000027474 - AxM - can the user password be exported as a user property

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000027474
Applies ToAccess Manager 6X
All OS
IssueAxM - can the user password be exported as a user property
Is it possible to export the users password as a header variable
Resolution

This is not possible. By design, the user password is part of the standard attribute set which is not an optional user property. The standard attribute set can be exported by special exception in aserver.conf.  You will notice the behavior, for example, that if you try to make the users password a property, admingui would throw the error "property already exists". The same is true for the remaining standard attributes (see below). There are obvious security implications with exporting a user password as a header variable as well, and therefore it is not allowed.

# Optional parameter specifying a list of attributes to be automatically
# exported to clients as user properties.
#
# Allowed Values:
#   A comma-separated list of attributes to be exported, of the form
#   attributename:propertyname.
#
#   The "attributename" must be one of the following:
#   firstname | lastname | certdn | email | groups
#
#   Most of these map directly to user attributes in the data store, but
#   "groups" is a comma-separated list of groups for which the user is a
#   member.
#
# Default Value:
#   None
#
# Note:
#   The "groups" list can take some time to assemble due to the data
#   store queries required. Only request this attribute if necessary.
#
#
# Example:
#   To export the user's first name and email address:
#   cleartrust.data.source.standard_attribute_export_list=firstname:ctfn,email:ctemail
#
cleartrust.data.source.standard_attribute_export_list=

By default, this parameter is left blank.

From the aserver perspective, if you look at the aserver.conf, for the standard attribute set, you'll find the below parameter which allows the following standard attributes to be exported...as you can see from this list, user password is not included, therefore there is no way to export it.

 

Legacy Article IDa48806

Attachments

    Outcomes