[OPENAM-6892] Create a Shared Secret Provider plugin for the standard OATH module Created: 18/Sep/15  Updated: 03/May/16  Resolved: 06/Oct/15

Status: Resolved
Project: OpenAM
Component/s: authentication
Affects Version/s: 12.0.0
Fix Version/s: 12.0.3, 13.0.0

Type: Improvement Priority: Major
Reporter: Jonathan Thomas Assignee: Richard Hruza
Resolution: Fixed Votes: 0
Labels: EDISON, release-notes, test-candidate
Remaining Estimate: 0h
Time Spent: 3h
Original Estimate: 0h

Target Version/s:
Sprint: Sustaining Sprint 12, AM Sustaining Sprint 13
Verified Version/s:

 Description   

To allow for processing of the shared secret value, for example decrypting a stored value, we should create a plugin for the standard OATH module.

This should include a default implementation that provides the current behaviour - which is converting a stored hex value to a byte array.



 Comments   
Comment by Jonathan Thomas [ 21/Sep/15 ]

CR-8207

Added to 12.0.x with r15794.
Added to trunk r16094

Comment by Jonathan Thomas [ 09/Oct/15 ]

Documentation needed on new property for DefaultSharedSecretProvider and how to update/override this

forgerock-oath-sharedsecret-implementation-class

Comment by Richard Hruza [ 03/May/16 ]

Verified with: OpenAM 12.0.3-RC2 Build 4dbe218a05 (2016-April-25 17:57)

The property "The Shared Secret Provider Class" was added into AM console.

I performed negative test to verify if the property works.
I executed test testTOTPLogin in debug mode with breakpoint after setup. Then I changed the property to non-existent value and continue with execution.
Authentication Failed and observed following exception in the Authentication debug log:

amAuthOATH:05/03/2016 11:01:21:203 AM BST: Thread[http-bio-8080-exec-14,5,main]
ERROR: OATH.getSharedSecret() Unable to find SharedSecretProvider Class:org.forgerock.openam.authentication.modules.oath.plugins.xxxxxx
java.lang.ClassNotFoundException: org.forgerock.openam.authentication.modules.oath.plugins.xxxxxx
Comment by Richard Hruza [ 03/May/16 ]

Added label test-candidate. It could be easily created a negative test, described in comment above

Generated at Tue Oct 27 00:42:14 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.