Page tree
Skip to end of metadata
Go to start of metadata

Some connectors have string values for configuration items that should be protected, e.g. passwords. While this is clear problem of the connector there is a way how to work around that in midPoint. The basic idea is to manually change the type of the configuration item in the connector schema.

Find the Connector

In Configuration > Repository objects find the appropriate connector object. It contains a <xsd:schema> section. Find the problematic configuration item definition in the schema:

<xsd:element name="DirectoryAdminPassword" type="xsd:string">
  <xsd:annotation>
    <xsd:appinfo>
      <a:displayName>Directory Administrator's Password</a:displayName>
      <a:help>Directory Administrator's Password</a:help>
    </xsd:appinfo>
  </xsd:annotation>
</xsd:element>

Note the type definition: type="xsd:string".

Correct the type

Edit the schema by replacing the string type with ProtectedStringType:

<xsd:element name="DirectoryAdminPassword" type="c:ProtectedStringType">
  <xsd:annotation>
    <xsd:appinfo>
      <a:displayName>Directory Administrator's Password</a:displayName>
      <a:help>Directory Administrator's Password</a:help>
    </xsd:appinfo>
  </xsd:annotation>
</xsd:element>

Make sure that the appropariate namespace prefix is defined (the c prefix in this case):

<connector xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-2a" oid="8154bc3d-2eaa-4725-8b04-581c8ba1aa01" version="3">
  <name>ICF Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector @ICF Connector server on medusa:8759</name>
  <framework>http://midpoint.evolveum.com/xml/ns/public/connector/icf-1</framework>
  <connectorType>Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector</connectorType>
  <connectorVersion>1.0.0.5570</connectorVersion>
  <connectorBundle>ActiveDirectory.Connector</connectorBundle>
  <namespace>http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/ActiveDirectory.Connector/Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector</namespace>
  <connectorHostRef xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-2a" oid="91919191-76e0-59e2-86d6-44cc44cc44cc" type="c:ConnectorHostType"/>
  <schema>
    <definition>
		<xsd:schema xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"
					xmlns:c="http://prism.evolveum.com/xml/ns/public/annotation-2"> 
			...
    		<!-- The following line has been added -->
    		<xsd:import namespace="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"/>
    		...
		</xsd:schema>
	 </definition>
  </schema>
</connector>

Fix resource definitions

Instead of using string in the resource definition use protected strings as usual:

<resource>
  ...
  <configuration>
    <icfc:configurationProperties>
      ...
      <icfi:DirectoryAdminPassword>
        <clearValue>sup3rS3cr3t</clearValue>
      </icfi:DirectoryAdminPassword>
      ...
    </icfc:configurationProperties>
    ...
  </configuration>
  ...
</resource>

The value will be encrypted as usual when such resource definition in imported.

  • No labels