Distributed Learning Technologies

RFC - Blackboard Learn pw hash clearing

Up until August 2018, IAM account provisioning was set up to store cryptographically secure password hashes in Blackboard Learn's internal database, which could allow users to log into BbLearn directly even if other authentication systems were offline. In order to maximize security, BbLearn is now forcing users to log in through centralized authentication systems, and there is no further need to store those hashes.

This change will upload new, randomized passwords for all IAM-managed user accounts in BbLearn. Testing indicates that the randomized password cannot be used to log in; the primary purpose of this change is to remove stored hashes from the internal database.

Before the scheduled date:
- Generate a series of SIS integration files which each contain up to 10,000 password reset records (expect 16 files)

On the scheduled date:
- Pause PeopleSoft integration script on bbutilprd
- Upload pre-generated SIS integration files, one at a time
- Monitor system stability
- Once all files are processed, unpause PS integration script on bbutilprd

In testing, processing each file of 10,000 records took roughly 544 seconds; if we assume 10-15 minutes processing time per file, we should anticipate that this process will take between 2.5 and 4 hours.