credentials section in provisioner.openicf-opendj.json is getting encrypted

This topic contains 1 reply, has 1 voice, and was last updated by  Anil231 2 months ago.

  • Author
    Posts
  • #25548
     Anil231 
    Participant

    We are trying to integrate Open IDM with OpenDJ and MYSQL. MYSQL connectivity is cool for now. We had provided OpenDj details in the file provisioner.openicf-opendj.json under ./openidm/conf/.

    “configurationProperties” : {
    “host” : “”localhost””,
    “port” : “1389”,
    “ssl” : false,
    “principal” : “cn=root”,
    “credentials” : {
    “$crypto” : {
    “type” : “x-simple-encryption”,
    “value” : {
    “cipher” : “AES/CBC/PKCS5Padding”,
    “stableId” : “openidm-sym-default”,
    “salt” : “xxxxxxxxxxx”,
    “data” : “xxxxxxxxxxx”,
    “keySize” : 16,
    “purpose” : “idm.config.encryption”,
    “iv” : “xxxxxxxxxx”,
    “mac” : “xxxxxxxxxx”
    }
    }
    }
    We were seeing Decryption errors repeatedly, so thought of going with plain password under credential section as below

    “configurationProperties” : {
    “host” : “”localhost””,
    “port” : “1389”,
    “ssl” : false,
    “principal” : “cn=root”,
    “credentials” : “passpass”
    }

    soon after we run ./startup.sh of openidm, credentials section in provisioner.openicf-opendj.json is getting encrypoted on its own. the encrypted content is different from what we get we encrypt our opendj password using cli.sh of OpenIDM.

    We are currently not able to draw any conclusion what is causing this issue:

    Error:

    [19] Apr 15, 2019 3:24:26.406 PM org.forgerock.openidm.provisioner.openicf.impl.OpenICFProvisionerService activate
    SEVERE: OpenICF Provisioner Service configuration has errors
    org.forgerock.json.JsonValueException: /configurationProperties/credentials: org.forgerock.json.crypto.JsonCryptoException: Decryption failed

    • This topic was modified 2 months ago by  Peter Major.
    #25549
     Anil231 
    Participant

    As per this link, The startup process will re-encrypt the plain text values with the key in the instance keystore. I had checked managed.json, it is having the below block, which is good from the configuration perspective:

    “encryption” : {
    “key” : “openidm-sym-default”
    },

    • This reply was modified 2 months ago by  Anil231.
    • This reply was modified 2 months ago by  Anil231.
Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?