000039184 - Generic REST AFX Connector does not encrypt Additional Parameters when defined as Encrypted in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Jul 30, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000039184
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.1, 7.2.0
 
IssueThe Generic REST AFX Connector does not encrypt Additional Parameters when they are defined as Encrypted in RSA Identity Governance & Lifecycle. Once the connector deploys, the connector configuration file $AVEKSA_HOME/AFX/esb/apps/AFX-CONN-<connector-name>/connector-flow.xml) shows the value in clear text.

This problem is best illustrated with an example. In the example below an additional parameter has been added to a Generic REST Connector to contain a password value. Because it is a password, the value is defined to be encrypted. In the RSA Identity Governance & Lifecycle user interface go to AFX > Connectors > {Name of Generic REST Connector} > Edit > Settings tab > Add More Parameters button.
 
User-added image


The new field is added to the bottom of the Settings tab page.

User-added image

The new value is used in the body of the Login capability of the connector. AFX > Connectors > {Name of Generic REST Connector} > Edit > Capabilities tab > Login.
 
User-added image



After the connector is saved and redeployed, the connector configuration file ($AVEKSA_HOME/AFX/esb/apps/AFX-CONN-<connector-name>/connector-flow.xml) shows the value in clear text:


<body>&lt;username&gt;AveksaAdmin&lt;/username&gt;&lt;password&gt;<Password>&lt;/password&gt;</body>


The expected content of the configuration file is output similar to the following:

<body>&lt;username&gt;AveksaAdmin&lt;/username&gt;
&lt;password&gt;ENCAx8w(u+pIwCc+Y1Vkwk5NMdiTkkiBwwOrRafwUnQSAx3bdpiGZMQCcxfTyQ==)&lt;/password&gt;</body>


 
CauseThis is a known issue reported in engineering ticket ACM-103474.
 
ResolutionThis issue is resolved in the following RSA Identity Governance & Lifecycle patches:
  • RSA Identity Governance & Lifecycle 7.1.1 P07
  • RSA Identity Governance & Lifecycle 7.2.0 P01

 

Attachments

    Outcomes