Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8264

insufficient validator for service property 'iplanet-am-auth-hmac-signing-shared-secret'

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.0.0, 13.5.0, 5.5.1
    • Fix Version/s: 6.0.0, 5.5.2
    • Component/s: CLI, console
    • Labels:
    • Sprint:
      AM Sustaining Sprint 23, AM Sustaining Sprint 33, AM Sustaining Sprint 34, AM Sustaining Sprint 35, AM Sustaining Sprint 36, AM Sustaining Sprint 37, AM Sustaining Sprint 38, AM Sustaining Sprint 39, AM Sustaining Sprint 40, AM Sustaining Sprint 41, AM Sustaining Sprint 42
    • Story Points:
      5
    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      When some string value is entered for realm service property iplanet-am-auth-hmac-signing-shared-secret of service iPlanetAMAuthService in XUI console or via ssoadm which does not meet the criterias (base64 encoded 128bit at minimum) XUI becomes unusable

      steps to fix the broken system:

      Create base64 encoded value (e.g. with base64 utility from opendj)

      base64 encode -d 123456789012
      

      use the encoded value in

      ssoadm set-realm-svc-attrs -u amadmin -f PATH_TO_PWD_FILE -s iPlanetAMAuthService -e / -a iplanet-am-auth-hmac-signing-shared-secret=BASE64_ENCODED_STRING
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                adam.heath Adam Heath
                Reporter:
                bthalmayr Bernhard Thalmayr
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 3h
                  3h
                  Remaining:
                  Remaining Estimate - 3h
                  3h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified