How to check raw text is match with hashed password in custom endpoint script of forgerock-idm

salbertelli01 · April 22, 2022, 6:58pm

1. How to check raw text is match with hashed password in custom endpoint script of forgerock-idm

Posted yesterday

I’ve create a custom endpoint for change userPassword via idm. with data:

{
"userId": "d263d111-68ad-5f8c-5ced-53c91a3af74e",
"currentPassword": "Admin@111",
"newPassword": "Admin@111"
}

Idea is if currentPassword input is match with hash password => patch password of managedUser.
Current password schemas is: PBKDF2-HMAC-SHA256
Hashed password in DS is: {PBKDF2-HMAC-SHA256}10:fZ+HYYqutbG+j88FfrTpLBV8xr1xOzpwZPcNKcSOZcPJkMkUgilN3wWzEc7yqjNz.

Raw text is Admin@111.

My question is does openidm support checking one way hashing password? and how can i perform it? thanks

Tung Nguyen

salbertelli01 · April 22, 2022, 7:33pm

2. RE: How to check raw text is match with hashed password in custom endpoint script of forgerock-idm

Sheila Albertelli

Posted one second ago

Hi Tung,

Thank you for your questions.

The following KB article should help with answering your questions and provide a further understanding of how IDM does one way hashing of passwords and how checks are performed.

How do I synchronize hashed passwords from IDM (All versions) to DS (All versions)?

If you have further questions beyond the article you may want to consider opening a support ticket.

I hope this helps!

Best regards,
Sheila

Sheila Albertelli
ForgeRock Knowledge Engineer Lead