-
Bug
-
Resolution: Cannot Reproduce
-
Highest
-
None
-
1.6.2, 2.0
-
None
If I create a Principal (or later change its password) using the SOAP-API, the password is always saved in plaintext in the database. The authenticatePrincipal call fails then, because it correctly tries the hashed form of the password.
Setting the password on the same principal using the Web-GUI saves the hashed form in the database and the authentication works.
The Repro can be found here: http://jira.atlassian.com/browse/CWD-1645
The only workaround is to use plaintext passwords for the directory. Alternatively it should be possible to use the hashcode-APIs of the framework to calculate the password hashes on the client-side and pass the hashed password into the SOAP-call (createPrincipal, updatePrincipalCredential). Neither solution is satisfactory as it is just a workaround.
- is related to
-
CWD-1676 Password-complexity regex is not enforced when setting a password using soap
-
- Closed
-
[CWD-1659] Passwords set using the SOAP-API are always stored in Plaintext, even if Hashed-Passwords are enabled for the directory
Workflow | Original: Simplified Crowd Development Workflow v2 - restricted [ 1510830 ] | New: JAC Bug Workflow v3 [ 3365294 ] |
Workflow | Original: Simplified Crowd Development Workflow v2 [ 1391762 ] | New: Simplified Crowd Development Workflow v2 - restricted [ 1510830 ] |
Workflow | Original: Crowd Development Workflow v2 [ 273603 ] | New: Simplified Crowd Development Workflow v2 [ 1391762 ] |
Workflow | Original: JIRA Bug Workflow v2 [ 181295 ] | New: Crowd Development Workflow v2 [ 273603 ] |
Resolution | New: Cannot Reproduce [ 5 ] | |
Status | Original: Open [ 1 ] | New: Closed [ 6 ] |
Fix Version/s | Original: 2.0.4 [ 15040 ] |
Priority | Original: Major [ 3 ] | New: Blocker [ 1 ] |
Fix Version/s | New: 2.0.4 [ 15040 ] |