Menu
▾
▴
Re: [Unity-idm-discuss] Unable to use new password type credential on admin/home UI
|
From: Piotr P. <pio...@gm...> - 2018-03-27 13:00:47
|
wt., 27.03.2018, 14:39 użytkownik Shiraz Memon <a....@fz...>
napisał:
> Dear Piotr,
>
> On Tue, Mar 27, 2018 at 2:20 PM, Piotr Piernik <pio...@gm...>
> wrote:
>
>>
>>
>> wt., 27.03.2018, 13:52 użytkownik Shiraz Memon <a....@fz...>
>> napisał:
>>
>>> Hi Krzysztof, Piotr, All,
>>>
>>> I am using v2.4.2 and have added a new password credential (under schema
>>> management tab) as I do not want to use sys:password after using the
>>> default admin user credentials. Then, I have configured new initial
>>> username (say admin2) and password credentials, subsequently changed all
>>> the authenticators which were relying on sys:password and restarted the
>>> server.
>>>
>> Dear Shiraz
>> I am not sure if I understand it well but if you set new initial user and
>> password by config file you add new admin with default sys:password
>> credential. If you first add new admin 'admin3' by ui and set him new
>> 'customPassword' credential and then set him new initial password by config
>> file nothing will be changed. You can not update 'customPassword'
>> credential by setting initialPassword in config file.
>>
>>
> Here are the steps I have followed:
> i) Added a new credential definition called "PasswordCredential" on the
> Web admin UI, while signed in as the default "admin" user
> ii) Stopped the server, configured initial admin credentials inside
> unityServer.config - so not adding the credentials on the admin UI assuming
> they are created automatically upon next restart
>
By setting new admin in config you added new 'admin' with 'sys:password'
credential. No 'PasswordCredential'.
iii) Reconfigured all the authenticators, basically replacing sys:password
> with PasswordCredential
>
Then you cannot using sys:password to login
iv) Restart the server and tried to authenticate with new the admin
> credentials, also found an important info (see below :))
>
> 2018-03-27T14:08:06,945 [main] WARN
> unity.server.config.UnityServerConfiguration: IMPORTANT:
> Database was initialized with a default admin user and password. Log in
> and change the admin's password immediatelly! U: admin2 P: the!unity
> The credential used for this user is named: 'sys:password' make sure that
> this credential is enabled for the admin UI endpoint. If not add an
> authentic
> ator using this credential to the admin endpoint.
>
> I wonder why the admin UI endpoint is enabled for sys:password when the
> authenticator configuration is:
>
You can sign in to unity admin UI using sys:password credential? I think
you can only login using 'PasswordCredential'.
> unityServer.core.authenticators.pwdWeb.authenticatorName=pwdWeb
> unityServer.core.authenticators.pwdWeb.authenticatorType=password with
> web-password
> #unityServer.core.authenticators.pwdWeb.localCredential=sys:password
> unityServer.core.authenticators.pwdWeb.localCredential=PasswordCredential
>
> unityServer.core.authenticators.pwdWeb.retrievalConfigurationFile=${CONF}/authenticators/passwordRetrieval.json
>
> and the endpoint config is:
>
> unityServer.core.endpoints.adminUI.endpointType=WebAdminUI
> unityServer.core.endpoints.adminUI.endpointConfigurationFile=${CONF}/modules/core/webadmin.properties
>
> unityServer.core.endpoints.adminUI.contextPath=/admin
> unityServer.core.endpoints.adminUI.endpointRealm=adminRealm
> unityServer.core.endpoints.adminUI.endpointName=UNITY administration
> interface
>
> unityServer.core.endpoints.adminUI.endpointAuthenticators=pwdWeb;certWeb;oauthWeb;samlWeb
>
>
>
>> After making several failed attempts, Unity is not signing me in with the
>>> newly defined admin credentials on admin UI. Do you know what could be the
>>> issue? and I wonder why I cannot change the sys:password credential
>>> properties on admin UI, are they intentionally immutable?
>>>
>>
>> Yes. sys:password is the system credential and can not be changed
>>
>
> Ok.
>
> Cheers,
> Shiraz
>
>
>>
>>
>>> Cheers,
>>> Shiraz
>>> --
>>> Shiraz Memon
>>> Federated Systems and Data
>>> Jülich Supercomputing Centre (JSC)
>>>
>>> Phone: +49 2461 61 6899 <02461%20616899>
>>> Fax: +49 2461 61 6656 <02461%20616656>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------------------------
>>>
>>> ------------------------------------------------------------------------------------------------
>>> Forschungszentrum Juelich GmbH
>>> 52425 Juelich
>>> Sitz der Gesellschaft: Juelich
>>> Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
>>> Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
>>> Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
>>> Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
>>> Prof. Dr. Sebastian M. Schmidt
>>>
>>> ------------------------------------------------------------------------------------------------
>>>
>>> ------------------------------------------------------------------------------------------------
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> Unity-idm-discuss mailing list
>>> Uni...@li...
>>> https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss
>>>
>>
>
>
> --
> Shiraz Memon
> Federated Systems and Data
> Jülich Supercomputing Centre (JSC)
>
> Phone: +49 2461 61 6899
> Fax: +49 2461 61 6656
>
|
