Page History

...

• When a user account is used to login to JOC Cockpit then this includes to specify credentials such as user account, password or token that are forwarded to the respective Identity Service.
• More than one Identity Service can be active at a given time allowing to authenticate a user account with one out of a number of Identity Services or to force authentication with more than one Identity Service.

...

• To specify the user account/password a $credential object is created.
  • The above example exposes the account root and the password root directly to readers of the script.
  • Frequently users populate the credential object from a PowerShell profile that is automatically executed when running PowerShell scripts.
  • There are more ways how to populate credential objects, e.g. by reading a serialized object from a file.
• Please keep in mind that PowerShell credential objects are not secure. In fact they are based on a "secure string" datatype that does not expose a password immediately. However, secure strings are intended to prevent exposition of credentials during logging, they do not prevent a password from being decrypted like this:
  • $ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($credential.password)
$password = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($ptr)
  • The above two lines are sufficient to decrypt a secure string $credential.password to a plaintext plain text $password variable.:  

Connect-JS7 -Url http://root:root@127.0.0.1:4446 -Id controller

...