WebSphere Portal Server - Retrieving and decrypting user's portal password in WPS 5.0 for SSO

Author

Retrieving and decrypting user's portal password in WPS 5.0 for SSO

Michael Nguyen

2004-01-19, 3:01 pm

In my portlet, I need to retrieve the user's portal password
to establish SSO with other systems. The JAAS code

service = (CredentialVaultService)
context.getService(CredentialVaultService.class);
set = subject.getPrincipals(com.ibm.wps.sso.PasswordCredential.class);

used to work in WPS 4.2 but not in WPS 5.0
So I switched to the following code

User user;
String password;

user = request.getUser();
password =user.getAttribute("userPassword");

But in this case, the password is encrypted. What API can I use
to decrypt the portal password ? I use Domino 5.0 LDAP
and its lotus.domino.NotesFactory.createSession class
does not have that API. Thank you for your help.

Michael Nguyen,

Mattias Abrahamsson

2004-01-19, 3:01 pm

This is hopefully impossible to do. Passwords stored in LDAP-directories are
most often oneway-hashed using an algorithm such as SHA or similar. This
oneway-algorithm is used to prevent exactly the thing you are trying to do.

Regards,
Matt

"Michael Nguyen" <michael@frontiersolutionsinc.com> wrote in message
news:3FD21B3B.9090409@frontiersolutionsinc.com...

quote:

> In my portlet, I need to retrieve the user's portal password
> to establish SSO with other systems. The JAAS code
>
> service = (CredentialVaultService)
> context.getService(CredentialVaultService.class);
> set = subject.getPrincipals(com.ibm.wps.sso.PasswordCredential.class);
>
> used to work in WPS 4.2 but not in WPS 5.0
> So I switched to the following code
>
> User user;
> String password;
>
> user = request.getUser();
> password =user.getAttribute("userPassword");
>
> But in this case, the password is encrypted. What API can I use
> to decrypt the portal password ? I use Domino 5.0 LDAP
> and its lotus.domino.NotesFactory.createSession class
> does not have that API. Thank you for your help.
>
> Michael Nguyen,
>