Can anyone point me to how PingFederate can authenticate accounts with salted MD5 hash passwords?
Thanks.
Can anyone point me to how PingFederate can authenticate accounts with salted MD5 hash
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Can anyone point me to how PingFederate can authenticate accounts with salted MD5 hash passwords?
Thanks.
The use case you’re after isn’t totally clear – but I’m going to assume you are acting as an Identity Provider (IdP) with PingFederate and you have accounts stored in some system / database that have their passwords MD5 hashed (with a salt).
Depending on the version of PingFederate being used you may need a custom IdP Adapter (pre-6.6) or a custom Password Credentials Validator (6.6 and up). The PingFederate SDK has Javadocs that describe the API’s required along with sample code. Your custom adapter/PCV will be some Java code that looks up the user’s account, MD5-salt-hashes the incoming password and compares that result with the stored account. If it’s a match, the custom code will return a status code that indicates so.
You will of course then need your SP connection(s) then configured to use this IdP Adapter / PCV (within the HTML or HTTP Basic auth adapter).