Menu
▾
▴
Re: [Unity-idm-discuss] Unable to use new password type credential on admin/home UI
|
From: Shiraz M. <a....@fz...> - 2018-03-27 12:39:17
|
Dear Piotr,
On Tue, Mar 27, 2018 at 2:20 PM, Piotr Piernik <pio...@gm...>
wrote:
>
>
> wt., 27.03.2018, 13:52 użytkownik Shiraz Memon <a....@fz...>
> napisał:
>
>> Hi Krzysztof, Piotr, All,
>>
>> I am using v2.4.2 and have added a new password credential (under schema
>> management tab) as I do not want to use sys:password after using the
>> default admin user credentials. Then, I have configured new initial
>> username (say admin2) and password credentials, subsequently changed all
>> the authenticators which were relying on sys:password and restarted the
>> server.
>>
> Dear Shiraz
> I am not sure if I understand it well but if you set new initial user and
> password by config file you add new admin with default sys:password
> credential. If you first add new admin 'admin3' by ui and set him new
> 'customPassword' credential and then set him new initial password by config
> file nothing will be changed. You can not update 'customPassword'
> credential by setting initialPassword in config file.
>
>
Here are the steps I have followed:
i) Added a new credential definition called "PasswordCredential" on the Web
admin UI, while signed in as the default "admin" user
ii) Stopped the server, configured initial admin credentials inside
unityServer.config - so not adding the credentials on the admin UI assuming
they are created automatically upon next restart
iii) Reconfigured all the authenticators, basically replacing sys:password
with PasswordCredential
iv) Restart the server and tried to authenticate with new the admin
credentials, also found an important info (see below :))
2018-03-27T14:08:06,945 [main] WARN
unity.server.config.UnityServerConfiguration: IMPORTANT:
Database was initialized with a default admin user and password. Log in and
change the admin's password immediatelly! U: admin2 P: the!unity
The credential used for this user is named: 'sys:password' make sure that
this credential is enabled for the admin UI endpoint. If not add an
authentic
ator using this credential to the admin endpoint.
I wonder why the admin UI endpoint is enabled for sys:password when the
authenticator configuration is:
unityServer.core.authenticators.pwdWeb.authenticatorName=pwdWeb
unityServer.core.authenticators.pwdWeb.authenticatorType=password with
web-password
#unityServer.core.authenticators.pwdWeb.localCredential=sys:password
unityServer.core.authenticators.pwdWeb.localCredential=PasswordCredential
unityServer.core.authenticators.pwdWeb.retrievalConfigurationFile=${CONF}/authenticators/passwordRetrieval.json
and the endpoint config is:
unityServer.core.endpoints.adminUI.endpointType=WebAdminUI
unityServer.core.endpoints.adminUI.endpointConfigurationFile=${CONF}/modules/core/webadmin.properties
unityServer.core.endpoints.adminUI.contextPath=/admin
unityServer.core.endpoints.adminUI.endpointRealm=adminRealm
unityServer.core.endpoints.adminUI.endpointName=UNITY administration
interface
unityServer.core.endpoints.adminUI.endpointAuthenticators=pwdWeb;certWeb;oauthWeb;samlWeb
> After making several failed attempts, Unity is not signing me in with the
>> newly defined admin credentials on admin UI. Do you know what could be the
>> issue? and I wonder why I cannot change the sys:password credential
>> properties on admin UI, are they intentionally immutable?
>>
>
> Yes. sys:password is the system credential and can not be changed
>
Ok.
Cheers,
Shiraz
>
>
>> Cheers,
>> Shiraz
>> --
>> Shiraz Memon
>> Federated Systems and Data
>> Jülich Supercomputing Centre (JSC)
>>
>> Phone: +49 2461 61 6899 <02461%20616899>
>> Fax: +49 2461 61 6656 <02461%20616656>
>>
>>
>> ------------------------------------------------------------
>> ------------------------------------
>> ------------------------------------------------------------
>> ------------------------------------
>> Forschungszentrum Juelich GmbH
>> 52425 Juelich
>> Sitz der Gesellschaft: Juelich
>> Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
>> Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
>> Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
>> Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
>> Prof. Dr. Sebastian M. Schmidt
>> ------------------------------------------------------------
>> ------------------------------------
>> ------------------------------------------------------------
>> ------------------------------------
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot______
>> _________________________________________
>> Unity-idm-discuss mailing list
>> Uni...@li...
>> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss
>>
>
--
Shiraz Memon
Federated Systems and Data
Jülich Supercomputing Centre (JSC)
Phone: +49 2461 61 6899
Fax: +49 2461 61 6656
|
