Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-1659

Passwords set using the SOAP-API are always stored in Plaintext, even if Hashed-Passwords are enabled for the directory

    XMLWordPrintable

Details

    • Bug
    • Resolution: Cannot Reproduce
    • Highest
    • None
    • 1.6.2, 2.0
    • SOAP
    • None

    Description

      If I create a Principal (or later change its password) using the SOAP-API, the password is always saved in plaintext in the database. The authenticatePrincipal call fails then, because it correctly tries the hashed form of the password.

      Setting the password on the same principal using the Web-GUI saves the hashed form in the database and the authentication works.

      The Repro can be found here: http://jira.atlassian.com/browse/CWD-1645

      The only workaround is to use plaintext passwords for the directory. Alternatively it should be possible to use the hashcode-APIs of the framework to calculate the password hashes on the client-side and pass the hashed password into the SOAP-call (createPrincipal, updatePrincipalCredential). Neither solution is satisfactory as it is just a workaround.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. CWD-1676 Password-complexity regex is not enforced when setting a password using soap

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              040c2f05355d Michael Ketting
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: