[OPENIDM-9335] Admin UI shows the password for CSV audit tamper prevention as a JSON string Created: 22/Sep/17  Updated: 22/Apr/18  Resolved: 22/Apr/18

Status: Closed
Project: OpenIDM
Component/s: Module - Audit, Module - Web UI
Affects Version/s: OpenIDM 5.5.0, OpenIDM 6.0.0
Fix Version/s: OpenIDM 6.0.0

Type: Bug Priority: Minor
Reporter: Tinghua.Xu Assignee: Oliver Bradley
Resolution: Fixed Votes: 0
Labels: CLARK, release-notes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

IDM 5.5.0 RC8 or SNAPSHOT runs on a CentOS7, MySQL as repo, Java8.
Chrome access IDM admin UI.


Attachments: PNG File Screen Shot 2017-09-21 at 3.18.16 PM.png     File audit.json    
Target Version/s:
Verified Version/s:
QA Assignee: Tinghua.Xu
Sprint: OpenIDM Sprint 84, OpenIDM Sprint 85

 Description   

After configured CSV audit event handler with tamper prevention enabled using keystore filename and keystore password, the password field would be displayed as a json string when revisiting the page later. See screenshot attached.
either configured password in clear text or hashed password would be ideal.

To reproduce:
1. Start IDM.
2. setup keys for the feature by following: https://ea.forgerock.com/docs/openidm/doc/integrators-guide/index.html#tamper-evident-operation.
3. Configure CSV tamper prevention feature on admin UI using keystore filename and password(audit.json is attached).
4. submit and save changes.
5. revisit the config page, initially, UI would display the clear text, but later it will change to the encryption related json string.



 Comments   
Comment by Brendan Miller [ 28/Sep/17 ]

Examine if we are producing the proper schema for this field.

Comment by Brendan Miller [ 12/Oct/17 ]

Decided for now to handle with special-crypto-handling code in UI

Comment by Lana Frost [ 07/Nov/17 ]

Bug fix - no doc impact

Comment by Mark Gibson [ 03/Jan/18 ]

Tinghua.Xu - can you validate and close if resolved.

Comment by Tinghua.Xu [ 12/Jan/18 ]

The UI issue is fixed.

Comment by Lana Frost [ 22/Apr/18 ]

Add to Release Notes

Generated at Sun Sep 27 06:50:43 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.