Layer7 Access Management

Expand all | Collapse all

IDM Pwd history - decrypting old SiteMinder data

  • 1.  IDM Pwd history - decrypting old SiteMinder data

    Posted 10-05-2015 02:15 PM

    Migrated from idm 12.5 sp12 (siteminder protected) to idm 12.6 sp5 (non-siteminder protected) -- Unable to get your pwd history:


    Siteminder uses a different encryption process than IdM and IdM is unable to read the data encrypted with Siteminder that we migrated over. Is there a way to export the data, decrypt it into plain text and re-import it into IdM.  This would encrypt the Password History in the correct format and everything would be restored. because currently IDM is not storing password history b/c its unable to decrypt the old data. Removing the old data would work and idm can start saving pwd history but that's not an option. Currently users are able to use old pwds which is a security risk.

  • 2.  Re: IDM Pwd history - decrypting old SiteMinder data

    Posted 10-07-2015 03:42 AM

    Hi there,

    If I understand correctly you want to encrypted SiteMinder passwords, as well as the password data (last login, password history and password change time) to be migrated to IDM 12.6 SP5.

    This is not a straight forward task and it very much depends on how you have configured your SiteMinder password decryption.

    Accroding to Password Formats - Apache HTTP Server Version 2.2 These could be "CLEAR, SHA1, MD5".

    If the password was salted this adds complexity to the task.

    If I understand correctly, SiteMinder password storeage is in hex and IDM is in Base64

    So like the example in the article Convert Base 64 encoded data to ASCII Text the text of "Mary had" is converted to "4D 61 72 79 20 68 61 64" of hex and "TWFyeSBoYWQ=" of Base64.


    In order to achieve this you would have to retrieve the hex format passwords, and then convert to Base64 and store them again.

    I think our CA Services have some experience in performing this task and it would be worth while to contact them in order to achieve this.