Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
tutorial:adm:password_provisioning [2018/11/16 11:45] kopro [Password provisioning] |
tutorial:adm:password_provisioning [2019/06/11 12:46] kopro add information about password settigns in schema |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Password provisioning ====== | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | For connector that allow password change (table, ad, ldap, ...) is possible provisioning password. Every of these connectors has special settings for password attribute. Eq.: | ||
+ | |||
+ | After you choose the password attribute and generate schema for system. It is possible **create** mapping for password. Main password attribute can be mapped as **\_\_PASSWORD\_\_** attribute. | ||
+ | |||
+ | Main password attribute (\_\_PASSWORD\_\_) is sent to end system only with uid, all attributes including another attributes marked as password will be sent in second provisioning operation. If application property (// | ||
+ | |||
+ | All password attributes will be transformed before will be transformed via transformation scripts to end system. The transformation scripts must return **GuardedString** or **null**, all another object throw exception. All transformation obtain password in **attributeValue**. For transformation script will be applied classic rules for check security and etc. | ||
+ | |||
+ | <note tip> | ||
+ | |||
+ | <note important> | ||
+ | |||
+ | ===== Passwords and transformation ===== | ||
+ | Transformations on password will be applied in these situations: | ||
+ | |||
+ | ==== Password change ==== | ||
+ | User change his password for accounts (doesn' | ||
+ | |||
+ | If script for transformation password/s contains errors it will be throw exception: | ||
+ | |||
+ | the exception **is not stored** in provisioning operation queue. | ||
+ | |||
+ | |||
+ | ==== Create new account and password generate ==== | ||
+ | |||
+ | When administrator/ | ||
+ | |||
+ | <note tip> | ||
+ | |||
+ | Password is generated by password policy for generating that has assigned system. If system doesn' | ||
+ | |||
+ | ===== Attribute Password in schema (__PASSWORD__) ===== | ||
+ | |||
+ | <note tip>If the attribute __PASSWORD__ missing, you must create this attribute manually.</ | ||
+ | |||
+ | {{: | ||
+ | |||
+ | * **Name:** \_\_PASSWORD\_\_ | ||
+ | * **Data type:** eu.bcvsolutions.idm.core.security.api.domain.GuardedString | ||
+ | * **Able to create:** true | ||
+ | * **Able to edit:** true | ||