Persistence Script#
By overriding the interface methods in PersistenceType inside a custom script you can
- Load initialization data from DB or initialize services after the creation of Entry Manager.
- Release resources, terminate services etc. after the destruction of Entry Manager.
- Create hashed passwords
- Compare hashed passwords
What is an Entry Manager?
The Janssen server's Peristence Layer can be any one of LDAP, MySQL database, Postgres database, Couchbase etc. Information about an entity (person, session, client, scripts etc) constitutes an Entry. The Entry Manager (CRUD operations) implementation for each type of Persistence is available in the Janssen server and the relevant Entry Manager ( LDAPEntryManager, SQLEntryManager, etc.) is created when the server starts up.
Usage#
The Jans-Auth server contains a PeristenceType
script.
Hashed Passwords#
Hashed passwords can be created using any method from this enum, instead of the native/default SSHA256. The ORM module of the Janssen server does the following:
- When User entry is persisted and
userPassword
is specified, ORM callscreateHashedPassword
- User authenticates and the password is checked, the ORM module invokes
compareHashedPasswords
- We need to specify which one to use in
/etc/gluu/conf/jans-couchbase.properties
password.encryption.method: SSHA-256
-
Implementation
createHashedPassword
andcompareHashedPasswords
the script:-
Creation
def createHashedPassword(self, credential): hashed_password= PasswordEncryptionHelper.createStoragePassword(credential, PasswordEncryptionMethod.HASH_METHOD_PKCS5S2) return hashed_password
-
Comparing Hashed Password:
def compareHashedPasswords(self, credential, storedCredential): auth_result = PasswordEncryptionHelper.compareCredentials(credential, storedCredential) return auth_result
-
Created: 2022-05-18