Created by James Hurrell on Mar 04, 2021
This information is valid only for  2.0.0-beta6 releases of CAST Imaging.

Summary: this page describes how to encrypt the password required for the security.ldap.account.password parameter when LDAP authentication is used.

Introduction

When configuring CAST Imaging to use LDAP authentication, the parameter security.ldap.account.password must be populated with the LDAP service account password:

# -----------------------------
# Parameters for ldap mode
# -----------------------------
security.ldap.url=
security.ldap.account.dn=
security.ldap.account.password=
security.ldap.usersearch.base=
security.ldap.usersearch.filter=
security.ldap.groupsearch.base=
security.ldap.groupsearch.filter=
security.ldap.groupsearch.base.filter=

By default, this password is passed in clear text and this can represent a potential security risk. If your organization requires this password to be encrypted, you can use the following instructions to do so.

Encryption process

To use the encryption tool, an installation of the Java runtime is required and the Java executable should be present in the PATH or JAVA_HOME environment variables.

Microsoft Windows traditional installer and Docker for Windows

Open a command prompt (CMD) and navigate to the following location:

Traditional Windows installer: %PROGRAMFILES%\CAST\ImagingSystem\login\

Docker Installer (located in the unzipped extension folder): login\

Run the aip-encryption-tool.bat file to load the encryption tool. Enter the password you wish to encrypt and then click the Encrypt button:

The encrypted password is shown in the Encrypted field. This is used when configuring LDAP, explained below.

Linux

This tool currently only functions when Linux is installed with a GUI.

Navigate to:

Docker Installer (located in the unzipped extension folder): login\

Run dos2unix and provide execute privileges to the aip-encryption-tool.sh file: 

$ dos2unix aip-encryption-tool.sh
$ chmod +x aip-encryption-tool.sh

Execute the script file to load the encryption tool:

./aip-encryption-tool.sh

Enter the password you wish to encrypt and then click the Encrypt button:

The encrypted password is shown in the Encrypted field. This is used when configuring LDAP, explained below.

Using the encrypted password

When you have encrytped the password, use this in place of the clear text password in the following file:

Traditional Windows installer: %APPDATA%\CAST\ImagingSystem\login\application.properties
 
Docker Installer (located in the unzipped extension folder):
server\login\application.properties or login\application.properties

For example:

# -----------------------------
# Parameters for ldap mode
# -----------------------------
security.ldap.url=
security.ldap.account.dn=
security.ldap.account.password=CRYPTED2:90B1A6EC1618661401B724D
security.ldap.usersearch.base=
security.ldap.usersearch.filter=
security.ldap.groupsearch.base=
security.ldap.groupsearch.filter=
security.ldap.groupsearch.base.filter=