While MD5 may not be the most effective way to secure data, it is used by some database applications and other systems. For more info on MD5, you can check: http://en.wikipedia.org/wiki/MD5

Once in a while, when configuring password sync/reset support for applications and systems for a given project, we stumble on MD5 hashed values.

Figure 1: Example Database Application that stores user credentials in MD5.

Figure 1: Example Database Application that stores user credentials in MD5.

ECMAScript(aka Javascript) can be used both in workflows(Form Editor) and with IdM drivers through Policy Builder and be called as a function to operate a transformation on a password or attribute value to turn it into a MD5 hash. Using Google, I was able to spot a few examples quickly.

Figure 2: Creating a ECMAScript object in the library.

Figure 2: Creating a ECMAScript object in the library.

Figure 3: Referencing the ECMAScript object from driver config.

Figure 3: Referencing the ECMAScript object from driver config.

Figure 4: Using Policy Builder to transform/reformat password or attribute value.

Figure 4: Using Policy Builder to transform/reformat password or attribute value.

DirXML Script example:

			<do-reformat-op-attr name="LMSPassword">
				<arg-value type="string">
					<token-xpath expression="es:calcMD5(string($MD5Pwd))"/>
				</arg-value>
			</do-reformat-op-attr>
			
			

I am storing the value to be hashed in a local variable called MD5Pwd in the action before the action that actually hashes the value, using $MD5Pwd as the argument for my calcMD5 function.

MD5 hash is not reversible(in theory) so we can use this example to provide support for password reset, and password check, but not to obtain the original value(before hash) on the Publisher channel for password sync.

You can download my ECMAScript object below.

generate_md5_value.zip

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading...Loading...
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
mbluteau
By: mbluteau
Apr 20, 2011
10:40 am
Reads:
1,507
Score:
Unrated