Solutions

How to encrypt LDAP bind passwords stored in the Configuration.xml file of a VM SSO Server



ID:    S141849
Published:    10 August 2016
Updated:    08 March 2017

Operating System(s)

  • All Unix
  • All Windows

Product(s)

  • PVCS Version Manager
 

Description

By default, LDAP bind passwords stored in the SSO server Configuration.xml file are stored in plain text. Is there a way to encrypt this value if the SSO server is running as part of the Serena VM Web Application Server?

 

Resolution

To encrypt that password, do the following:
  1. If you are running VM 8.4 or VM 8.5:
     
    • Windows users should download the attached script sso_encstring.bat and place it in the directory VM_Install_Dir\vm\common\bin
    • Linux/UNIX users should download the attached script sso_encstring and place it in the directory VM_Install_Dir/vm/common/bin
       
    The sso_encstring utility is included with Version Manager as of VM 8.6.
     
  2. Open a command prompt shell in the directory VM_Install_Dir\vm\common\bin.
     
  3. Run the command:

        sso_encstring -e "YourPassword"

    Example:

        C:\Program Files (x86)\Serena\vm\common\bin>sso_encstring -e "TopSecret"

       enc:b0b10100000018505361c321090255800cc1b81334ad4cf9db219f6f96568bf6d31b344a24c58931576bd07b1491fa569e1ce8487f37178d0d9abdbc60400b0d70698766c90913

       C:\Program Files (x86)\Serena\vm\common\bin>

     
  4. Open the Configuration.xml file containing the SSO server configuration.

    In VM 8.5 and beyond this file is located at VM_Install_Dir\vm\common\tomcat\webapps\idp\WEB-INF\conf\Configuration.xml

    In VM 8.4 this file is located at VM_Install_Dir\vm\common\tomcat\webapps\TokenService\WEB-INF\conf\Configuration.xml

    (Linux/UNIX uses the same paths with forward slashes.)
     
  5. Lookup the XML entries for the password(s) you would like to encrypt, for example:

        <Setting Name="java.naming.security.credentials" Type="xsd:string">TopSecret</Setting>
     
  6. Change the attribute type from "xsd:string" to "htf:encstring", then replace the plain-text password with the output of the sso_encstring command.

    Example:

        <Setting Name="java.naming.security.credentials" Type="htf:encstring">enc:b0b10100000018505361c321090255800cc1b81334ad4cf9db219f6f96568bf6d31b344a24c58931576bd07b1491fa569e1ce8487f37178d0d9abdbc60400b0d70698766c90913</Setting>
     
  7. Restart the Serena VM Web Application Server.
To find out what password was stored in a given field, run the command:
 
sso_enstring -d EncryptedPassword
 
Example:
 
C:\Program Files (x86)\Serena\vm\common\bin>sso_encstring -d enc:b0b10100000018505361c321090255800cc1b81334ad4cf9db219f6f96568bf6d31b344a24c58931576bd07b1491fa569e1ce8487f37178d0d9abdbc60400b0d70698766c90913

TopSecret

C:\Program Files (x86)\Serena\vm\common\bin>

Attachment

File NameFile SizeDownLoad
sso_encstring.bat 839Bytes HTTPS
sso_encstring 573Bytes HTTPS

Rate this Solution

Find Answers

Type a question or describe what you are looking for below

My Recent Searches

Welcome kb sso

Additional Assistance

  • Submit a Case Online
  • FAQs