-
Notifications
You must be signed in to change notification settings - Fork 188
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'origin/master'
- Loading branch information
Showing
50 changed files
with
591 additions
and
180 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
119 changes: 119 additions & 0 deletions
119
docs/security/authentication/administrator-initial-password.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,119 @@ | ||
= Administrator Initial Password | ||
:page-since: "4.8.1" | ||
|
||
Since version 4.8.1 MidPoint distribution does not come with default administrator password `5ecr3t`, but rather provides several ways to set initial password or if initial password is not set, password is generated. | ||
|
||
|
||
|
||
|
||
== Using Generated Password | ||
|
||
If clean installation of midPoint is started without any configuration for initial password, during first run of midPoint password will be generated | ||
and printed out in the logs. | ||
|
||
To obtain it, you should start your midPoint instance and search logs for `Administrator initial password`. | ||
The password may contain spaces, so it is enclosed with double qoutes. Do not forget to remove qoutes. | ||
|
||
WARNING: after first login to Administrator account change the password, or disable built-in administrator, because initial password may still be present in logs or environment variables after some time. | ||
|
||
.Obtaining password from logs: | ||
|
||
[source, shell] | ||
---- | ||
$ grep "Administrator initial password" var/log/midpoint.log <1> | ||
2024-01-24 11:21:35,392 [] [main] WARN (com.evolveum.midpoint.init.DataImport): Administrator initial password (except double quotes): "Ec5s !f7a" <2> | ||
---- | ||
<1> Searching logs using `grep` for initial password | ||
<2> The initial password is `Ec5s !f7a` (you should copy it without leading and trailing qoutes) | ||
|
||
|
||
|
||
== Setup of initial password | ||
|
||
Initial password must conform to <<default-password-policy,default password policy>>, otherwise administrator user will not be created. | ||
|
||
You can configure initial password: | ||
|
||
* <<environment-variable>> (recommended way) | ||
* <<java-property>> | ||
* <<config-xml>> | ||
|
||
|
||
[[default-password-policy]] | ||
=== Default Password Policy | ||
|
||
Default password policy is stricter since midPoint 4.8.1 and following are the requirements for password: | ||
|
||
* length: 8 - 14 characters | ||
* at least one uppercase letter | ||
* at least one lowercase letter | ||
* at least one number | ||
* you can use also special characters | ||
|
||
|
||
[[environment-variable]] | ||
=== Using environment variable | ||
|
||
Setting initial password using environment variable provides most possibilites and it is also compatible also with Docker conventions. | ||
|
||
You need to set environment variable `MP_SET_midpoint_administrator_initialPassword` to value of initial password. | ||
|
||
NOTE: This is useful for developers also, they can configure their environment variables to store default midPoint password so it will not change with any new run. | ||
|
||
.Shell | ||
[source, shell] | ||
---- | ||
export MP_SET_midpoint_administrator_initialPassword=Test5ecr3t | ||
bin/midpoint.sh start | ||
---- | ||
|
||
=== Docker Examples | ||
|
||
.Docker | ||
[source, bash] | ||
----- | ||
docker run evolveum/midpoint ... -E MP_SET_midpoint_administrator_initialPassword=Test5ecr3t ... | ||
----- | ||
|
||
|
||
.Docker Compose | ||
[source, yaml] | ||
---- | ||
version: "3.3" | ||
services: | ||
midpoint: | ||
image: evolveum/midpoint | ||
environment: | ||
MP_SET_midpoint_administrator_initialPassword: Test5ecr3t | ||
... | ||
---- | ||
|
||
|
||
[[java-property]] | ||
=== Using java property | ||
|
||
It is possible to also set default initial password using java property `midpoint.administrator.initialPassword`. | ||
|
||
[source, shell] | ||
---- | ||
bin/midpoint.sh start -Dmidpoint.administrator.initialPassword=Test5ecr3t | ||
---- | ||
|
||
[[config-xml]] | ||
=== Using config.xml | ||
|
||
If any of previous methods does not work for you, it is possible to setup initial password using `config.xml`, which contains also other infrastructure passwords. | ||
|
||
|
||
. config.xml | ||
[source, xml] | ||
---- | ||
<configuration> | ||
<midpoint> | ||
.... | ||
<administrator> | ||
<initialPassword>xml5ecr3t</initialPassword> | ||
</administrator> | ||
</midpoint> | ||
</configuration> | ||
---- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
41 changes: 41 additions & 0 deletions
41
...va/com/evolveum/midpoint/gui/impl/factory/wrapper/AssignmentHolderWrapperFactoryImpl.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
/* | ||
* Copyright (c) 2010-2023 Evolveum and contributors | ||
* | ||
* This work is dual-licensed under the Apache License 2.0 | ||
* and European Union Public License. See LICENSE file for details. | ||
*/ | ||
package com.evolveum.midpoint.gui.impl.factory.wrapper; | ||
|
||
import com.evolveum.midpoint.gui.api.prism.ItemStatus; | ||
import com.evolveum.midpoint.gui.api.prism.wrapper.PrismObjectWrapper; | ||
import com.evolveum.midpoint.gui.impl.prism.wrapper.AssignmentHolderWrapper; | ||
import com.evolveum.midpoint.prism.*; | ||
import com.evolveum.midpoint.util.QNameUtil; | ||
import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentHolderType; | ||
|
||
import jakarta.annotation.PostConstruct; | ||
import org.springframework.stereotype.Component; | ||
|
||
/** | ||
* @author skublik | ||
* | ||
* Wrapper factory for AssignmentHolderType. | ||
*/ | ||
@Component | ||
public class AssignmentHolderWrapperFactoryImpl extends PrismObjectWrapperFactoryImpl<AssignmentHolderType> { | ||
|
||
@Override | ||
public PrismObjectWrapper<AssignmentHolderType> createObjectWrapper(PrismObject<AssignmentHolderType> object, ItemStatus status) { | ||
return new AssignmentHolderWrapper(object, status); | ||
} | ||
|
||
@Override | ||
public boolean match(ItemDefinition<?> def) { | ||
return def instanceof PrismObjectDefinition && AssignmentHolderType.class.isAssignableFrom(def.getTypeClass()); | ||
} | ||
|
||
@Override | ||
public int getOrder() { | ||
return 98; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -45,7 +45,7 @@ public void register() { | |
|
||
@Override | ||
public int getOrder() { | ||
return 99; | ||
return 97; | ||
} | ||
|
||
@Override | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.