The OpenAM Capture and Replay password feature can be really handy in some scenarios. Unfortenately, for some reason, it does not work when the authentication is made through the REST interface, but we can use a pretty simple workaround to that issue.

The OpenAM Capture and Replay password feature is a post authentication plugin which captures the password during authentication, encrypts it and stores it in the user session. Then, the password could be retrieved, decrypted and replayed elsewhere. Here is an example of such a process.

Unfortunately, the above feature bugs when the user authenticates through the REST interface (and by the way, it bugs even through the new XUI ). This is because the post authentication class replaypassword.java, assumes that the password is contained in the request parameter IDToken2, whereas that is just the case when using the OpenAM classic UI.

So the quickest workaround is to pass the password as a GET or, preferably, a POST parameter, as following :

dchikhaoui@janua-laptop:~/Servers/tomcat7$ curl --request POST --header "X-OpenAM-Username: dchikhaoui" --header "X-OpenAM-Password: Daly1234" --header "Content-Type: application/json" --data "{}" 
IDToken2=Daly1234
{"tokenId":"AQIC5wM2LY4Sfcz2MwyHvnl1h6PYpVfEeLrmi2d1Fjqp908.*AAJTSQACMDEAAlNLABQtNjY3MDQxNDI1ODE1OTU1NjAyNA..*","successUrl":"/openam/console"}

dchikhaoui@janua-laptop:~/Servers/tomcat7$ curl "https://openam.example.com:8080/openam/identity/attributes?subjectid=AQIC5wM2LY4Sfcz2MwyHvnl1h6PYpVfEeLrmi2d1Fjqp908.*AAJTSQACMDEAAlNLABQtNjY3MDQxNDI1ODE1OTU1NjAyNA..*&attributenames=sunIdentityUserPassword"
userdetails.token.id=AQIC5wM2LY4Sfcz2MwyHvnl1h6PYpVfEeLrmi2d1Fjqp908.*AAJTSQACMDEAAlNLABQtNjY3MDQxNDI1ODE1OTU1NjAyNA..*
userdetails.attribute.name=sunIdentityUserPassword
userdetails.attribute.value=U4wg3rhGtju/x9k1aLOfgg==

 

janua
Les derniers articles par janua (tout voir)