Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-25887

Allow PORTAL_AUTH to use a different digest than MD5

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 10.3
    • Component/s: Authentication
    • Impact type:
      Configuration Change
    • Upgrade notes:
      Hide

      To change the digest algorithm used by PORTAL_AUTH, use a contribution like:

        <require>org.nuxeo.ecm.platform.ui.web.auth.WebEngineConfig</require>
        <require>org.nuxeo.ecm.platform.login.Portal</require>
        <extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="authenticators">
          <authenticationPlugin name="PORTAL_AUTH">
            <loginModulePlugin>Trusting_LM</loginModulePlugin>
            <parameters>
              <parameter name="secret">...</parameter> <!-- shared secret between the portal and Nuxeo server -->
              <parameter name="maxAge">...</parameter> <!-- in seconds -->
              <parameter name="digestAlgorithm">SHA-512<parameter>
            </parameters>
          </authenticationPlugin>
        </extension>
      

      The algorithm used must be one of those described in https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#MessageDigest

      For compatibility with previous Nuxeo versions, the default is MD5.

      Show
      To change the digest algorithm used by PORTAL_AUTH, use a contribution like: <require> org.nuxeo.ecm.platform.ui.web.auth.WebEngineConfig </require> <require> org.nuxeo.ecm.platform.login.Portal </require> <extension target= "org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point= "authenticators" > <authenticationPlugin name= "PORTAL_AUTH" > <loginModulePlugin> Trusting_LM </loginModulePlugin> <parameters> <parameter name= "secret" > ... </parameter> <!-- shared secret between the portal and Nuxeo server --> <parameter name= "maxAge" > ... </parameter> <!-- in seconds --> <parameter name= "digestAlgorithm" > SHA-512 <parameter> </parameters> </authenticationPlugin> </extension> The algorithm used must be one of those described in https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#MessageDigest For compatibility with previous Nuxeo versions, the default is MD5 .
    • Sprint:
      nxFG 10.3.7

      Description

      PORTAL_AUTH currently requires MD5 as the digest algorithm. We should make this configurable for people who want to use a stronger digest algorithm.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour
                1h

                  PagerDuty

                  Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.