I have update JIRA from 4.2 to 4.4 . We used CAS for login both JIRA and Confluence , I have solved the problem with login as LDAP user that will compare the username and password with the count in LDAP . But as we need to add client user who don`t have count in LDAP and need to login as internal user. We used a method to encrypt the raw password and compare the encrypted password with password in JIRA db , this worked well in JIRA 4.2 . Now after upgrade to 4.4 I found that the encrypted password is not as same as the one store in JIRA db so that the client user can`t access JIRA through CAS .
I wonder if JIRA 4.4 have changed the encrypt method ? could anyone tell me which method JIRA is using for encrypting the raw password?
Community moderators have prevented the ability to post new answers.
The password encryption standard has indeed changed, as it now uses the same password encryption algorithm as Crowd. I would recommend to check out PasswordEncoder in crowd-password-encoders, in the JIRA source. Specifically, you should review the encodePassword method, which details our new password encryption algorithm implementation.
Hi ,
I find that there are several methods to encrypt password , I have tried to use some of them , but the return value is not matched the one store in JIRA database . And I found that when I used *AtlassianSecurityPasswordEncoder* and *LdapMd5PasswordEncoder* to encode password the result will change every time , this makes me fell confused.
So could you please tell me which one is the 'real' encodePassword using in jira 4.4.5?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.