Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-1659

Passwords set using the SOAP-API are always stored in Plaintext, even if Hashed-Passwords are enabled for the directory

    • Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: Highest Highest
    • None
    • 1.6.2, 2.0
    • SOAP
    • None

      If I create a Principal (or later change its password) using the SOAP-API, the password is always saved in plaintext in the database. The authenticatePrincipal call fails then, because it correctly tries the hashed form of the password.

      Setting the password on the same principal using the Web-GUI saves the hashed form in the database and the authentication works.

      The Repro can be found here: http://jira.atlassian.com/browse/CWD-1645

      The only workaround is to use plaintext passwords for the directory. Alternatively it should be possible to use the hashcode-APIs of the framework to calculate the password hashes on the client-side and pass the hashed password into the SOAP-call (createPrincipal, updatePrincipalCredential). Neither solution is satisfactory as it is just a workaround.

            [CWD-1659] Passwords set using the SOAP-API are always stored in Plaintext, even if Hashed-Passwords are enabled for the directory

            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 - restricted [ 1510830 ] New: JAC Bug Workflow v3 [ 3365294 ]
            Owen made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 [ 1391762 ] New: Simplified Crowd Development Workflow v2 - restricted [ 1510830 ]
            Owen made changes -
            Workflow Original: Crowd Development Workflow v2 [ 273603 ] New: Simplified Crowd Development Workflow v2 [ 1391762 ]
            jawong.adm made changes -
            Workflow Original: JIRA Bug Workflow v2 [ 181295 ] New: Crowd Development Workflow v2 [ 273603 ]
            Justin Koke made changes -
            Resolution New: Cannot Reproduce [ 5 ]
            Status Original: Open [ 1 ] New: Closed [ 6 ]
            Justin Koke made changes -
            Fix Version/s Original: 2.0.4 [ 15040 ]
            David O'Flynn [Atlassian] made changes -
            Priority Original: Major [ 3 ] New: Blocker [ 1 ]
            David O'Flynn [Atlassian] made changes -
            Fix Version/s New: 2.0.4 [ 15040 ]
            Michael Ketting made changes -
            Link New: This issue is related to CWD-1676 [ CWD-1676 ]
            Michael Ketting created issue -

              Unassigned Unassigned
              040c2f05355d Michael Ketting
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: