How do I hash the password for openidm-admin before the first startup of IDM 6.x?
The purpose of this article is to provide information on securing the openidm-admin password before starting IDM for the first time by hashing the password value. Normally IDM hashes the password on first startup of the instance; this information is only required if you want the password hashed prior to this. This article assumes the configuration and boot.properties are in place even though IDM is not yet running.
1 reader recommends this article
Hashing the password for openidm-admin
You can set the openidm-admin's password to a secure value before the first startup as follows:
- Execute the ./cli.sh secureHash command within the root of the IDM installation: $ cd /path/to/idm $ ./cli.sh secureHash newPassword
- Copy the return JSON object that is between the ----- BEGIN HASHED VALUE ---- and ----- END HASHED VALUE ------ lines, for example: -----BEGIN HASHED VALUE----- { "$crypto" : { "value" : { "algorithm" : "SHA-256", "data" : "xMJwQJCIUdhLCPIoQny9vp04coqadSBsC/iin4FsY+KfZJ10OO1C7gmN91tz2aFL" }, "type" : "salted-hash" } } ------END HASHED VALUE------
- Run a database query against the openidm-admin object to update the internaluser password, where the JSON object returned above is all on one line with all the spaces removed. For example, your query would look like this if you have a MySQL repository: update internaluser set pwd='{"$crypto":{"value":{"algorithm":"SHA-256","data":"xMJwQJCIUdhLCPIoQny9vp04coqadSBsC/iin4FsY+KfZJ10OO1C7gmN91tz2aFL"},"type":"salted-hash"}}'where objectid='openidm-admin';
- Start the IDM instance. You should be able to log in with your new password.
Note
You will not be able to log in with your new password if the JSON object included in the update has any spaces or spans multiple lines. Additionally, you will see a warning when you perform this update with a MySQL repository (but not with a PostgreSQL repository); this warning can be ignored.
See Also
FAQ: Installing and configuring IDM
Replacing Default Security Settings
Using the secureHash Subcommand
Related Training
N/A
Related Issue Tracker IDs
N/A