The passwordHasher
property of the /atg/userprofiling/PropertyManager
component points to a password hashing configuration utility that handles password encryption. The PasswordHasherConfigurer
identifies the password hasher using the passwordKeyDerivationFunction
that is identified in the pwdHasherComponentPath
property in the userProfile.xml
file.
The passwordHasher
property of the /atg/userprofiling/PropertyManager
component points to a password hasher component that handles password encryption. By default, this property is set as follows:
passwordHasher=/atg/dynamo/security/DigestPasswordHasher
Change this property to ensure consistency with the LDAP password encryption method you’ve chosen. For Oracle Directory Server, set the passwordHasher
property like this:
passwordHasher=/atg/adapter/ldap/NDSPasswordHasher
The NDSPasswordHasher
component supports SHA or no encryption. Set the encryption
property of the /atg/adapter/ldap/NDSPasswordHasher
to the appropriate value:
encryption=SHA
to use SHA password encryption, or
encryption=clearText
to disable password encryption.
For LDAP servers other than Oracle Directory Server, you may need to create your own PasswordHasher
implementation, if none of the PasswordHasher
implementations included in the Oracle Commerce Platform meet your requirements. See the Password Hashing section in the Customizing Application Security chapter of the Platform Programming Guide for more information.
See User Profiling Tools in the Working with User Profiles chapter for more information about configuring the PropertyManager
component.