问题
I am trying to encrypt the UserStore connection password in WSO2 Identity Server (usr-mgt.xml) using ciphertool.bat ( using WSO2 version 5.0.0).
I have a jks file with same password for key and keystorepassword. In ciphertool.properties, modified following line as:
UserStoreManager.Property.ConnectionPassword=repository/conf/user-mgt.xml
I generated a encrypted password by using ciphertool.bat -DConfigure command and I updated ciphertext.properties file as:
UserStoreManager.Property.ConnectionPassword=RG1Bz7q0VbyTLJ3t2yCKaoquXkZZ0XrgKZ8PgsYp4F4NNiIJ4c16aCEa2AkdYFL+jaPVmbOF/lFK1A0EWFXO35UsQ28DkwtiDKw9er4USm3DML9OlG+Ve/QNXF3RoiLG00DJGeRrqFTuz5SpphGJk1ShidEYvIyzx/5KK4BK1r0CHfMTqNFvwwAr8QY6uUD/bgbn8T99LrleRJu6fA76l77CaruISBdtf/bx1BdE30xN/+OJ5l3R9qrswLNEafxPRiHcvwuHP5BI31m6WiZ/6zUt5+P0NYCYF8aw7qNPt99+z5KAzslrk1pV3fOIirs7skhGwWDuayMa6HUU5f9CyA==
Not sure how I should tell the usr-mgt.xml file to use encrypted password. I just tried updating properties file as <Property name="ConnectionPassword">RG1Bz7q0VbyTLJ3t2yCKaoquXkZZ0XrgKZ8PgsYp4F4NNiIJ4c16aCEa2AkdYFL+jaPVmbOF/lFK1A0EWFXO35UsQ28DkwtiDKw9er4USm3DML9OlG+Ve/QNXF3RoiLG00DJGeRrqFTuz5SpphGJk1ShidEYvIyzx/5KK4BK1r0CHfMTqNFvwwAr8QY6uUD/bgbn8T99LrleRJu6fA76l77CaruISBdtf/bx1BdE30xN/+OJ5l3R9qrswLNEafxPRiHcvwuHP5BI31m6WiZ/6zUt5+P0NYCYF8aw7qNPt99+z5KAzslrk1pV3fOIirs7skhGwWDuayMa6HUU5f9CyA==</Property>
This fails. Apparently it works when I use unencrypted password. This means the usr-mgt.xml file fails to understand that it should read the password as encrypted.
回答1:
It seems to be you missing the order. First you need to update the ciphertext.properties file according to your requirement. After that you can run the ciphertool.bat -DConfigure command and encrypt the password.
P.S. - This blog entry help you more about Secure Vault.
来源:https://stackoverflow.com/questions/36842470/how-to-encrypt-ldap-userstore-password-in-usr-mgt-xml-in-wso2