I would like to authenticate user using SSHA (salted SHA) encoded password (in the userPassword field). This method is available in other LDAP (OpenLDAP), and this is much more secure than SHA or MD5... If i try to use this method i get the following error message : [02/27/2007 16:52:40] SSHA MessageDigest not available java.security.NoSuchAlgorithmException: SSHA MessageDigest not available at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) at java.security.Security.getImpl(Security.java:659) at java.security.MessageDigest.getInstance(MessageDigest.java:129) at org.safehaus.penrose.util.PasswordUtil.encrypt(PasswordUtil.java:96) at org.safehaus.penrose.util.PasswordUtil.encrypt(PasswordUtil.java:80) at org.safehaus.penrose.util.PasswordUtil.comparePassword(PasswordUtil.java:224) at org.safehaus.penrose.util.PasswordUtil.comparePassword(PasswordUtil.java:203) at org.safehaus.penrose.handler.BindHandler.performBind(BindHandler.java:125) at org.safehaus.penrose.handler.BindHandler.bind(BindHandler.java:58) at org.safehaus.penrose.handler.Handler.bind(Handler.java:218) at org.safehaus.penrose.session.PenroseSession.bind(PenroseSession.java:120) at org.safehaus.penrose.ldap.PenroseAuthenticator.authenticate(PenroseAuthenticator.java:89) at org.apache.directory.server.core.authn.AuthenticationService.bind(AuthenticationService.java:488) at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.bind(InterceptorChain.java:1430) at org.apache.directory.server.core.normalization.NormalizationService.bind(NormalizationService.java:394) at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.bind(InterceptorChain.java:1430) at org.safehaus.penrose.ldap.PenroseInterceptor.bind(PenroseInterceptor.java:130) at org.apache.directory.server.core.interceptor.InterceptorChain.bind(InterceptorChain.java:726) at org.apache.directory.server.core.partition.PartitionNexusProxy.bind(PartitionNexusProxy.java:670) at org.apache.directory.server.core.partition.PartitionNexusProxy.bind(PartitionNexusProxy.java:699) at org.apache.directory.server.core.jndi.ServerContext.<init>(ServerContext.java:126) at org.apache.directory.server.core.jndi.ServerDirContext.<init>(ServerDirContext.java:82) at org.apache.directory.server.core.jndi.ServerLdapContext.<init>(ServerLdapContext.java:63) at org.apache.directory.server.core.DefaultDirectoryService.getJndiContext(DefaultDirectoryService.java:170) at org.apache.directory.server.core.jndi.AbstractContextFactory.getInitialContext(AbstractContextFactory.java:137) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134) at org.apache.directory.server.ldap.support.BindHandler.messageReceived(BindHandler.java:119) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:144) at org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler.messageReceived(LdapProtocolProvider.java:403) at org.apache.mina.common.support.AbstractIoFilterChain$2.messageReceived(AbstractIoFilterChain.java:189) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:502) at org.apache.mina.common.support.AbstractIoFilterChain.access$1000(AbstractIoFilterChain.java:52) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:777) at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimpleProtocolDecoderOutput.java:60) at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:185) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:502) at org.apache.mina.common.support.AbstractIoFilterChain.access$1000(AbstractIoFilterChain.java:52) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:777) at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243) at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690) at java.lang.Thread.run(Thread.java:619) It would be great if this was supported! Thanks! Additional Comments From jimyang dated Wed Feb 28 12:09:13 CST 2007 Temporary solution Please refer to http://docs.safehaus.org/display/DISC/Custom+Password+Encryption for HOWTO and Code Example. Additional Comments From endisd dated Thu May 17 21:18:20 CDT 2007 Penrose 1.2 has a new API that allows changing request parameters including password in all LDAP operations. The password type has been converted into byte array. ========================================================= Issue dump from jira $VAR1 = { 'priority' => '4', 'customFieldValues' => [], 'project' => 'PENROSE', 'status' => '5', 'components' => [ { 'name' => 'Engine', 'id' => '10009' } ], 'reporter' => 'hubertf', 'key' => 