String to ProtectedString Connector Configuration

Last modified 27 Oct 2021 14:02 +02:00

Some connectors have string values for configuration items that should be protected, e.g. passwords. While this is clear problem of the connector there is a way how to work around that in midPoint. The basic idea is to manually change the type of the configuration item in the connector schema.

Find the Connector

In Configuration > Repository objects find the appropriate connector object. It contains a <xsd:schema> section. Find the problematic configuration item definition in the schema:

<xsd:element name="DirectoryAdminPassword" type="xsd:string">
  <xsd:annotation>
    <xsd:appinfo>
      <a:displayName>Directory Administrator's Password</a:displayName>
      <a:help>Directory Administrator's Password</a:help>
    </xsd:appinfo>
  </xsd:annotation>
</xsd:element>

Note the type definition: type="xsd:string".

Correct the type

Edit the schema by replacing the string type with ProtectedStringType:

<xsd:element name="DirectoryAdminPassword" type="c:ProtectedStringType">
  <xsd:annotation>
    <xsd:appinfo>
      <a:displayName>Directory Administrator's Password</a:displayName>
      <a:help>Directory Administrator's Password</a:help>
    </xsd:appinfo>
  </xsd:annotation>
</xsd:element>

Make sure that the appropariate namespace prefix is defined (the c prefix in this case):

<connector xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-2a" oid="8154bc3d-2eaa-4725-8b04-581c8ba1aa01" version="3">
  <name>ICF Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector @ICF Connector server on medusa:8759</name>
  <framework>http://midpoint.evolveum.com/xml/ns/public/connector/icf-1</framework>
  <connectorType>Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector</connectorType>
  <connectorVersion>1.0.0.5570</connectorVersion>
  <connectorBundle>ActiveDirectory.Connector</connectorBundle>
  <namespace>http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/ActiveDirectory.Connector/Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector</namespace>
  <connectorHostRef xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-2a" oid="91919191-76e0-59e2-86d6-44cc44cc44cc" type="c:ConnectorHostType"/>
  <schema>
    <definition>
        <xsd:schema xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"
                    xmlns:c="http://prism.evolveum.com/xml/ns/public/annotation-2">
            ...
            <!-- The following line has been added -->
            <xsd:import namespace="http://midpoint.evolveum.com/xml/ns/public/common/common-2a"/>
            ...
        </xsd:schema>
     </definition>
  </schema>
</connector>

Fix resource definitions

Instead of using string in the resource definition use protected strings as usual:

<resource>
  ...
  <configuration>
    <icfc:configurationProperties>
      ...
      <icfi:DirectoryAdminPassword>
        <clearValue>sup3rS3cr3t</clearValue>
      </icfi:DirectoryAdminPassword>
      ...
    </icfc:configurationProperties>
    ...
  </configuration>
  ...
</resource>

The value will be encrypted as usual when such resource definition in imported.

Was this page helpful?
YES NO
Thanks for your feedback