Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-5254

Docs: AES keyType missing from route configuration for "Get Login Credentials From AM" example

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.0.0, 7.1.0
    • Fix Version/s: 7.0.1, 7.1.0
    • Component/s: Doc
    • Labels:
      None

      Description

      When following the documented "Get Login Credentials From AM" example: https://backstage.forgerock.com/docs/ig/7/gateway-guide/credentials-am.html#proc-password-capture-replay

       

      IG will not be able to decrypt the password from AM session and will throw an error like:

      [I/O dispatcher 51] ERROR o.f.o.o.CapturedUserPasswordFilter @04-replay - Unable to decrypt the password.[I/O dispatcher 51] ERROR o.f.o.o.CapturedUserPasswordFilter @04-replay - Unable to decrypt the password.java.security.InvalidKeyException: Wrong key size at java.base/com.sun.crypto.provider.DESCrypt.init(DESCrypt.java:536)

      This is because it is using DES decryption for an AES key.

       

      The $HOME/.openig/config/routes/04-replay.json example provided in step 3c, is missing AES keytype, after adding it, the example works i.e.

       

          {
            "name": "CapturedUserPasswordFilter",
            "type": "CapturedUserPasswordFilter",
            "config": {
              "ssoToken": "${contexts.ssoToken.value}",
              "keySecretId": "aes.key",
      -->     "keyType": "AES",
              "secretsProvider": "SystemAndEnvSecretStore-1",
              "amService": "AmService-1"
            }
      

       

        Attachments

          Activity

            People

            Assignee:
            joanne.henry Joanne Henry
            Reporter:
            john.noble John Noble
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: