How to Remove Attribute-Level Encryption
If you have an encrypted attribute in the CA IdentityMinder Directory and it is stored with the value of that attribute as a clear text, then you can remove the AttributeLevelEncrypt data classification.
Once the data classification has been removed, CA IdentityMinder stops encrypting the new attribute values. Existing values are decrypted when you save the object which is associated with the attribute.
Note: To decrypt the attribute value, the task that you use to save the object must include the attribute. For example, to decrypt a password for an existing user, you save the user object with a task that includes the password field, such as the Modify User task.
To force CA IdentityMinder to detect and decrypt any encrypted values that remain in the user store for the attribute, you can specify another data classification, PreviouslyEncrypted. The clear text value is saved to the user store when you save the object.
Note: Adding the PreviouslyEncrypted data classification adds extra processing on every object load. To prevent performance issues, consider adding the PreviouslyEncrypted data classification, loading and saving each object that is associated with that attribute, and then removing the data classification. This method automatically converts all stored encrypted values to stored clear text.
Follow these steps:
For example:
<ImsManagedObjectAttr physicalname="salary" displayname="Salary" description="salary" valuetype="String" required="false" multivalued="false" maxlength="0" searchable="false"> <DataClassification name="PreviouslyEncrypted"/>
Note: For more information about the Bulk Loader, see the Administration Guide.
|
Copyright © 2013 CA.
All rights reserved.
|
|