By: Daniel Chase user 12 Apr 2018 at 2:52 p.m. CDT

1 Response

When I retrieve Gluu users via SCIM user endpoint, the 'password' and 'passwordHash' fields come back with the value "Hidden for Privacy Reasons". Is it possible to turn this off and return the actual values?

Ubuntu 16.04

closed

By Jose Gonzalez staff 14 Apr 2018 at 7:31 a.m. CDT

Copy

Hi Daniel, Per spec, the password attribute has returnability of "never". It means that service implementations should not include it in any response even if requested explicitly. About that "hidden" message, it should not be there and we are removing this starting from 3.1.3. So the answer is no, and more generally no SCIM implementation will give the password back to a client. However, this is an attribute that can be changed at any moment (its mutability is "writeOnly"). Kind regards

You need to Login in order to post an answer

How to make 'passwordHash' contents visible on SCIM getUser?

By: Daniel Chase user 12 Apr 2018 at 2:52 p.m. CDT

Answers

By Jose Gonzalez staff 14 Apr 2018 at 7:31 a.m. CDT

Post an answer