When you specify the AttributeLevelEncryption data classification for attributes in the directory configuration file (directory.xml), CA IdentityMinder encrypts the attribute value in the user store. In the User Console, the value appears in clear text.
The following attribute description shows the AttributeLevelEncryption data classification:
<ImsManagedObjectAttr physicalname="title" description="Title" displayname="Title" valuetype="String" maxlength="0" searchable="false">
<DataClassification name="AttributeLevelEncrypt"/>
</ImsManagedObjectAttr>
In environments with the following configuration, enabling attribute level encryption for passwords prevents users from logging in:
In this release, the AttributeLevelEncryption data classification is removed from the password attribute in the following directory configuration (directory.xml) files:
These files are located in the admin_tools directory.
Note: For more information on managing sensitive attributes, see the Configuration Guide.
|
Copyright © 2013 CA.
All rights reserved.
|
|