Hi Richard. Try SHA-512 instead of SHA512
Best, Dmitriy. On Jul 10, 2014, at 10:04 AM, Richard Wiseman <[email protected]> wrote: > Hi, > > The CAS documentation <https://wiki.jasig.org/display/CASUM/JDBC> indicates > that you can use any of the MACs listed on the JDK Javadoc > <http://download.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html#AppA> > for the password encoder's encodingAlgorithm attribute; this list includes > "HmacSHA512", which is what I want to use. (I confess I don't know the > difference, if any, between SHA512 and HmacSHA512 in the context of hashing > passwords.) > > I have used the following in my deployerConfigContext.xml file: > > <bean id="passwordEncoder" > class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" > c:encodingAlgorithm="SHA1" p:characterEncoding="UTF-8" /> > > and it worked. However, neither of the following two variants works: > > <bean id="passwordEncoder" > class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" > c:encodingAlgorithm="HmacSHA512" p:characterEncoding="UTF-8" /> > > and > > <bean id="passwordEncoder" > class="org.jasig.cas.authentication.handler.DefaultPasswordEncoder" > c:encodingAlgorithm="SHA512" p:characterEncoding="UTF-8" /> > > Each of these results in something in the log such as: > > 2014-07-10 15:13:01,251 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: java.security.NoSuchAlgorithmException: SHA512 MessageDigest not > available > ACTION: TICKET_GRANTING_TICKET_NOT_CREATED > APPLICATION: CAS > WHEN: Thu Jul 10 15:13:01 BST 2014 > CLIENT IP ADDRESS: 10.255.240.6 > SERVER IP ADDRESS: cas.zion.bt.co.uk > ============================================================= > > This suggests that I have to provide an implementation of SHA512. However, I > have no idea where to get one or how to make it available once I do! (I > assume I would get a JAR file and put it in WEB-INF/lib - but I don't know > how I would specify the implementing class name in deployerConfigContext.xml.) > > Also, even if I do find an implementation, what I really need is one that > lets me specify a salt for each password. > > And I need to get the salt from the database containing the hashed passwords. > > Is this an unrealistic or naively optimistic notion? Should I really be > thinking about implementing a bean or other Java class and (somehow) using > that instead of CAS's built in JDBC options? If I should, what's the > preferred/easiest approach? > > Any advice would be much appreciated! > > Many thanks. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
