String to ProtectedString Connector Configuration

Last modified 14 Jan 2025 21:59 +01:00

Some connectors have string values for configuration items that should be protected, e.g. passwords. While this is clear problem of the connector there is a way how to work around that in midPoint. The basic idea is to manually change the type of the configuration item in the connector schema.

Find the Connector

In Configuration > Repository objects find the appropriate connector object. It contains a <xsd:schema> section. Find the problematic configuration item definition in the schema:

<xsd:element name="DirectoryAdminPassword" type="xsd:string">
    <xsd:annotation>
        <xsd:appinfo>
            <a:displayName>Directory Administrator's Password</a:displayName>
            <a:help>Directory Administrator's Password</a:help>
        </xsd:appinfo>
    </xsd:annotation>
</xsd:element>

Note the type definition: type="xsd:string".

Correct the type

Edit the schema by replacing the string type with ProtectedStringType:

<xsd:element name="DirectoryAdminPassword" type="c:ProtectedStringType">
    <xsd:annotation>
        <xsd:appinfo>
            <a:displayName>Directory Administrator's Password</a:displayName>
            <a:help>Directory Administrator's Password</a:help>
        </xsd:appinfo>
    </xsd:annotation>
</xsd:element>

Make sure that the appropriate namespace prefix is defined (the c prefix in this case):

<connector xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="8154bc3d-2eaa-4725-8b04-581c8ba1aa01" version="3">
    <name>ICF Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector @ICF Connector server on medusa:8759</name>
    <framework>http://midpoint.evolveum.com/xml/ns/public/connector/icf-1</framework>
    <connectorType>Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector</connectorType>
    <connectorVersion>1.0.0.5570</connectorVersion>
    <connectorBundle>ActiveDirectory.Connector</connectorBundle>
    <namespace>http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/ActiveDirectory.Connector/Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector</namespace>
    <connectorHostRef oid="91919191-76e0-59e2-86d6-44cc44cc44cc" type="ConnectorHostType"/>
    <schema>
    <definition>
        <xsd:schema xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3">
            ...
            <!-- The following line has been added -->
            <xsd:import namespace="http://midpoint.evolveum.com/xml/ns/public/common/common-3"/>
            ...
        </xsd:schema>
    </definition>
    </schema>
</connector>

Fix resource definitions

Instead of using string in the resource definition use protected strings as usual:

<resource>
    ...
    <configuration>
        <icfc:configurationProperties>
            ...
            <icfi:DirectoryAdminPassword>
                <clearValue>sup3rS3cr3t</clearValue>
            </icfi:DirectoryAdminPassword>
            ...
        </icfc:configurationProperties>
        ...
    </configuration>
    ...
</resource>

The value will be encrypted as usual when such resource definition in imported.

Was this page helpful?

YES NO

Thanks for your feedback