Has there been any change between versions 2.x and 3.x in the way Credential Mapping Policy works when specifying digested passwords?
Article ID: KB0091975
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix Policy Manager | - |
| Not Applicable | - |
Description
Resolution:
Yes. As part of CR 1-9BXJXY, in version 3.0.0 digest creation has been changed to use SHA-1 algorithm with salt.
This change will affect the scenario where a consumer proxy is used with Credential Mapping policy to create Username token with Digest Password as discussed below:
As documented, proxy agent cannot process digest password sent by BW. So for customers who want to use digest password in Username token we suggest using a consumer proxy.
BW Client -> Consumer Proxy (Credential Mapping with Digest Password) -> Provider Proxy (Authentication IMS) -> Provider
This used to work by default in 2.x. In 3.0.0 the following property needs to be set in the proxy agent .tra file for this to work.
java.property.com.tibco.policy.credential.mapping.digest.algorithm.use.sha=true
Yes. As part of CR 1-9BXJXY, in version 3.0.0 digest creation has been changed to use SHA-1 algorithm with salt.
This change will affect the scenario where a consumer proxy is used with Credential Mapping policy to create Username token with Digest Password as discussed below:
As documented, proxy agent cannot process digest password sent by BW. So for customers who want to use digest password in Username token we suggest using a consumer proxy.
BW Client -> Consumer Proxy (Credential Mapping with Digest Password) -> Provider Proxy (Authentication IMS) -> Provider
This used to work by default in 2.x. In 3.0.0 the following property needs to be set in the proxy agent .tra file for this to work.
java.property.com.tibco.policy.credential.mapping.digest.algorithm.use.sha=true
Issue/Introduction
Has there been any change between versions 2.x and 3.x in the way Credential Mapping Policy works when specifying digested passwords?
Feedback
Yes
No
Powered by
