0

We'd like to switch Identity Provider (and Web Access Manager), and also the user directory we use, but would like to do so without users needing to change their password.

We currently have the SSHA of the passwords.

I'm expecting to write code to perform the migration. I don't mind how complex the code has to be, rather my concern is whether such a migration is possible at all.

MS Active Directory would be our preferred user store, but I believe that it can not have new users set up in it with a particular password hash. Is that correct?

What user directory stores can be populated with users already set up with a SSHA password?

What Identity Provider and Access Management products work with those stores?

Stephen Denne
  • 231
  • 3
  • 7

1 Answers1

1

Novell's eDirectory supports pre-hashed passwords. There are actually three different passwords available in eDirectory. The RSA Key paired legacy password, the Simple Password and Universal Password.

Simple Password can take a SHA1 hashed password and allow users to login. One the first login, the policy can be set to then copy that password to Universal Password, at which point the user is migrated to the more proper and modern password store.

Novell Identity Manager and Access Manager provide excellent Identity synchronization, provisioning, and Access management to eDirectory.

Of course, you could use eDirectory with Simple passwords, and once the users login with Simple password synchronize that change event to Active Directory.

geoffc
  • 2,135
  • 5
  • 25
  • 37