Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-11838

Foreign language passwords don't work if they are hashed in IDM.

    XMLWordPrintable

    Details

    • Target Version/s:
    • Verified Version/s:
    • Story Points:
      3
    • Sprint:
      OpenIDM Sprint 7.0-0
    • Support Ticket IDs:

      Description

      If passwords in IDM are set to hashed, foreign password with special characters don't seem to be pushed to DS, the user is also unable to log into the UI and the below curl can't be executed successfully.

       

      Steps to replicate:

      1 Unzip DS5.5

      2. Unzip IDM5.5

      3. Setup DS for sample/sync-with-ldap-bidirectional

      4. Following the instructions from https://forum.forgerock.com/2017/11/using-idm-ds-synchronise-hashed-passwords/

      4. 1 Execute on DS

      dsconfig -p 4444 -h `hostname` -D "cn=Directory Manager" -w password set-password-policy-prop --policy-name "Default Password Policy" --set allow-pre-encoded-passwords:true -X -n

      4.2 Select hashed for managed/user password property, unselect encrypted (and turn off private if you wish to view it)

      4.3 In mapping from managedUser_ldap change password transform script to

      String strHash; if (source.$crypto.value.algorithm == "SHA-512" ) {   strHash = "{SSHA512}" + source.$crypto.value.data } strHash;

      5. Run reconcile on mappings in both directions

      6. Create a new user: fbear and set the password to Welcome1.

      7. Check password in DS using Apache Directory, log into the User UI in IDM, and finally run the below REST query.

      curl -u "fbear:Welcome1" -X GET "http://openidm.example.com:8080/openidm/managed/user/e36a1349-c181-479f-bbf4-8cc8ad4f0679?_fields=*" | jq .

      8. Change password to Păssw0rd for fbear and repeat steps 7.  It failes in 5.5 and 5.5.1.  In 6.0 the password is pushed out to DS and the REST query works but still the user can't log into the UI.

       

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              travis.haagen Travis Haagen
              Reporter:
              margaret.rizkalla Margaret Rizkalla
              QA Assignee:
              Alexander Dracka Alexander Dracka
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: