Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-9328

Enabling CSV tamper prevention in the Admin UI dumps all config details to log file

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: OpenIDM 5.5.0, OpenIDM 6.0.0
    • Fix Version/s: OpenIDM 6.0.0
    • Component/s: None
    • Environment:
      IDM 5.5.0 SNAPSHOT after RC8 runs on a CentOS7, MySQL, Java8.

      Description

      When configuring CSV tamper prevention feature on admin UI, all the config details(including password encryption parameters info) is dumped to IDM log files. they maybe used for debugging purpose but should be cleaned up.

      Sep 21, 2017 2:05:17 PM org.forgerock.openidm.config.installer.JSONConfigInstaller configurationEvent
      INFO: Updating configuration file: file:/home/testuser/pyforge/results/20170921-134100/idm/ReconLDAPToManUser/openidm_recon_ldap2mu/openidm/samples/sync-with-ldap/conf/audit.json
      Sep 21, 2017 2:05:17 PM org.forgerock.openidm.audit.impl.AuditServiceImpl activate
      INFO: Audit service started.
      Sep 21, 2017 2:05:17 PM org.forgerock.openidm.audit.impl.AuditServiceImpl modified
      INFO: Reconfigured audit service {component.name=org.forgerock.openidm.audit, jsonconfig={
          "auditServiceConfig" : {
              "handlerForQueries" : "json",
              "availableAuditEventHandlers" : [
                  "org.forgerock.audit.handlers.csv.CsvAuditEventHandler",
                  "org.forgerock.audit.handlers.elasticsearch.ElasticsearchAuditEventHandler",
                  "org.forgerock.audit.handlers.jms.JmsAuditEventHandler",
                  "org.forgerock.audit.handlers.json.JsonAuditEventHandler",
                  "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler",
                  "org.forgerock.openidm.audit.impl.RouterAuditEventHandler",
                  "org.forgerock.audit.handlers.splunk.SplunkAuditEventHandler",
                  "org.forgerock.audit.handlers.syslog.SyslogAuditEventHandler"
              ],
              "filterPolicies" : {
                  "value" : {
                      "excludeIf" : [
                          "/access/http/request/headers/Authorization",
                          "/access/http/request/headers/X-OpenIDM-Password",
                          "/access/http/request/cookies/session-jwt",
                          "/access/http/response/headers/Authorization",
                          "/access/http/response/headers/X-OpenIDM-Password"
                      ],
                      "includeIf" : [ ]
                  }
              }
          },
          "eventHandlers" : [
              {
                  "class" : "org.forgerock.audit.handlers.json.JsonAuditEventHandler",
                  "config" : {
                      "name" : "json",
                      "logDirectory" : "&{launcher.working.location}/audit",
                      "buffering" : {
                          "maxSize" : 100000,
                          "writeInterval" : "100 millis"
                      },
                      "topics" : [
                          "access",
                          "activity",
                          "recon",
                          "sync",
                          "authentication",
                          "config"
                      ],
                      "enabled" : true
                  }
              },
              {
                  "class" : "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler",
                  "config" : {
                      "name" : "repo",
                      "enabled" : false,
                      "topics" : [
                          "access",
                          "activity",
                          "recon",
                          "sync",
                          "authentication",
                          "config"
                      ]
                  }
              },
              {
                  "class" : "org.forgerock.audit.handlers.csv.CsvAuditEventHandler",
                  "config" : {
                      "fileRotation" : {
                          "rotationEnabled" : true,
                          "maxFileSize" : 0,
                          "rotationFilePrefix" : "",
                          "rotationTimes" : [ ],
                          "rotationFileSuffix" : "",
                          "rotationInterval" : "5 minutes"
                      },
                      "fileRetention" : {
                          "maxNumberOfHistoryFiles" : 0,
                          "maxDiskSpaceToUse" : 0,
                          "minFreeSpaceRequired" : 0
                      },
                      "rotationRetentionCheckInterval" : "5 minutes",
                      "logDirectory" : "/home/testuser/csv_logs",
                      "formatting" : {
                          "quoteChar" : "\"",
                          "delimiterChar" : ",",
                          "endOfLineSymbols" : "\n"
                      },
                      "security" : {
                          "enabled" : true,
                          "filename" : "/home/testuser/pyforge/results/20170921-134100/idm/ReconLDAPToManUser/openidm_recon_ldap2mu/openidm/security/keystore.jceks",
                          "password" : {
                              "$crypto" : {
                                  "type" : "x-simple-encryption",
                                  "value" : {
                                      "cipher" : "AES/CBC/PKCS5Padding",
                                      "salt" : "6UrC/s9l9QwEpRRZriW1MQ==",
                                      "data" : "UpRQsiLfsNiYhylzxOdSfw==",
                                      "iv" : "WsYZeMSv4VbDk/pJHK2aDA==",
                                      "key" : "openidm-sym-default",
                                      "mac" : "152fQ0ETZIc7hlH++3/s3A=="
                                  }
                              }
                          },
                          "keyStoreHandlerName" : "",
                          "signatureInterval" : "5 minutes"
                      },
                      "buffering" : {
                          "enabled" : false,
                          "autoFlush" : false
                      },
                      "name" : "csv",
                      "topics" : [
                          "activity",
                          "authentication",
                          "access",
                          "recon"
                      ],
                      "enabled" : true
                  }
              }
          ],
          "eventTopics" : {
              "config" : {
                  "filter" : {
                      "actions" : [
                          "create",
                          "update",
                          "delete",
                          "patch",
                          "action"
                      ]
                  }
              },
              "activity" : {
                  "filter" : {
                      "actions" : [
                          "create",
                          "update",
                          "delete",
                          "patch",
                          "action"
                      ]
                  },
                  "watchedFields" : [ ],
                  "passwordFields" : [
                      "password"
                  ]
              }
          },
          "exceptionFormatter" : {
              "type" : "text/javascript",
              "file" : "bin/defaults/script/audit/stacktraceFormatter.js"
          }
      }, service.vendor=ForgeRock AS, routeService.target=(openidm.router.prefix=/*), felix.fileinstall.filename=file:/home/testuser/pyforge/results/20170921-134100/idm/ReconLDAPToManUser/openidm_recon_ldap2mu/openidm/samples/sync-with-ldap/conf/audit.json, service.pid=org.forgerock.openidm.audit, openidm.router.prefix=/audit/*, component.id=69, service.description=Audit Service}
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      Sep 21, 2017 2:05:17 PM org.forgerock.openidm.sync.impl.ReconciliationService deactivate
      INFO: Reconciliation service stopped.
      Sep 21, 2017 2:05:17 PM org.forgerock.openidm.sync.impl.ReconciliationService activate
      INFO: Reconciliation service started.
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
      INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
      

      To reproduce:
      1. Start IDM,
      2. Set up keystore for CSV tamper prevention feature.
      3. Configure and enable CSV tamper prevention feature on IDM admin UI using keystore path and password.
      4. Submit and save changes and observe the symptom.

        Attachments

          Activity

            People

            • Assignee:
              katie.gonzalez Katie Gonzalez
              Reporter:
              Tinghua.Xu Tinghua.Xu
              QA Assignee:
              Alexander Dracka
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: