Defect #540
closed
Password policy - changing password on RO system
Added by Marcel Poul almost 7 years ago.
Updated almost 7 years ago.
Description
I have a readonly system - HR system and when I change the password for the user, I can select also RO system (it is in fact selected by default). Then I see green info message that the password was changed on both CzechIdM and HR systems, which is not true
- Description updated (diff)
- Status changed from New to In Progress
- Category changed from Password to 20
- Status changed from In Progress to Needs feedback
- Assignee changed from Ondřej Kopr to Marcel Poul
- % Done changed from 0 to 90
I tested this scenario. The password does not change for the readOnly system. On the system you tried, is set mapping only for sync, not for provisioning.
- Status changed from Needs feedback to In Progress
- Assignee changed from Marcel Poul to Ondřej Kopr
- % Done changed from 90 to 0
After consultation will be removed readOnly, inactive and sytem without mapping for provisioning from change password form.
- Category changed from 20 to Password
- Priority changed from Normal to Urgent
- Target version set to Citrine (7.3.0)
- Assignee changed from Ondřej Kopr to Vít Švanda
Conclusion:
- For reset will be acquired only Systems with provisioning mapping and password attribute (PASSWORD) and user have accounts for this systems.
- Inactive and disabled system will be acquired.
- Status changed from In Progress to Resolved
- % Done changed from 0 to 90
- Now is offered user's accounts with Provisioning mapping and with attribute mapped on Schema attribute with name "__PASSWORD__".
- Teoritically can be passoword mapped attribute overloaded in some role and can be here Enabled/disabled. For this reason I offering account with disabled password mapped attribute.
- Validation message (password attribute missing..) was improved (name of system is now present) and message is now (System [{{system}}] not support change password ... ).
- Problem with unsufficient right on search account was fixed (autocomplete is now used).
- Problem with send all accounts IDs vs set property isAll fixed (different behavior on user profil detail and public password change).
- Success message showing after success password change now show realy changed accounts (now is send from backend). This is not implemented on public password change. Works only for success event not for error situations.
- Test for check unsupporeted accounts/systems for change password created.
- Status changed from Resolved to Closed
- % Done changed from 90 to 100
Tested by Radek. All is in develop.
Also available in: Atom
PDF