April 22, 2021 at 5:46 pm #28537EAlmeidaParticipant
Good morning, I would like some help.
I am connecting to the MongoDB database, however the password on the Mongo is encrypted with SHA-256, how would I manage in the login process to make the password typed by the user compared to this encrypted password?April 29, 2021 at 5:17 pm #28547Jatinder SinghParticipant
What version of AM are you using? And where in the process are you connecting to MongoDB? Is it in the authentication module or auth tree? Or is it in the Scripts e.g. OIDC Claims.
SHA-256is NOT an encryption algorithm but a one way hash algorithm. In order to get a hash of some ASCII characters, you can do the following in Java:
import javax.xml.bind.DatatypeConverter; import java.nio.charset.StandardCharsets; import java.security.MessageDigest; ... MessageDigest md = MessageDigest.getInstance("SHA-256"); byte digest = md.digest(password.getBytes(StandardCharsets.UTF_8)); String sha256 = DatatypeConverter.printHexBinary(digest).toLowerCase();
Please check whitelisting of classes when testing the above.
JatinderApril 30, 2021 at 3:44 pm #28552EAlmeidaParticipant
Hello Jatinder, I thank you in advance for your assistance,
sorry for the lack of details, i will put them below.
I connect to the database, using connectors in IDM, (MongoDB Connector 188.8.131.52).
The database is hashed with SHA-256, as an example the user “test” that should have a password “12345”, is stored as a password “5994471ABB01112AFCC18159F6CC74B4F511B99806DA59B3CAF5A9C173CACFC5”.
So I would like that when the user made the Input directly on the login page, he could do it by entering the password “12345” and somehow we could convert this data and compare it with the existing one in the database, if combined, we would authorize the user to log into.
I am available for further clarification. Thank you for your help!
You must be logged in to reply to this topic.