IBM Security Verify

Shape the future of IBM Security Verify

We invite you to shape the future of IBM, including the product roadmap, by submitting ideas that matter to you the most.

Here's how it works:

Post your ideas

Start by posting ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea

Submit a private idea

If you have confidential information or customer data to share with your idea, then - DO NOT submit using the link below, instead - please open a private feature request.

And finally - if its an issue with expected behaviour, a product defect or a support need, open a Support Case

Migrated password logic

We need to migrate our users with their passwords, but these passwords are hashed. Even though using SHA256 is mor or less standarized the way you mixed a salt with a password is not. We need to be able to migrate our salts and the passwords and define a function to check if a plain password is correct. That way we can have a first login configuration where if this migratedPassword exists for the user the systems checks if the password entered is valid using the user defined function. Then it can execute a first login custom behavior or show the change password page so it defines a new password and deletes de migratedpassword (could be optional). It would be great if we could define the function in javascript. It should have access to user data and have a crypto lib with sha256 included.

We have 700.000 users so password migration is important. 

  • Guest
  • Sep 10 2019
  • Not under consideration
  • Guest commented
    14 Jan, 2020 02:37am

    Passwords can be imported to CI through a CSV with a password, and salt. CSV files must be provided to IBM support for processing. It may take a few days for the process to complete.

  • Guest commented
    27 Sep, 2019 04:35pm

    No, we have the users in a database and we are storing hashes of the password + salt.

  • Guest commented
    27 Sep, 2019 03:23pm

    We do support LDIF migration for IBM Security Directory Server customers. Can you share if this is what you have today?

  • Guest commented
    10 Sep, 2019 12:11pm

    If the database option is used we should be able to write a sql script to check if the password is correct.

  • Guest commented
    10 Sep, 2019 12:09pm

    Another solution could be to be able to configure a secure connection to a user service or database so if the user is marked as first login it goes to that service or database to check if the password is correct. This would allow to migrate users without the passwords and have a first login logic to set a new stronger password in CI o to execute custom logic for the scenario

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.