Details
Minor Description
1. (maybe the history is not important) have imported a security policy with password policy and password history is set to 2
2. this policy is default in system configuration
3. I change password for existing user multiple times to have entry in history
<familyName>Kirk</familyName>
<credentials>
<password>
<lastSuccessfulLogin>
<timestamp>2019-04-03T14:30:11.123+02:00</timestamp>
<from>127.0.0.1</from>
</lastSuccessfulLogin>
<metadata>
<createTimestamp>2019-04-02T15:15:33.336+02:00</createTimestamp>
<creatorRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
<!-- administrator -->
</creatorRef>
<createChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</createChannel>
<modifyTimestamp>2019-04-12T22:41:04.480+02:00</modifyTimestamp>
<modifierRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
<!-- administrator -->
</modifierRef>
<modifyChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</modifyChannel>
</metadata>
<value>
<t:encryptedData>
<t:encryptionMethod>
<t:algorithm>http://www.w3.org/2001/04/xmlenc#aes128-cbc</t:algorithm>
</t:encryptionMethod>
<t:keyInfo>
<t:keyName>LS/mylzgzfoZw+Ijk3TMFy4qQsM=</t:keyName>
</t:keyInfo>
<t:cipherData>
<t:cipherValue>qj04EEjRV6zSSR8cE2bNh60KJQbFx2WfiUBS44REmno=</t:cipherValue>
</t:cipherData>
</t:encryptedData>
</value>
<historyEntry id="67">
<metadata>
<createTimestamp>2019-04-02T15:15:33.336+02:00</createTimestamp>
<creatorRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
<!-- administrator -->
</creatorRef>
<createChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</createChannel>
<modifyTimestamp>2019-04-12T22:39:55.942+02:00</modifyTimestamp>
<modifierRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
<!-- administrator -->
</modifierRef>
<modifyChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</modifyChannel>
</metadata>
<value>
<t:hashedData>
<t:digestMethod>
<t:algorithm>http://prism.evolveum.com/xml/ns/public/crypto/algorithm/pbkd-3#PBKDF2WithHmacSHA512</t:algorithm>
<t:salt>uXUbdA==</t:salt>
<t:workFactor>10000</t:workFactor>
</t:digestMethod>
<t:digestValue>Ai6LnaUj7HaVCA5E8liZrNN1BcaeEuBxhjN/saNg3mI=</t:digestValue>
</t:hashedData>
</value>
<changeTimestamp>2019-04-12T22:41:04.480+02:00</changeTimestamp>
</historyEntry>
</password>
</credentials>
4. now I edit user and in Password I click "Remove" button
5. GUI complains with:
java.lang.IllegalArgumentException: Password attribute must be single-value.
at org.identityconnectors.framework.common.objects.Attribute.<init>(Attribute.java:135)
at org.identityconnectors.framework.common.objects.AttributeBuilder.build(AttributeBuilder.java:191)
at org.identityconnectors.framework.common.objects.AttributeBuilder.build(AttributeBuilder.java:72)
at com.evolveum.midpoint.provisioning.ucf.impl.connid.UpdateModificationConverter.collectReplace(UpdateModificationConverter.java:93)
at com.evolveum.midpoint.provisioning.ucf.impl.connid.AbstractModificationConverter.collectPassword(AbstractModificationConverter.java:324)
at com.evolveum.midpoint.provisioning.ucf.impl.connid.AbstractModificationConverter.convertFromPassword(AbstractModificationConverter.java:316)
at com.evolveum.midpoint.provisioning.ucf.impl.connid.AbstractModificationConverter.convert(AbstractModificationConverter.java:256)
at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.modifyObjectUpdate(ConnectorInstanceConnIdImpl.java:1239)
at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.modifyObject(ConnectorInstanceConnIdImpl.java:1041)
at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:810)
at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:600)
at com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadowAttempt(ShadowCache.java:981)
at com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:936)
at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:693)
at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1590)
at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1463)
at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:947)
at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:328)
at com.evolveum.midpoint.model.impl.lens.Clockwork.lambda$processSecondary$0(Clockwork.java:696)
at com.evolveum.midpoint.model.impl.lens.ClockworkMedic.partialExecute(ClockworkMedic.java:174)
at com.evolveum.midpoint.model.impl.lens.ClockworkMedic.partialExecute(ClockworkMedic.java:154)
at com.evolveum.midpoint.model.impl.lens.Clockwork.processSecondary(Clockwork.java:694)
at com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:525)
at com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:202)
at com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:557)
at com.evolveum.midpoint.web.component.progress.ProgressPanel$14.callWithContextPrepared(ProgressPanel.java:601)
at com.evolveum.midpoint.web.component.progress.ProgressPanel$14.callWithContextPrepared(ProgressPanel.java:587)
at com.evolveum.midpoint.web.component.SecurityContextAwareCallable.call(SecurityContextAwareCallable.java:59)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
...
2019-04-12 22:41:43,375 [] [pool-3-thread-2] ERROR (com.evolveum.midpoint.repo.common.util.RepoCommonUtils): Fatal error while processing projection on resource:10000000-9999-9999-0000-a000ff000004(CSV-3 (LDAP)): Password attribute must be single-value.
java.lang.IllegalArgumentException: Password attribute must be single-value.
at org.identityconnectors.framework.common.objects.Attribute.<init>(Attribute.java:135)
at org.identityconnectors.framework.common.objects.AttributeBuilder.build(AttributeBuilder.java:191)
at org.identityconnectors.framework.common.objects.AttributeBuilder.build(AttributeBuilder.java:72)
at com.evolveum.midpoint.provisioning.ucf.impl.connid.UpdateModificationConverter.collectReplace(UpdateModificationConverter.java:93)
at com.evolveum.midpoint.provisioning.ucf.impl.connid.AbstractModificationConverter.collectPassword(AbstractModificationConverter.java:324)
at com.evolveum.midpoint.provisioning.ucf.impl.connid.AbstractModificationConverter.convertFromPassword(AbstractModificationConverter.java:316)
at com.evolveum.midpoint.provisioning.ucf.impl.connid.AbstractModificationConverter.convert(AbstractModificationConverter.java:256)
at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.modifyObjectUpdate(ConnectorInstanceConnIdImpl.java:1239)
at com.evolveum.midpoint.provisioning.ucf.impl.connid.ConnectorInstanceConnIdImpl.modifyObject(ConnectorInstanceConnIdImpl.java:1041)
at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:810)
at com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:600)
at com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadowAttempt(ShadowCache.java:981)
at com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:936)
at com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:693)
at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1590)
at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1463)
at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:947)
at com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:328)
at com.evolveum.midpoint.model.impl.lens.Clockwork.lambda$processSecondary$0(Clockwork.java:696)
at com.evolveum.midpoint.model.impl.lens.ClockworkMedic.partialExecute(ClockworkMedic.java:174)
at com.evolveum.midpoint.model.impl.lens.ClockworkMedic.partialExecute(ClockworkMedic.java:154)
at com.evolveum.midpoint.model.impl.lens.Clockwork.processSecondary(Clockwork.java:694)
at com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:525)
at com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:202)
at com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:557)
at com.evolveum.midpoint.web.component.progress.ProgressPanel$14.callWithContextPrepared(ProgressPanel.java:601)
at com.evolveum.midpoint.web.component.progress.ProgressPanel$14.callWithContextPrepared(ProgressPanel.java:587)
at com.evolveum.midpoint.web.component.SecurityContextAwareCallable.call(SecurityContextAwareCallable.java:59)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
It's funny only for one resource it indicates this problem. The other has not been tried at all (would assume the same problem).
The password is removed from midPoint, history remained (OK - this is a problem in 3.9 actually).
But why midpoint tries to remove password from resources? Should it?
What is the use-case for Remove password button at all semancik?
Attachments
Issue Links
- relates to
-
MID-6042 ConnId2 Plan
-
- Open
-