Configuring the hash algorithm for attribute storage

Edit online

Hashing encodes a character string as a fixed-length bit string for comparison. Context-based access hashes certain attributes by default. You can change the hash algorithm and specify additional attributes that you want to hash.

About this task

By default, when attributes are stored in the context-based access database, the attributes that exceed the maximum length according to the schema are hashed. You can also specify any other attribute that you require to be hashed. For example, you might want to hash values that are considered confidential or private.

The default hash algorithm that context-based access uses for storing these attributes is SHA256. Context-based access also uses the default when the hash algorithm is not configured properly. You can specify any other hash algorithm that Java™ Security supports.

Procedure

  1. Log in to the local management interface.
  2. Click AAC.
  3. Under Global Settings, click Advanced Configuration.
  4. Under Key, find the name of the property that you must work with.
  5. Take one of the following actions:
    • Configure the attributeCollection.attributesHashEnabled property.
      1. Click the edit icon Edit.
      2. Enter the Identifier names of the attributes that you want the attributeCollection.attributesHashEnabled property to hash. For example: urn:ibm:security:environment:http:userAgent, urn:ibm:security:environment:deviceFonts, urn:ibm:security:environment:browserPlugins
        To find the list of attributes that context-based access can hash, complete the following steps:
        1. Log in to your local management interface
        2. Click AAC
        3. Under Policy, click Attributes.
        4. Select the name of an attribute, and click Modify attributes Modify attributes.
        5. Under Modify Attribute, find the Identifier of the attribute.
        6. Use the Identifier of the attribute in your list of attributes that you want context-based access to hash.
        7. Click Cancel to exit.
    • Configure the attributeCollection.hashAlgorithm property.
      1. Click the edit icon Edit.
      2. Set the value for the attributeCollection.hashAlgorithm property to one of the following values:
        • SHA1
        • SHA512
        • SHA256
      3. Click Save.
  6. When you make changes to the properties, the appliance displays a message that there are undeployed changes. If you are finished making changes, deploy them.