'PENROSE-205', 'assignee' => 'jimyang', 'summary' => 'SSHA Support for LDAP Authentication', 'id' => '10608', 'updated' => '2007-05-17 21:18:20.0', 'votes' => '0', 'fixVersions' => [ { 'releaseDate' => '2007-05-18 00:00:00.0', 'sequence' => '22', 'name' => 'Penrose-1.2', 'released' => 'true', 'id' => '10088', 'archived' => 'false' } ], 'description' => 'I would like to authenticate user using SSHA (salted SHA) encoded password (in the userPassword field). This method is available in other LDAP (OpenLDAP), and this is much more secure than SHA or MD5... If i try to use this method i get the following error message : [02/27/2007 16:52:40] SSHA MessageDigest not available java.security.NoSuchAlgorithmException: SSHA MessageDigest not available at sun.security.jca.GetInstance.getInstance(GetInstance.java:142) at java.security.Security.getImpl(Security.java:659) at java.security.MessageDigest.getInstance(MessageDigest.java:129) at org.safehaus.penrose.util.PasswordUtil.encrypt(PasswordUtil.java:96) at org.safehaus.penrose.util.PasswordUtil.encrypt(PasswordUtil.java:80) at org.safehaus.penrose.util.PasswordUtil.comparePassword(PasswordUtil.java:224) at org.safehaus.penrose.util.PasswordUtil.comparePassword(PasswordUtil.java:203) at org.safehaus.penrose.handler.BindHandler.performBind(BindHandler.java:125) at org.safehaus.penrose.handler.BindHandler.bind(BindHandler.java:58) at org.safehaus.penrose.handler.Handler.bind(Handler.java:218) at org.safehaus.penrose.session.PenroseSession.bind(PenroseSession.java:120) at org.safehaus.penrose.ldap.PenroseAuthenticator.authenticate(PenroseAuthenticator.java:89) at org.apache.directory.server.core.authn.AuthenticationService.bind(AuthenticationService.java:488) at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.bind(InterceptorChain.java:1430) at org.apache.directory.server.core.normalization.NormalizationService.bind(NormalizationService.java:394) at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.bind(InterceptorChain.java:1430) at org.safehaus.penrose.ldap.PenroseInterceptor.bind(PenroseInterceptor.java:130) at org.apache.directory.server.core.interceptor.InterceptorChain.bind(InterceptorChain.java:726) at org.apache.directory.server.core.partition.PartitionNexusProxy.bind(PartitionNexusProxy.java:670) at org.apache.directory.server.core.partition.PartitionNexusProxy.bind(PartitionNexusProxy.java:699) at org.apache.directory.server.core.jndi.ServerContext.<init>(ServerContext.java:126) at org.apache.directory.server.core.jndi.ServerDirContext.<init>(ServerDirContext.java:82) at org.apache.directory.server.core.jndi.ServerLdapContext.<init>(ServerLdapContext.java:63) at org.apache.directory.server.core.DefaultDirectoryService.getJndiContext(DefaultDirectoryService.java:170) at org.apache.directory.server.core.jndi.AbstractContextFactory.getInitialContext(AbstractContextFactory.java:137) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134) at org.apache.directory.server.ldap.support.BindHandler.messageReceived(BindHandler.java:119) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:144) at org.apache.directory.server.ldap.LdapProtocolProvider$LdapProtocolHandler.messageReceived(LdapProtocolProvider.java:403) at org.apache.mina.common.support.AbstractIoFilterChain$2.messageReceived(AbstractIoFilterChain.java:189) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:502) at org.apache.mina.common.support.AbstractIoFilterChain.access$1000(AbstractIoFilterChain.java:52) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:777) at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimpleProtocolDecoderOutput.java:60) at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:185) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:502) at org.apache.mina.common.support.AbstractIoFilterChain.access$1000(AbstractIoFilterChain.java:52) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:777) at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243) at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665) at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690) at java.lang.Thread.run(Thread.java:619) It would be great if this was supported! Thanks!', 'affectsVersions' => [], 'created' => '2007-02-27 10:33:00.0', 'environment' => 'Linux', 'resolution' => '1', 'type' => '4' }; =========================================================
Marking bug as MODIFIED as it was already resolved in Jira - PENROSE-205