Yann Diorcet created SYNCOPE-513:
------------------------------------
Summary: Salted cipher algorithms incompatible interoperability
with OpenDJ
Key: SYNCOPE-513
URL: https://issues.apache.org/jira/browse/SYNCOPE-513
Project: Syncope
Issue Type: Bug
Components: core
Affects Versions: 1.1.8
Environment: OpenDJ as LDAP
Reporter: Yann Diorcet
In PasswordEncoder class the salt mechanism configuration is hardcoded
If the LDAP doesn't use the same salt mechanism configuration, the password
can't be matched during authentication.
For example SSHA digest from OpenDJ uses a suffixed 8 bytes salt (in hash and
plan)
Original:
digester.setIterations(100000);
digester.setSaltSizeBytes(16);
Modified for OpenDJ
digester.setIterations(1);
digester.setSaltSizeBytes(8);
digester.setInvertPositionOfPlainSaltInEncryptionResults(true);
digester.setInvertPositionOfSaltInMessageBeforeDigesting(true);
Maybe adding a way to configure custom cipher algorithms will allow more
widespread interoperability with existing LDAPv3 implementations in the market
--
This message was sent by Atlassian JIRA
(v6.2#6252)
