Symantec IGA

  • Private Community

  • 1.  Password history decryption

    Posted May 23, 2018 08:03 AM

    CA IDM is currently used for self service and password policies are set to validate last 7 passwords. 

    IDM will be decommissioned. However, password history stored in user store to be validated upon self service password reset from applications.

    Requirement is to de crypt password history (UserStore is ODSEE) by directly searching this field on Directory. With no IDM we cannot use TEWS call to validate. So, we have to rely on JNDI custom code and validate this history field against new password user would enter.

     

    My question is how do we decrypt Password History field in userstore to validate that new password is not one amongst existing values in it?

     

    Appreciate any pointers!



  • 2.  Re: Password history decryption
    Best Answer

    Posted May 25, 2018 10:36 AM

    I found the following article which says that the "Out-of-the-box, the Identity Manager API cannot be used to access and decrypt this field."

     

    How to retrieve the information in the Password Da - CA Knowledge 



  • 3.  Re: Password history decryption

    Posted Jun 08, 2018 04:07 AM

    Hello,

     

    Can you please assist us where we can setup this functionality to validate last entered passwords ? We also need to setup similar functionality when a manager tries to reset his employee's password.

     

    Thanks,

    Shashank



  • 4.  Re: Password history decryption

    Posted Jun 08, 2018 04:22 AM

    If you setup password policies according to requirement, IDM will

    automatically take care of it on all screens where password would need to

    be updated.

     

     

     

    Thanks,

     

    *Sai *

     

     

     

    From: Sh4sh4nk

    Sent: 08 June 2018 12:08

    To: Sai Kumar Valluri

    Subject: Re:  - Re: Password history decryption

     

     

    CA Communities <https://communities.ca.com/?et=watches.email.thread>

     

     

    Re: Password history decryption

     

    reply from Sh4sh4nk

    <https://communities.ca.com/people/Sh4sh4nk?et=watches.email.thread> in *CA

    Identity Management* - View the full discussion

    <https://communities.ca.com/message/242120173-re-password-history-decryption?commentID=242120173&et=watches.email.thread#comment-242120173>



  • 5.  Re: Password history decryption

    Posted Jun 08, 2018 04:36 AM

    Hello Sai,

     

    Thanks for the response, we are also trying to setup password policy but when we are not able to configure it to our requirement where we want password validation to be done with last five passwords. Below is the screenshot where we are trying to achieve this, can you help us here ?

     

    We tried with putting 100 in Percent different from last password , but it did not help.

     

     

    Thanks,

    Shashank



  • 6.  Re: Password history decryption

    Posted Jun 08, 2018 04:57 AM

    You have to put, Number of password before reuse to be 5 to meet your

    requirement.

     

    Regards,

    Sai

     

    On Fri, Jun 8, 2018 at 12:37 PM, Sh4sh4nk <



  • 7.  Re: Password history decryption

    Posted Jun 08, 2018 07:37 AM

    Hello Sai,

     

    We did try this as well but it did not work , do you have any other suggestion here ?

     

    Any kind of assistance will be highly appreciated.

     

    Thanks,

    Shashank



  • 8.  Re: Password history decryption

    Posted Jun 08, 2018 07:56 AM

    I have it working in similar way. May be you need working session to check

    why its not working for you.

     

    Regards,

    Sai

     

    On Fri, Jun 8, 2018 at 3:38 PM, Sh4sh4nk <



  • 9.  Re: Password history decryption

    Posted Jun 08, 2018 08:00 AM

    Thanks Sai , will contact Support for this to have them check the configuration here.