Get the answer here ...
You can get the plain text password entered by user for OpenSSO server login / authentication, at agent / client side with following configuration steps :
1) Add "com.sun.identity.wss.security.useHashedPassword=false" property at OpenSSO server side and agent/client side.
2) Add a new value "com.sun.identity.authentication.spi.WSSReplayPasswd" in Access Control -> Top Level Realm -> Authentication -> Advanced Properties -> Authentication Post Processing Classes, on OpenSSO server side.
3) Make sure you have same value for "am.encryption.pwd" on OpenSSO server side and agent/client side.
After this, following can be executed on agent/client side :
String encryptedPassword = ssoToken.getProperty("EncryptedUserPassword");
String clearPassword = Crypt.decrypt(encryptedPassword);