Yann Diorcet created SYNCOPE-513: ------------------------------------ Summary: Salted cipher algorithms incompatible interoperability with OpenDJ Key: SYNCOPE-513 URL: https://issues.apache.org/jira/browse/SYNCOPE-513 Project: Syncope Issue Type: Bug Components: core Affects Versions: 1.1.8 Environment: OpenDJ as LDAP Reporter: Yann Diorcet
In PasswordEncoder class the salt mechanism configuration is hardcoded If the LDAP doesn't use the same salt mechanism configuration, the password can't be matched during authentication. For example SSHA digest from OpenDJ uses a suffixed 8 bytes salt (in hash and plan) Original: digester.setIterations(100000); digester.setSaltSizeBytes(16); Modified for OpenDJ digester.setIterations(1); digester.setSaltSizeBytes(8); digester.setInvertPositionOfPlainSaltInEncryptionResults(true); digester.setInvertPositionOfSaltInMessageBeforeDigesting(true); Maybe adding a way to configure custom cipher algorithms will allow more widespread interoperability with existing LDAPv3 implementations in the market -- This message was sent by Atlassian JIRA (v6.2#6252)