[OPENAM-5785] Allow ssoadm to import and export agent configurations with hashed passwords Created: 07/Apr/15  Updated: 20/Nov/16  Resolved: 24/Jun/15

Status: Resolved
Project: OpenAM
Component/s: CLI, sms
Affects Version/s: 10.0.0-EA, 10.0.1, 10.1.0-Xpress, 10.0.2, 11.0.1, 11.0.3, 12.0.0
Fix Version/s: 11.0.4, 12.0.3, 13.0.0

Type: Improvement Priority: Major
Reporter: Abel Hoxeng Assignee: Mark de Reeper
Resolution: Fixed Votes: 1
Labels: EDISON, release-notes
Remaining Estimate: 2h
Time Spent: 4h
Original Estimate: 6h

Attachments: Text File agent (1).txt     PNG File ssoadm.png    
Sprint: Sprint 82 - Sustaining, Sprint 83 - Sustaining
Support Ticket IDs:
Verified Version/s:

 Description   

Currently with the ssoadm tool, when a user exports their agent config with the show-agent command, the hashed userpassword is not included in the output. It would be helpful if the user could export the config with the hashed userpassword and be able to import the configuration with the hashed userpassword. The user is able export the hashed password through the GUI currently.



 Comments   
Comment by Michael Alexander [ 07/Apr/15 ]

Yes, this would be very helpful for sites that are migrating to a new instance of OpenAM instead of upgrading in place. The migration increases time but mitigates risk. For large sites with many agents, being able to import the passwords for agents that multiple administrators have added over the years is extremely helpful since it minimizes the changes required in the agent configuration files.

Comment by Mark de Reeper [ 24/Jun/15 ]

Fixed in r14311, r14312 and r14313

Comment by Richard Hruza [ 02/May/16 ]

Verified with : OpenAM 12.0.3-RC2 Build 4dbe218a05 (2016-April-25 17:57)

Results:

...
com.sun.identity.agents.config.userid.param.type=session
com.sun.identity.client.notification.url=http://perf-openam2.internal.forgerock.com:80/UpdateAgentCacheServlet?shortcircuit=false
org.forgerock.openam.agents.config.policy.evaluation.application=iPlanetAMWebAgentService
org.forgerock.openam.agents.config.policy.evaluation.realm=/
sunIdentityServerDeviceKeyValue[0]=agentRootURL=http://perf-openam2.internal.forgerock.com:80/
sunIdentityServerDeviceStatus=Active
userpassword={SHA-1}W6ph5Mm5Pz8GgiULbPgzG37mj9g=

ssoadm provides new option to export password, see picture

Generated at Mon Oct 19 21:59:59 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.