Defect #2210
closed
Provisioning brake removes connector server key when it starts braking
Added by Alena Peterová about 4 years ago.
Updated almost 4 years ago.
Description
Version 9.7.2
- The system uses the remote connector server and has the provisioning brake for Delete operation, which is just before braking (1 already processed operation, 1 is the max limit)
- Try to delete an account so the provisionig operation is blocked by the brake
- The remote connector key of the system is changed, the system is no longer available - Bad password for remote connector server [localhost:8759]
Audit of all that happened in the same transaction:
Detail of the change in the SysSystem - delete operation is blocked (I don't know why it isn't highlighted):
Detail of the change of IdmConfidentialStorageValue - remoteServerPassword:
Files
- Related to Defect #1729: After using Virtual system connector, you can't switch to remote connector server connectors added
- Assignee changed from Vít Švanda to Ondrej Husník
- Target version set to 10.3.0
- Status changed from New to In Progress
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondrej Husník to Vít Švanda
- % Done changed from 0 to 90
- Status changed from Needs feedback to In Progress
- Assignee changed from Vít Švanda to Ondrej Husník
- % Done changed from 90 to 60
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondrej Husník to Vít Švanda
- % Done changed from 60 to 90
- Status changed from Needs feedback to In Progress
- Assignee changed from Vít Švanda to Ondrej Husník
I did review. I think, it works correctly now, but I found this issues:
- I don't aggre with name of your new filter parameter "filterSetOutsideBE". From this I don't know what exactlly this parameter do. I suggest rename it on "includeRemoteServerPassword" with comment "// Ensures check if remote server password exists. Only asterisk will be returned!".
- You loading a password from confidential storage for every get now. This is expensive operation and you can use your new filter parametr. It means, you can load password only if "isFilterSetOutsideBE" == true.
- In ConnId service, you use variable "char pass[]". This is not correct, because password should be save only in guarded string object (for security reason). I can get you better explenation online.
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondrej Husník to Vít Švanda
- Status changed from Needs feedback to Resolved
- Assignee changed from Vít Švanda to Ondrej Husník
- % Done changed from 90 to 100
I did review and test. It was hard to simulated this scenario, but now it works correctly. Thanks for this.
- Status changed from Resolved to Closed
Also available in: Atom
PDF
