Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to mask password value shown in change password provisioning comment

poonammhetre
New Contributor II
New Contributor II

‎03/14/2024 10:39 AM

Hello,

We are using REST connector to perform the change password operation for one of our application. We have noticed that when change password gets failed due to escape characters then it shows passowrd in plain text in provisioning comment.

auditDetails":{"call1":[{"message":"Unrecognized character escape '2' (code 50)\n at [Source: {\"password\":\"example\\26\"}; line: 1, column: 24]","status":"Failed"}

 

Below is the change password code we are using.

 

{
"call": [
{
"name": "call1",
"connection": "userAuth",
"url": "https://xxxxx/ords/sis_owner/xxx/idm/staff/${user.employeeid}",
"httpMethod": "POST",
"httpParams": "{\"password\":\"${org.apache.commons.lang.StringEscapeUtils.escapeJava(arsTasks.getPassword())}\"}",
"httpHeaders": {
"Content-Type": "application/json",
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": {
"statusCode": [
200,
201,
204
]
}
}
]
}

 

Is there any way to not to show the password in provisioning comment if change password operation fails due to some reason.

 

Thanks,

Poonam

Labels:
0 Kudos
5 REPLIES 5

rushikeshvartak
All-Star
All-Star

‎03/14/2024 08:21 PM

In case of success does it captures of shows password ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

poonammhetre
New Contributor II
New Contributor II

‎03/14/2024 11:57 PM

@rushikeshvartak  Yes, It shows the password only in case of failure in provisioning.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to poonammhetre

‎03/17/2024 06:58 PM

Use passport policy and escape characters causing issue


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

NM
Regular Contributor III
Regular Contributor III

‎03/15/2024 12:49 AM

Hi @poonammhetre , is it using the same password that is shown in the log at the time of failure? once the task is completed successfully? or does it send out a different one..?

0 Kudos

poonammhetre
New Contributor II
New Contributor II
In response to NM

‎03/15/2024 03:23 AM

@NM  It shows same password in provisioning comment which user has entered during change password operation.

0 Kudos
Copyright © 2024 Khoros, LLC