Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-107

SHASaltedPasswordStorage is not properly retrieving stored hashes

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • PLINK_3.0.0.beta1
    • PLINK_3.0.0.alpha1
    • IDM
    • None

    Description

      Good morning guys, steps to reproduce the issue:

      1 - Grab the sources from https://github.com/abstractj/aerogear-controller-demo and switch to picketlink branch (which uses PicketLink only)

      Follow these steps:

      1. Deploy aerogear-controller-demo
      2. Try to login with username: john password: 123
      4. Use the restricted admin page to register a new user
      5. Delete the newly created user
      6. Logout
      7. Try to login with username: john password: 123

      PasswordCredentialHandler will throw NPE during the execution of the method validate because getEncodedHash will be null during login. Looks like SHASaltedPasswordStorage is not properly retrieving hashes from the database.

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. AEROGEAR-1005 Aerogear-Controller-Demo The login procedure for registered users does not work properly after deleting the admin user

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          relates to

          Bug - A problem that impairs or prevents the functions of the product. AEROGEAR-1005 Aerogear-Controller-Demo The login procedure for registered users does not work properly after deleting the admin user

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              anil.saldhana Anil Saldanha (Inactive)
              boliveir_managed_kafka_security (inactive user) Bruno Oliveira Silva (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: