agent (1).txt
ssoadm.png
[OPENAM-5785] Allow ssoadm to import and export agent configurations with hashed passwords Created: 07/Apr/15 Updated: 20/Nov/16 Resolved: 24/Jun/15 |
|
| Status: | Resolved |
| Project: | OpenAM |
| Component/s: | CLI, sms |
| Affects Version/s: | 10.0.0-EA, 10.0.1, 10.1.0-Xpress, 10.0.2, 11.0.1, 11.0.3, 12.0.0 |
| Fix Version/s: | 11.0.4, 12.0.3, 13.0.0 |
| Type: | Improvement | Priority: | Major |
| Reporter: | Abel Hoxeng | Assignee: | Mark de Reeper |
| Resolution: | Fixed | Votes: | 1 |
| Labels: | EDISON, release-notes | ||
| Remaining Estimate: | 2h | ||
| Time Spent: | 4h | ||
| Original Estimate: | 6h | ||
| Attachments: |
agent (1).txt
ssoadm.png
|
| Sprint: | Sprint 82 - Sustaining, Sprint 83 - Sustaining |
| Support Ticket IDs: | |
| Verified Version/s: |
| Description |
|
Currently with the ssoadm tool, when a user exports their agent config with the show-agent command, the hashed userpassword is not included in the output. It would be helpful if the user could export the config with the hashed userpassword and be able to import the configuration with the hashed userpassword. The user is able export the hashed password through the GUI currently. |
| Comments |
| Comment by Michael Alexander [ 07/Apr/15 ] |
|
Yes, this would be very helpful for sites that are migrating to a new instance of OpenAM instead of upgrading in place. The migration increases time but mitigates risk. For large sites with many agents, being able to import the passwords for agents that multiple administrators have added over the years is extremely helpful since it minimizes the changes required in the agent configuration files. |
| Comment by Mark de Reeper [ 24/Jun/15 ] |
|
Fixed in r14311, r14312 and r14313 |
| Comment by Richard Hruza [ 02/May/16 ] |
|
Verified with : OpenAM 12.0.3-RC2 Build 4dbe218a05 (2016-April-25 17:57) Results:... com.sun.identity.agents.config.userid.param.type=session com.sun.identity.client.notification.url=http://perf-openam2.internal.forgerock.com:80/UpdateAgentCacheServlet?shortcircuit=false org.forgerock.openam.agents.config.policy.evaluation.application=iPlanetAMWebAgentService org.forgerock.openam.agents.config.policy.evaluation.realm=/ sunIdentityServerDeviceKeyValue[0]=agentRootURL=http://perf-openam2.internal.forgerock.com:80/ sunIdentityServerDeviceStatus=Active userpassword={SHA-1}W6ph5Mm5Pz8GgiULbPgzG37mj9g= ssoadm provides new option to export password, see picture |
