Provisioning & Password syncronization

Sort:
You are not authorized to post a reply.
Author
Messages
crawfordm
New Member
Posts: 1
New Member
    I'm new to Lawson, and more experienced with the middleware that Lawson9 uses, (WAS, LDAP, etc) so need some assistance on a couple of issues. I'm using TAMeb (WebSEAL) to secure Lawson, however we would like to provision users using ITIM, or use IDI to syncronize the passwords between Lawson and TAM. However Lawson uses "Bouncy Castle" to encrypt the passwords stored in the LDAP. It is responsible for encrypting the users password (using the selected algorithm) and storing it in the Lawson LDAP. The password is encrypted and stored in a text string similar to "PASSWORD=XXXXXXXX". This raises a series of questions: 1: From a sysadmin perspective, can we change the "Bouncy Castle" settings AFTER its initial configuration? 2: Is it essential, and if not, can the "Bouncy Castle be turned off, removed, or replaced? 3: If required, can "Bouncy Castle" be set to not-encrypt the passwords? 4: If required, can we set the "Bouncy Castle" algorithm to be identical to the LDAP native encryption? Has anyone dealt with a requirement to password syncronize Lawson to other repositiories or applications?
    trueblueg8tor
    Advanced Member
    Posts: 41
    Advanced Member
      I don't know much about "Bouncy Castle" or much about WebSeal but I'm assuming that it's an LDAP. We use CA's eTrust and when LSF was first installed the SSOP was stored in our ADAM. After a "ssop bind" command was done LSF then let our eTrust Ldap authenticate users logging into portal. This way Lawson or ADAM did not store the password, thus our users only have to change their passwords in one place. Hope this helps.
      You are not authorized to post a reply.