How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I hash the password for openidm-admin before the first startup of IDM 5.x and 6.x?

Last updated Feb 24, 2021

The purpose of this article is to provide information on securing the openidm-admin password before starting IDM for the first time by hashing the password value. Normally IDM hashes the password on first startup of the instance; this information is only required if you want the password hashed prior to this. This article assumes the configuration and boot.properties are in place even though IDM is not yet running.


1 reader recommends this article

Hashing the password for openidm-admin

You can set the openidm-admin's password to a secure value before the first startup as follows:

  1. Execute the ./cli.sh secureHash command within the root of the IDM installation: $ cd /path/to/idm $ ./cli.sh secureHash newPassword
  2. Copy the return JSON object that is between the ----- BEGIN HASHED VALUE ---- and ----- END HASHED VALUE ------ lines, for example: -----BEGIN HASHED VALUE----- {   "$crypto" : {     "value" : {       "algorithm" : "SHA-256",       "data" : "xMJwQJCIUdhLCPIoQny9vp04coqadSBsC/iin4FsY+KfZJ10OO1C7gmN91tz2aFL"     },     "type" : "salted-hash"   } } ------END HASHED VALUE------
  3. Run a database query against the openidm-admin object to update the internaluser password, where the JSON object returned above is all on one line with all the spaces removed. For example, your query would look like this if you have a MySQL repository: update internaluser set pwd='{"$crypto":{"value":{"algorithm":"SHA-256","data":"xMJwQJCIUdhLCPIoQny9vp04coqadSBsC/iin4FsY+KfZJ10OO1C7gmN91tz2aFL"},"type":"salted-hash"}}'where objectid='openidm-admin';
  4. Start the IDM instance. You should be able to log in with your new password.
Note

You will not be able to log in with your new password if the JSON object included in the update has any spaces or spans multiple lines. Additionally, you will see a warning when you perform this update with a MySQL repository (but not with a PostgreSQL repository); this warning can be ignored.

See Also

FAQ: Installing and configuring IDM

Integrator's Guide › Replacing Default Security Settings

Integrator's Guide › Using the secureHash Subcommand

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.