Generic REST AFX Connector does not encrypt Additional Parameters when defined as Encrypted in RSA Identity Governance & Lifecycle
Originally Published: 2020-07-29
Article Number
Applies To
RSA Version/Condition: 7.1.1, 7.2.0
Issue
This problem is best illustrated with an example. In the example below an additional parameter has been added to a Generic REST Connector to contain a password value. Because it is a password, the value is defined to be encrypted. In the RSA Identity Governance & Lifecycle user interface go to AFX > Connectors > {Name of Generic REST Connector} > Edit > Settings tab > Add More Parameters button.
The new field is added to the bottom of the Settings tab page.
After the connector is saved and redeployed, the connector configuration file ($AVEKSA_HOME/AFX/esb/apps/AFX-CONN-<connector-name>/connector-flow.xml) shows the value in clear text:
<body><username>AveksaAdmin</username><password><Password></password></body>
The expected content of the configuration file is output similar to the following:
<body><username>AveksaAdmin</username>
<password>ENCAx8w(u+pIwCc+Y1Vkwk5NMdiTkkiBwwOrRafwUnQSAx3bdpiGZMQCcxfTyQ==)</password></body>
Cause
Resolution
- RSA Identity Governance & Lifecycle 7.1.1 P07
- RSA Identity Governance & Lifecycle 7.2.0 P01
