IdM checks if exists identity (username) with the given **user identifier**. | From external system IdM receives **user identifier** - ''username'' parameter. If for the identifier exists equal account (UID) the owner of the account will be used as owner of the password change request. If doesn't exists equal account, IdM checks if exists identity (username) with the given **user identifier**. |
| |
| But some external system has own system identifier. For these cases exists **transformation script** that allow find correct owner of password change request. It is required returned identity otherwise exception will be thrown. | But some external system has own system identifier. For these cases exists **transformation script** that allows to find correct owner of password change request. It is required returned identity otherwise exception will be thrown. The **script has to be** of the ''Transformation from a system'' type, **another script types will not work**! |