Configure the hash algorithm for attribute storage

Hashing encodes a character string as a fixed-length bit string for comparison. Context-based access hashes certain attributes by default. We can change the hash algorithm and specify additional attributes to hash.

By default, when attributes are stored in the context-based access database, the attributes that exceed the maximum length according to the schema are hashed. We can also specify any other attribute that we require to be hashed. For example, we might want to hash values that are considered confidential or private.

The default hash algorithm that context-based access uses for storing these attributes is SHA256. Context-based access also uses the default when the hash algorithm is not configured properly. We can specify any other hash algorithm that Java™ Security supports.

Steps

  1. Log in to the local management interface.

  2. Click AAC.

  3. Under Global Settings, click Advanced Configuration.

  4. Under Key, find the name of the property that we must work with.

  5. Take one of the following actions:

    • Configure the attributeCollection.attributesHashEnabled property.

      1. Click the edit icon Edit.

      2. Enter the Identifier names of the attributes that we want the attributeCollection.attributesHashEnabled property to hash. For example: urn:ibm:security:environment:http:userAgent, urn:ibm:security:environment:deviceFonts, urn:ibm:security:environment:browserPlugins To find the list of attributes that context-based access can hash, complete the following steps:

        1. Log in to your local management interface

        2. Click AAC

        3. Under Policy, click Attributes.

        4. Select the name of an attribute, and click Modify attributes Modify attributes.

        5. Under Modify Attribute, find the Identifier of the attribute.
        6. Use the Identifier of the attribute in the list of attributes that we want context-based access to hash.

        7. Click Cancel to exit.

    • Configure the attributeCollection.hashAlgorithm property.

      1. Click the edit icon Edit.

      2. Set the value for the attributeCollection.hashAlgorithm property to one of the following values:

        • SHA1
        • SHA512
        • SHA256

      3. Click Save.

  6. When when making changes to the properties, the appliance displays a message there are undeployed changes. If we are finished making changes, deploy them.

Parent topic: Attributes