search cancel

Create a Superuser Administrator for the DSA using different hashing Algorithm "SHA-256", "SHA-512", "SSHA-512"


Article ID: 16566


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



Create a Superuser Administrator Password for DSA using Advanced hash algorithm such as "SHA-256", "SHA-512", "SSHA-512" via JXplorer:

If I create a user in the directory using JXplorer and use "SHA" as the password hash method, then I can then perform a dxsearch or an ldapsearch using this user and password. However if I use any other password hash method (e.g. "SHA-256", "SHA-512", "SSHA-512"), then when I try to perform the exact same dxsearch or ldapsearch, then it fails with an error message of "invalid credentials".


Component: SMSSO


There is a known bug in JXplorer, that does not handle non SHA1 entries correctly and adds whitespace in the middle of the userPassword hash value:

A workaround is :

1. Open Jxplorer, open a connection to the DSA

2. Select the 'User' -> go to "userPassword" attribute.

3. Change the hashing algorithm to use "SHA-512" or higher encryption algorithm

4. Go to "Advanced Editor" and remove whitespaces (in the middle of) in the "ldap value", click OK.

5. Submit.

6. Reconnect to JXplorer using the user credentials. (or) perform a dxsearch or an ldapsearch using this user and password.

Or an alternatively another LDAP client such as Apache DS could be used.