Uploaded image for project: 'MidPoint'
  1. MidPoint
  2. MID-4593

First password change sets no metadata

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.7.1
    • Fix Version/s: 3.7.2, 3.8
    • Component/s: None
    • Labels:
      None
    • Environment:

      password policy with hashing of passwords

      Description

      First change in password on user (identity) sets no metadata.

      How to reproduce:

      • take existing user in repo browse
      • clean up credential tag and save
      • set password from user detail's page and save
      • check result in repo browser

      Results looks like this (also, see that first change disobey password policy - password is encrypted, not hashed):

         <credentials>
            <password>
               <value>
                  <t:encryptedData>
                     <t:encryptionMethod>
                        <t:algorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</t:algorithm>
                     </t:encryptionMethod>
                     <t:keyInfo>
                        <t:keyName>iWillNotTellYouEver</t:keyName>
                     </t:keyInfo>
                     <t:cipherData>
                        <t:cipherValue>4e7nNV9OOK+xFaVKT/XGC+kyoveEQHbNmX2n+5//Ebs=</t:cipherValue>
                     </t:cipherData>
                  </t:encryptedData>
               </value>
            </password>
         </credentials>
      

      After second change:

         <credentials>
            <password>
               <metadata>
                  <modifyTimestamp>2018-04-17T11:46:46.850+02:00</modifyTimestamp>
                  <modifierRef oid="00000000-0000-0000-0000-000000000002"
                               relation="org:default"
                               type="c:UserType"><!-- administrator --></modifierRef>
                  <modifyChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</modifyChannel>
               </metadata>
               <value>
                  <t:hashedData>
                     <t:digestMethod>
                        <t:algorithm>http://prism.evolveum.com/xml/ns/public/crypto/algorithm/pbkd-3#PBKDF2WithHmacSHA512</t:algorithm>
                        <t:salt>a5Ub3A==</t:salt>
                        <t:workFactor>10000</t:workFactor>
                     </t:digestMethod>
                     <t:digestValue>K6dPdWDk1yrYzHb0y0wyw/evz1l5IIBN9DWVjyGuoL8=</t:digestValue>
                  </t:hashedData>
               </value>
               <historyEntry id="42">
                  <value>
                     <t:hashedData>
                        <t:digestMethod>
                           <t:algorithm>http://prism.evolveum.com/xml/ns/public/crypto/algorithm/pbkd-3#PBKDF2WithHmacSHA512</t:algorithm>
                           <t:salt>GNonOw==</t:salt>
                           <t:workFactor>10000</t:workFactor>
                        </t:digestMethod>
                        <t:digestValue>8jBkWs6p7X8udaIfXvwD10hNeOpKc2ObVli3u5wWIVI=</t:digestValue>
                     </t:hashedData>
                  </value>
                  <changeTimestamp>2018-04-17T11:46:46.850+02:00</changeTimestamp>
               </historyEntry>
            </password>
         </credentials>
      
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              petr.gasparik Petr Gašparík
              Reporter:
              petr.gasparik Petr Gašparík
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: