[OPENIDM-9328] Enabling CSV tamper prevention in the Admin UI dumps all config details to log file Created: 21/Sep/17  Updated: 22/Apr/18  Resolved: 22/Apr/18

Status: Closed
Project: OpenIDM
Component/s: None
Affects Version/s: OpenIDM 5.5.0, OpenIDM 6.0.0
Fix Version/s: OpenIDM 6.0.0

Type: Bug Priority: Major
Reporter: Tinghua.Xu Assignee: Katie Gonzalez
Resolution: Fixed Votes: 0
Labels: MASON, clark, release-notes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

IDM 5.5.0 SNAPSHOT after RC8 runs on a CentOS7, MySQL, Java8.


Target Version/s:
Verified Version/s:
QA Assignee: Alexander Dracka
Sprint: OpenIDM Sprint 85

 Description   

When configuring CSV tamper prevention feature on admin UI, all the config details(including password encryption parameters info) is dumped to IDM log files. they maybe used for debugging purpose but should be cleaned up.

Sep 21, 2017 2:05:17 PM org.forgerock.openidm.config.installer.JSONConfigInstaller configurationEvent
INFO: Updating configuration file: file:/home/testuser/pyforge/results/20170921-134100/idm/ReconLDAPToManUser/openidm_recon_ldap2mu/openidm/samples/sync-with-ldap/conf/audit.json
Sep 21, 2017 2:05:17 PM org.forgerock.openidm.audit.impl.AuditServiceImpl activate
INFO: Audit service started.
Sep 21, 2017 2:05:17 PM org.forgerock.openidm.audit.impl.AuditServiceImpl modified
INFO: Reconfigured audit service {component.name=org.forgerock.openidm.audit, jsonconfig={
    "auditServiceConfig" : {
        "handlerForQueries" : "json",
        "availableAuditEventHandlers" : [
            "org.forgerock.audit.handlers.csv.CsvAuditEventHandler",
            "org.forgerock.audit.handlers.elasticsearch.ElasticsearchAuditEventHandler",
            "org.forgerock.audit.handlers.jms.JmsAuditEventHandler",
            "org.forgerock.audit.handlers.json.JsonAuditEventHandler",
            "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler",
            "org.forgerock.openidm.audit.impl.RouterAuditEventHandler",
            "org.forgerock.audit.handlers.splunk.SplunkAuditEventHandler",
            "org.forgerock.audit.handlers.syslog.SyslogAuditEventHandler"
        ],
        "filterPolicies" : {
            "value" : {
                "excludeIf" : [
                    "/access/http/request/headers/Authorization",
                    "/access/http/request/headers/X-OpenIDM-Password",
                    "/access/http/request/cookies/session-jwt",
                    "/access/http/response/headers/Authorization",
                    "/access/http/response/headers/X-OpenIDM-Password"
                ],
                "includeIf" : [ ]
            }
        }
    },
    "eventHandlers" : [
        {
            "class" : "org.forgerock.audit.handlers.json.JsonAuditEventHandler",
            "config" : {
                "name" : "json",
                "logDirectory" : "&{launcher.working.location}/audit",
                "buffering" : {
                    "maxSize" : 100000,
                    "writeInterval" : "100 millis"
                },
                "topics" : [
                    "access",
                    "activity",
                    "recon",
                    "sync",
                    "authentication",
                    "config"
                ],
                "enabled" : true
            }
        },
        {
            "class" : "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler",
            "config" : {
                "name" : "repo",
                "enabled" : false,
                "topics" : [
                    "access",
                    "activity",
                    "recon",
                    "sync",
                    "authentication",
                    "config"
                ]
            }
        },
        {
            "class" : "org.forgerock.audit.handlers.csv.CsvAuditEventHandler",
            "config" : {
                "fileRotation" : {
                    "rotationEnabled" : true,
                    "maxFileSize" : 0,
                    "rotationFilePrefix" : "",
                    "rotationTimes" : [ ],
                    "rotationFileSuffix" : "",
                    "rotationInterval" : "5 minutes"
                },
                "fileRetention" : {
                    "maxNumberOfHistoryFiles" : 0,
