incubator-syncope-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Users & roles
Date Fri, 30 Mar 2012 12:29:47 GMT
Hi Bob,

I've been running into similar issues.

> - /auth/getentitlements doesn't give me the roles of the connected user

It gives you the list of entitlements associated with the roles of the
connected user. Perhaps this controller should also have a similar
method for returning a list of role names of the connected user as
well?

A question I have is whether the list of entitlements is only for the
child roles or all of the entitlements associated with the role
hierarchy?

> - /user/read?username=user : gives me the user but only if I
> authenticated with a user that has the possiblity to read other users
> as well. This means I should have some kind of administration
> connection to core instead of a user specific connection?

Yes I think so. Your Tomcat user account should have the ability to
read users/roles etc., and you authenticate as this user. I think
there should possibly be an "authenticateUser" method or something
similar that takes in a username/password and returns true or false
depending on if there is a matching user in Syncope.

> - if there are hierarchical roles, I only get the child role. I
> suppose I have to walk the tree myself to retrieve the other roles?
> i.e. based on response to role/list request?

IMO there should be an easy way to get all roles of the user rather
than having to walk the tree.

Colm.

On Fri, Mar 30, 2012 at 12:42 PM, Bob Lannoy <bob.lannoy@gmail.com> wrote:
> Hi,
>
> suppose I have users & hierarchical roles in Syncope and an external
> system (tomcat webapp) that needs to authenticate those users and get
> the roles.
> Can you give me an indication on how I would go about this?
>
> I did some preliminary tests:
> - I can do an authentication to core using basic auth, but I saw that
> the user object also contains the hashed password of the user
> - /auth/getentitlements doesn't give me the roles of the connected user
> - /user/read?username=user : gives me the user but only if I
> authenticated with a user that has the possiblity to read other users
> as well. This means I should have some kind of administration
> connection to core instead of a user specific connection?
> - if there are hierarchical roles, I only get the child role. I
> suppose I have to walk the tree myself to retrieve the other roles?
> i.e. based on response to role/list request?
> regards
>
> Bob



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message