000016782 - AxM 6.1.4: How to obtain a users old password in a password hook event.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016782
Applies ToRSA Access Manager 6.1.4 (SP4)
 AxM 6.1.4: How to obtain a users old password in a password hook event.

The PasswordHookEvent(sirrus.da.admin.User user, String password, String eventType, StringBuffer exceptionMessage) does not have access to the users old password.
CauseThe password hook event is generated whenever any action changes the users password.  There are two adminAPI calls that lead to this event:
1. The adminAPI call setPassword has no knowledge of the users current password, it is not available to this call in any manner!  
2. There is a separate adminAPI call resetPassword that is intrinsically aware of the users current password as it is used as an authentication parameter in the call.   
In the release version of Access Manager 6.1.4, there was no feature to return the old password.
ResolutionA change has been introduced in hofix for RSA Access Manager 6.1.4 that adds the ability to retrieve the users old password in the PasswordHookEvent.  Note that *only* passwords changed with resetPassword will return a result. If setPassword was used to change the password, then the call will return a null.
    public PasswordHookEvent(User user, String password, String oldPassword, String eventType, StringBuffer exceptionMessage)
Legacy Article IDa60891