The OpenAM Capture and Replay password feature can be really handy in some scenarios. Unfortenately, for some reason, it does not work when the authentication is made through the REST interface, but we can use a pretty simple workaround to that issue.

The OpenAM Capture and Replay password feature is a post authentication plugin which captures the password during authentication, encrypts it and stores it in the user session. Then, the password could be retrieved, decrypted and replayed elsewhere. Here is an example of such a process.

Unfortunately, the above feature bugs when the user authenticates through the REST interface (and by the way, it bugs even through the new XUI ). This is because the post authentication class, assumes that the password is contained in the request parameter IDToken2, whereas that is just the case when using the OpenAM classic UI.

So the quickest workaround is to pass the password as a GET or, preferably, a POST parameter, as following :



Specialised in IAM (security, access control, identity management) and Open Source integration, settled in 2004 by IAM industry veteran, JANUA offers high value-added products and services to businesses and governements with a concern for Identity Management and Open Source components.
JANUA provides better security, build relationships, and enable new cloud, mobile, and IoT offerings from any device or connected thing.

Les derniers articles par Daly (tout voir)