Syncope Password History Question

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Syncope Password History Question

Colm O hEigeartaigh
Hi all,

I have a question on how we store Syncope Password Histories. I created a
new user called "alice" in a realm with a password policy that stores a
history of size "4".

select * from SyncopeUser_passwordHistory;
+--------------------------------------+------------------------------------------+
| user_id                              |
passwordHistoryValue                     |
+--------------------------------------+------------------------------------------+
| 5aac820c-3742-4f0a-ac82-0c37426f0ac2 |
8961300B9C3B182CA3FF533652966ADF92E5233E |
+--------------------------------------+------------------------------------------+

So "1" entry stored in this table as expected. However, when I change the
password I see a duplicate entry in the table (of the original password):

mysql> select * from SyncopeUser_passwordHistory;
+--------------------------------------+------------------------------------------+
| user_id                              |
passwordHistoryValue                     |
+--------------------------------------+------------------------------------------+
| 5aac820c-3742-4f0a-ac82-0c37426f0ac2 |
8961300B9C3B182CA3FF533652966ADF92E5233E |
| 5aac820c-3742-4f0a-ac82-0c37426f0ac2 |
8961300B9C3B182CA3FF533652966ADF92E5233E |
| 5aac820c-3742-4f0a-ac82-0c37426f0ac2 |
2AA60A8FF7FCD473D321E0146AFD9E26DF395147 |
+--------------------------------------+------------------------------------------+

Wondering why this is? This is with Syncope 2.0.0-SNAPSHOT.

Colm.

--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: Syncope Password History Question

Colm O hEigeartaigh
I can reproduce the same behaviour with Syncope 1.2.8. It's slightly
different in that 2 passwords are always stored, even when you create the
user. I should clarify that users are being created in the admin UI, if it
makes any difference.

So I created a password policy with length 8. You can change the password
back to the first password on the 6th go, as the table stores passwords (2,
3, 4, 5) x 2:

select * from SyncopeUser_passwordHistory;
+----------------+------------------------------------------+
| SYNCOPEUSER_ID | element                                  |
+----------------+------------------------------------------+
|            100 | 2AA60A8FF7FCD473D321E0146AFD9E26DF395147 |
|            100 | 2AA60A8FF7FCD473D321E0146AFD9E26DF395147 |
|            100 | 1119CFD37EE247357E034A08D844EEA25F6FD20F |
|            100 | 1119CFD37EE247357E034A08D844EEA25F6FD20F |
|            100 | A1D7584DAACA4738D499AD7082886B01117275D8 |
|            100 | A1D7584DAACA4738D499AD7082886B01117275D8 |
|            100 | EDBA955D0EA15FDEF4F61726EF97E5AF507430C0 |
|            100 | EDBA955D0EA15FDEF4F61726EF97E5AF507430C0 |
+----------------+------------------------------------------+

Colm.

On Thu, Sep 1, 2016 at 11:48 AM, Colm O hEigeartaigh <[hidden email]>
wrote:

> Hi all,
>
> I have a question on how we store Syncope Password Histories. I created a
> new user called "alice" in a realm with a password policy that stores a
> history of size "4".
>
> select * from SyncopeUser_passwordHistory;
> +--------------------------------------+--------------------
> ----------------------+
> | user_id                              | passwordHistoryValue
> |
> +--------------------------------------+--------------------
> ----------------------+
> | 5aac820c-3742-4f0a-ac82-0c37426f0ac2 | 8961300B9C3B182CA3FF533652966ADF92E5233E
> |
> +--------------------------------------+--------------------
> ----------------------+
>
> So "1" entry stored in this table as expected. However, when I change the
> password I see a duplicate entry in the table (of the original password):
>
> mysql> select * from SyncopeUser_passwordHistory;
> +--------------------------------------+--------------------
> ----------------------+
> | user_id                              | passwordHistoryValue
> |
> +--------------------------------------+--------------------
> ----------------------+
> | 5aac820c-3742-4f0a-ac82-0c37426f0ac2 | 8961300B9C3B182CA3FF533652966ADF92E5233E
> |
> | 5aac820c-3742-4f0a-ac82-0c37426f0ac2 | 8961300B9C3B182CA3FF533652966ADF92E5233E
> |
> | 5aac820c-3742-4f0a-ac82-0c37426f0ac2 | 2AA60A8FF7FCD473D321E0146AFD9E26DF395147
> |
> +--------------------------------------+--------------------
> ----------------------+
>
> Wondering why this is? This is with Syncope 2.0.0-SNAPSHOT.
>
> Colm.
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: Syncope Password History Question

Fabio Martelli
Hi Colm, please can you open a dedicated issue.
Thanks in advance.
Best regards,
F.

Il 01/09/2016 14:00, Colm O hEigeartaigh ha scritto:

> I can reproduce the same behaviour with Syncope 1.2.8. It's slightly
> different in that 2 passwords are always stored, even when you create the
> user. I should clarify that users are being created in the admin UI, if it
> makes any difference.
>
> So I created a password policy with length 8. You can change the password
> back to the first password on the 6th go, as the table stores passwords (2,
> 3, 4, 5) x 2:
>
> select * from SyncopeUser_passwordHistory;
> +----------------+------------------------------------------+
> | SYNCOPEUSER_ID | element                                  |
> +----------------+------------------------------------------+
> |            100 | 2AA60A8FF7FCD473D321E0146AFD9E26DF395147 |
> |            100 | 2AA60A8FF7FCD473D321E0146AFD9E26DF395147 |
> |            100 | 1119CFD37EE247357E034A08D844EEA25F6FD20F |
> |            100 | 1119CFD37EE247357E034A08D844EEA25F6FD20F |
> |            100 | A1D7584DAACA4738D499AD7082886B01117275D8 |
> |            100 | A1D7584DAACA4738D499AD7082886B01117275D8 |
> |            100 | EDBA955D0EA15FDEF4F61726EF97E5AF507430C0 |
> |            100 | EDBA955D0EA15FDEF4F61726EF97E5AF507430C0 |
> +----------------+------------------------------------------+
>
> Colm.
>
> On Thu, Sep 1, 2016 at 11:48 AM, Colm O hEigeartaigh <[hidden email]>
> wrote:
>
>> Hi all,
>>
>> I have a question on how we store Syncope Password Histories. I created a
>> new user called "alice" in a realm with a password policy that stores a
>> history of size "4".
>>
>> select * from SyncopeUser_passwordHistory;
>> +--------------------------------------+--------------------
>> ----------------------+
>> | user_id                              | passwordHistoryValue
>> |
>> +--------------------------------------+--------------------
>> ----------------------+
>> | 5aac820c-3742-4f0a-ac82-0c37426f0ac2 | 8961300B9C3B182CA3FF533652966ADF92E5233E
>> |
>> +--------------------------------------+--------------------
>> ----------------------+
>>
>> So "1" entry stored in this table as expected. However, when I change the
>> password I see a duplicate entry in the table (of the original password):
>>
>> mysql> select * from SyncopeUser_passwordHistory;
>> +--------------------------------------+--------------------
>> ----------------------+
>> | user_id                              | passwordHistoryValue
>> |
>> +--------------------------------------+--------------------
>> ----------------------+
>> | 5aac820c-3742-4f0a-ac82-0c37426f0ac2 | 8961300B9C3B182CA3FF533652966ADF92E5233E
>> |
>> | 5aac820c-3742-4f0a-ac82-0c37426f0ac2 | 8961300B9C3B182CA3FF533652966ADF92E5233E
>> |
>> | 5aac820c-3742-4f0a-ac82-0c37426f0ac2 | 2AA60A8FF7FCD473D321E0146AFD9E26DF395147
>> |
>> +--------------------------------------+--------------------
>> ----------------------+
>>
>> Wondering why this is? This is with Syncope 2.0.0-SNAPSHOT.
>>
>> Colm.
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>


--
Fabio Martelli
https://it.linkedin.com/pub/fabio-martelli/1/974/a44
http://blog.tirasa.net/author/fabio/index.html

Tirasa - Open Source Excellence
http://www.tirasa.net/

Apache Syncope PMC
http://people.apache.org/~fmartelli/