search cancel

Password visible in Additional details when approver is approving request in Portal

book

Article ID: 202555

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

When in Portal and approving a new user the Password is visible in Additional details when approver is approving request for new user creation.


Environment

Release : 14.3

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Cause

There have been reports that Passwords have begun to show in the Additional Information area of a Portal approval after upgrading to 14.3 Cp2, indicating that this may be an unintended result of another fix, but after review with our SE team, the password is being shown based on the configuration of the Screen configured for the Task the Portal Form is using within Identity Manager itself.

Resolution

The following shows an example of how the Screen configuration of the IDM task results in the Password showing in the Portal, and how we tracked down and eliminated the password from the Additional Information area.

We reviewed the Portal Form to see what the Task the form is configured with.
This action in Portal is setup with the "[Portal]Modify User with workflow two stage" task in IDM:

Looking at the actual Task in IDM, the Password had been added to the "Default User Search" Profile screen which is the default screen for the [Portal]Modify User with workflow two stage task in IDM.

After remove the password value from the screen:


We no longer see the Password in Additional Information:


By default, the ‘Default User Profile’ screen does not contain the Password value, so one of 2 things possibly occurred;
1. Someone manually updated the search screen to include the password, or
2. Using deployment express to add modules to Portal may have updated this task with the Password option, based on the requirements of the module. 


If you have built your own Profile screen then the likely simplest solution is to remove the Password attribute from that screen.

If you are using the ‘Default User profile’ screen the recommendation would be to make a copy of the Default User Profile screen, remove the Password from the new profile screen and set that as for use for the task.  This is recommended as there could be other Tasks using the default screen that could be impacted by removing the Password causing you other work in other tasks.