Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-9335

Admin UI shows the password for CSV audit tamper prevention as a JSON string

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: OpenIDM 5.5.0, OpenIDM 6.0.0
    • Fix Version/s: OpenIDM 6.0.0
    • Environment:
      IDM 5.5.0 RC8 or SNAPSHOT runs on a CentOS7, MySQL as repo, Java8.
      Chrome access IDM admin UI.

      Description

      After configured CSV audit event handler with tamper prevention enabled using keystore filename and keystore password, the password field would be displayed as a json string when revisiting the page later. See screenshot attached.
      either configured password in clear text or hashed password would be ideal.

      To reproduce:
      1. Start IDM.
      2. setup keys for the feature by following: https://ea.forgerock.com/docs/openidm/doc/integrators-guide/index.html#tamper-evident-operation.
      3. Configure CSV tamper prevention feature on admin UI using keystore filename and password(audit.json is attached).
      4. submit and save changes.
      5. revisit the config page, initially, UI would display the clear text, but later it will change to the encryption related json string.

        Attachments

          Activity

            People

            • Assignee:
              oliver.bradley Oliver Bradley
              Reporter:
              Tinghua.Xu Tinghua.Xu
              QA Assignee:
              Tinghua.Xu
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: