syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ravindra Singareddy <singare...@hotmail.com>
Subject Re: Using email as authentication in addition to user name
Date Wed, 15 Feb 2017 06:15:57 GMT
Hi Francesco,

1) Created (SYNCOPE-1015) User Authentication using email

2) created a project from maven archetype.

3) Modified source code as per instructions, as reference [3]

4) Did testing using RESTFul API and from syncope enduser GUI, both of them failed.

Analysis of Failure:

4) Search based on user email worked and password is authenticated successfully for email.

5) The authentication method is returning true.

6) After successful authentication  client calls self method

Pair<Map<String, Set<String>>, UserTO> self = client.self();

7) Client self, in turn, calls createServiceInstance method of RestClientFactoryBean and which
is throwing error.



Thanks


Ravi



________________________________
From: Francesco Chicchiriccò <ilgrosso@apache.org>
Sent: Tuesday, February 14, 2017 8:10 PM
To: dev@syncope.apache.org
Subject: Re: Using email as authentication in addition to user name

On 14/02/2017 14:48, Ravindra Singareddy wrote:
> Good Morning Syncope Users,
>
> I have a simple use case of authenticating users using email in addition to the username.
What will be best practices approach, to make an addition to existing code base without losing
integrity?

Hi Ravi,
there is currently no OOTB support for authenticating users by anything
but username.

This looks, however, like a nice feature: one can think to add a new
configuration parameter [1] enlisting the attribute(s) that can be used
for authentication (for example, ["username", "email",
"socialSecurityNumber"]), and Syncope will attempt authentication
against the configured parameters, in order, until one succeeds or all fail.
Would you mind opening a new feature issue on JIRA?

The code responsible for the current behavior is [2].

Until the new feature will be added, you might also have the possibility
to do something similar, even if it is not trivial.

Essentially, you will need to, in your own local project (please note
that I am not talking of Syncope sources, but of the project you should
have generated from archetype):

1. create the directory
core/spring/src/main/java/org/apache/syncope/core/spring/security
2. download the class of [2] and place it in the directory created above
3. replace the line [2] with the logic for authenticating via email
address, that I have sketched in [3]

This *should* work, even though I have no time right now to give it a try.

HTH
Regards.

[1]
https://syncope.apache.org/docs/reference-guide.html#configuration-parameters
Apache Syncope 2.0.1 - Reference Guide<https://syncope.apache.org/docs/reference-guide.html#configuration-parameters>
syncope.apache.org
This reference guide covers Apache Syncope services for identity management, provisioning,
and compliance.



[2]
https://github.com/apache/syncope/blob/2_0_X/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java#L133
syncope/AuthDataAccessor.java at 2_0_X · apache/syncope · GitHub<https://github.com/apache/syncope/blob/2_0_X/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java#L133>
github.com
syncope - Mirror of Apache Syncope



[3] https://paste.apache.org/iodX

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/
Tirasa - Open Source Excellence<http://www.tirasa.net/>
www.tirasa.net
University of Porto opts for Tirasa and Apache Syncope. Benchmark institution for Higher Education
and Scientific Research in Portugal goes for Open Source Identity ...




Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Francesco Chicchiriccò / The Apache Software Foundation<http://home.apache.org/~ilgrosso/>
home.apache.org
About me. My name is Francesco Chicchiriccò, and my surname has been a tricky challenge since
I was born in 1977, every time I had to get in touch with any public ...





Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message