[
https://issues.apache.org/jira/browse/SYNCOPE-513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14322634#comment-14322634
]
Yann Diorcet commented on SYNCOPE-513:
--------------------------------------
Hi,
Sorry for my rudeness.
I meant to contact you about this issue.
I feel the issue is still incomplete. Because if there are multiple LDAP
servers you may have different encryption parameters for each LDAP service and
with this fix you are stuck with just one configurable encryption settings
implying that just one of this multiples LDAP will ever work.
Do you see the issue?
Best regards,
> Make value encryption parametric
> --------------------------------
>
> Key: SYNCOPE-513
> URL: https://issues.apache.org/jira/browse/SYNCOPE-513
> Project: Syncope
> Issue Type: Improvement
> Components: core
> Affects Versions: 1.1.8
> Reporter: Yann Diorcet
> Assignee: Francesco Chicchiriccò
> Fix For: 1.2.0-M1
>
>
> In {{PasswordEncoder}} (1.1.X) / {{Encryptor}} (1.2.X) class the salt
> mechanism configuration is hardcoded
> If the LDAP server doesn't use the same salt mechanism configuration, the
> password can't be matched during authentication.
> For example {{SSHA}} is defined by RFC 2307 as:
> {code}
> digester.setIterations(1);
> digester.setSaltSizeBytes(8);
> digester.setInvertPositionOfPlainSaltInEncryptionResults(true);
> digester.setInvertPositionOfSaltInMessageBeforeDigesting(true);
> digester.setUseLenientSaltSizeCheck(true);
> {code}
> See [Jasypt's
> javadocs|http://jasypt.org/api/jasypt/1.9.2/org/jasypt/util/password/rfc2307/RFC2307SSHAPasswordEncryptor.html]
> for more details.
> {{Encryptor}} can read from global configuration parameters so that you can
> configure some aspect of the way how ciphered values (not only password
> values in 1.2.X).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
