Hello everyone - popping a question in here, just in case someone has experience solving this particular problem I'm facing.
I'm working on a project where I need to migrate user accounts from Drupal to Okta, and am stuck dealing with the salt/hash on the password.
If anyone has done this sort of thing before, I'd love a bit of help if you can spare a few minutes.
After much Googling, Stack-Overflowing, reading Drupal code and the Okta API docs - I'm a bit stuck. I'm doing this with a JSON file of exported users, and using Node to process.
1. I get the `pass` field from the Drupal user
2. I extract the `salt` and `hash` from the `pass`
Here's how I get the settings, salt and hash from the Drupal `pass`:
const hashType = pass.substring(0,3)
const rounds = pass.substring(3,4)
const salt = pass.substring(4,12)
const hash = pass.substring(12)
I'm then calling Okta's`/api/v1/users?activate=true` with
profile: { email: mail, login: username },
credentials: { password: { hash: { algorithm: 'SHA-512', salt: salt, saltOrder: 'PREFIX', value: hash }}}
which successfully creates the user, but on attempting sign in, gets rejected.
I've tried:
1. switching the saltOrder to POSTFIX
2. base64 decoding the hash
3. base64 decoding then encoding the hash
4. Every combination of the above
Please help, as I don't know what else to try, and I can't find any examples of Drupal user accounts being imported into Okta.
I believe I'm correctly following: https://developer.okta.com/docs/reference/api/users/#hashed-password-object
And I'm using information from:
https://stackoverflow.com/questions/9876700/migrate-passwords-from-drupa...
and
https://drupal.stackexchange.com/questions/176008/getting-password-hashe...
and
https://www.openwall.com/articles/PHP-Users-Passwords
I'd be grateful for any advice you can offer.