Hello Clément,
Sorry for my poor knowledge of java, but when I try to introduce the code you
sent (of course, I had to change the "userPassword") in the calculation of my
password, I get the following error :
Reason: javax.script.ScriptException: TypeError: java.lang.String is not a
function in <eval> at line number 9
thanks very much for your help
Arnaud
Le 09.03.2020 à 10:32, Forster Arnaud, Gymnase francais a écrit :
Hello Clément,
Very interesting, thanks very much. I'll have a deeper look at your
solution :)
I hope it will solve my problem
thanks very much
Best regards
Le 09.03.2020 à 10:28, Clément OUDOT a écrit :
Le 06/03/2020 à 12:54, Forster Arnaud, Gymnase francais a écrit :
Hello all,
I've a small problem with the encryption function
SecurityUtils.hash(SecurityUtils.HASH_SHA1,"TestUser1") :
When I use dit, the result is not the same than another tool I'm using to
authenticate :
For example, with the above function, the password 'TestUser1' gives me the
result "suEv6NdDYH+VCIKI0Ej9+kvcco4=? "
With my other tool, and the same SHA1 encryption ,the result is
"b2e12fe8d743607f95088288d048fdfa4bdc728e"
So I can't compare them. Maybe I should user another encryption to get the same
result but which one ?
I'm very new in encryption so maybe I wrongly understand what I see...
Thanks to all for your help 😊
Hello Arnaud,
looking at source code, it seems that LSC SecurityUtils encodes the
result in Base64:
/**
* Hash a value within a supported hash type.
* @param type A valid hash type: SecurityUtils.HASH_MD5,
SecurityUtils.HASH_SHA1, SecurityUtils.HASH_SHA256 or
SecurityUtils.HASH_SHA512
* @param value A value to hash
* @return A valid base64 encoded hash
* @throws java.security.NoSuchAlgorithmException
*/
public static String hash(String type, String value) throws
NoSuchAlgorithmException {
byte data[] = value.getBytes();
byte hash[] = MessageDigest.getInstance(type).digest(data);
return new String(new Base64().encode(hash));
}
But on the other hand, I can successfully create SHA passwords in LSC
from a cleartext password :
<dataset>
<name>userPassword</name>
<policy>FORCE</policy>
<forceValues>
<string><![CDATA[
var octetString =
srcBean.getDatasetFirstValueById("userPassword");
var str = java.lang.String(octetString);
"{SHA}" +
SecurityUtils.hash(SecurityUtils.HASH_SHA1, str)
]]>
</string>
</forceValues>
</dataset>
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]<mailto:[email protected]>
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
