Password migration from ForgeRock to Auth0 (Okta CIC)

Get Help
,
1

Hi Experts,

We need to migrate users from “ForgeRock” to “Okta CIC”. From the user export, I can see currently password is salted hash as below:

userPassword: {SSHA512}dP6RRV0oJGlhpLAHeyTU1sVcaG71eBJp9xbDFS7MalYgb4o0+6dT530EKlnms3dKYXX/InNQ2nhgIOHq3Jndl2E4yNIJftmOw/a/CjrtIa4=

Imported user into Okta CIC, imported successfully:

[{
        "email": "mytest098768@gmail.com",
        "email_verified": true,
        "custom_password_hash": {
            "algorithm": "sha512",
            "hash": {
                "value": "dP6RRV0oJGlhpLAHeyTU1sVcaG71eBJp9xbDFS7MalYgb4o0+6dT530EKlnms3dKYXX/InNQ2nhgIOHq3Jndl2E4yNIJftmOw/a/CjrtIa4=",
				"encoding": "base64"
            }
        }
    }
]

But when I am trying to authenticate it’s not letting me, and log says below error. If anyone could help.

"{
        "error": {
            "message": "Password change required.",
            "reason": "Verification failed for the provided custom_password_hash: {'algorithm':'sha512','hash':{'value':'dP6RRV0oJGlhpLAHeyTU1sVcaG7...','encoding':'base64'},'salt':{'value':''}}"
        }
    }

Manys thanks,
Aditya

3

Hi @aditya.b.gautam, and thank you for your question!

I can see in the error snippet you have provided that the salt value is missing. This could cause the system to deem the password insecure and trigger this error, so that the passwords change and are secured properly.

  "error": {
            "message": "Password change required.",
            "reason": "Verification failed for the provided custom_password_hash: {'algorithm':'sha512','hash':{'value':'dP6RRV0oJGlhpLAHeyTU1sVcaG7...','encoding':'base64'},'salt':{'value':''}}"
        }

Perhaps something goes wrong in the migration process where the salt is parsed.

1 Like