                    "maxDiskSpaceToUse" : 0,
                    "minFreeSpaceRequired" : 0
                },
                "rotationRetentionCheckInterval" : "5 minutes",
                "logDirectory" : "/home/testuser/csv_logs",
                "formatting" : {
                    "quoteChar" : "\"",
                    "delimiterChar" : ",",
                    "endOfLineSymbols" : "\n"
                },
                "security" : {
                    "enabled" : true,
                    "filename" : "/home/testuser/pyforge/results/20170921-134100/idm/ReconLDAPToManUser/openidm_recon_ldap2mu/openidm/security/keystore.jceks",
                    "password" : {
                        "$crypto" : {
                            "type" : "x-simple-encryption",
                            "value" : {
                                "cipher" : "AES/CBC/PKCS5Padding",
                                "salt" : "6UrC/s9l9QwEpRRZriW1MQ==",
                                "data" : "UpRQsiLfsNiYhylzxOdSfw==",
                                "iv" : "WsYZeMSv4VbDk/pJHK2aDA==",
                                "key" : "openidm-sym-default",
                                "mac" : "152fQ0ETZIc7hlH++3/s3A=="
                            }
                        }
                    },
                    "keyStoreHandlerName" : "",
                    "signatureInterval" : "5 minutes"
                },
                "buffering" : {
                    "enabled" : false,
                    "autoFlush" : false
                },
                "name" : "csv",
                "topics" : [
                    "activity",
                    "authentication",
                    "access",
                    "recon"
                ],
                "enabled" : true
            }
        }
    ],
    "eventTopics" : {
        "config" : {
            "filter" : {
                "actions" : [
                    "create",
                    "update",
                    "delete",
                    "patch",
                    "action"
                ]
            }
        },
        "activity" : {
            "filter" : {
                "actions" : [
                    "create",
                    "update",
                    "delete",
                    "patch",
                    "action"
                ]
            },
            "watchedFields" : [ ],
            "passwordFields" : [
                "password"
            ]
        }
    },
    "exceptionFormatter" : {
        "type" : "text/javascript",
        "file" : "bin/defaults/script/audit/stacktraceFormatter.js"
    }
}, service.vendor=ForgeRock AS, routeService.target=(openidm.router.prefix=/*), felix.fileinstall.filename=file:/home/testuser/pyforge/results/20170921-134100/idm/ReconLDAPToManUser/openidm_recon_ldap2mu/openidm/samples/sync-with-ldap/conf/audit.json, service.pid=org.forgerock.openidm.audit, openidm.router.prefix=/audit/*, component.id=69, service.description=Audit Service}
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
Sep 21, 2017 2:05:17 PM org.forgerock.openidm.sync.impl.ReconciliationService deactivate
INFO: Reconciliation service stopped.
Sep 21, 2017 2:05:17 PM org.forgerock.openidm.sync.impl.ReconciliationService activate
INFO: Reconciliation service started.
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
Sep 21, 2017 2:05:17 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:policy:api:PolicyParameterMap
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource
Sep 21, 2017 2:05:18 PM org.forgerock.api.transform.OpenApiTransformer addDefinitionReference
INFO: Replacing schema definition with id: urn:jsonschema:org:forgerock:openidm:security:impl:api:PublicKeyResource

To reproduce:
1. Start IDM,
2. Set up keystore for CSV tamper prevention feature.
3. Configure and enable CSV tamper prevention feature on IDM admin UI using keystore path and password.
4. Submit and save changes and observe the symptom.



 Comments   
Comment by Lana Frost [ 07/Nov/17 ]

Bug fix only - no doc impact

Comment by Alexander Dracka [ 21/Nov/17 ]

Tested OK with OpenIDM version "6.0.0 SNAPSHOT" (revision: 46ecc15)

Comment by Lana Frost [ 22/Apr/18 ]

Add to Release Notes

Generated at Sun Sep 27 20:23:57 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.