Hi Mike,
please read inline.
Il 24/06/20 14:21, PortalGuard ha scritto:
Hello Everyone,
Currently, I have syncope configured to send an email to the end user
whenever an account is created. Unfortunately the returned password is
encrypted with AES, which is rather useless to the user. I have read in the
Reference Guide that the cleartext password is available 'on-demand' if we
are using AES encryption.
See 3.2.1 of the Reference Guide.
http://syncope.apache.org/docs/reference-guide.html#type-management
Does anyone know of a way to decrypt the AES password and send the
cleartext password to the enduser?
first of all I would say that sending cleartext password in e-mails is
definitely a security bad practice.
Sending notification with the cleartext password is not a default
setting in Syncope (exactly because of what I just said about best
practice).
Doing that I think you should create a custom notification where you
can: decrypt the password, set the result cleartext password in a
variable and so, finally, you can have the desired password.
Of course you have to create the custom notification template where
you'll get this new variable.
An example to how decode AES password is here [1].
Thank you,
Mike
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
HTH
Best regards,
Lorenzo
[1]
https://github.com/apache/syncope/blob/2_1_X/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java#L55
--
Dott. Lorenzo Di Cola
Software Engineer @ Tirasa S.r.l.
Viale Vittoria Colonna, 97 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net
Apache Syncope Committer
http://people.apache.org/phonebook.html?uid=loredicola
