This topic has 2 replies, 2 voices, and was last updated 2 weeks, 2 days ago by EAlmeida.

  • Author
    Posts
  • #28537
     EAlmeida
    Participant

    Good morning, I would like some help.
    I am connecting to the MongoDB database, however the password on the Mongo is encrypted with SHA-256, how would I manage in the login process to make the password typed by the user compared to this encrypted password?

    #28547
     Jatinder Singh
    Participant

    What version of AM are you using? And where in the process are you connecting to MongoDB? Is it in the authentication module or auth tree? Or is it in the Scripts e.g. OIDC Claims.

    Now, SHA-256 is NOT an encryption algorithm but a one way hash algorithm. In order to get a hash of some ASCII characters, you can do the following in Java:

    
    import javax.xml.bind.DatatypeConverter;
    import java.nio.charset.StandardCharsets;
    import java.security.MessageDigest;
    
    ...
    MessageDigest md = MessageDigest.getInstance("SHA-256");
    byte[] digest = md.digest(password.getBytes(StandardCharsets.UTF_8));
    String sha256 = DatatypeConverter.printHexBinary(digest).toLowerCase();
    

    Please check whitelisting of classes when testing the above.

    Thanks,
    Jatinder

    #28552
     EAlmeida
    Participant

    Hello Jatinder, I thank you in advance for your assistance,
    sorry for the lack of details, i will put them below.
    AM 7.0
    IDM 7.0
    I connect to the database, using connectors in IDM, (MongoDB Connector 1.5.6.0).
    The database is hashed with SHA-256, as an example the user “test” that should have a password “12345”, is stored as a password “5994471ABB01112AFCC18159F6CC74B4F511B99806DA59B3CAF5A9C173CACFC5”.
    So I would like that when the user made the Input directly on the login page, he could do it by entering the password “12345” and somehow we could convert this data and compare it with the existing one in the database, if combined, we would authorize the user to log into.

    I am available for further clarification. Thank you for your help!

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?