[keycloak-user] Keycloak 3.2.0 issue with PasswordHashProvider SPI
Sarp Kaya
akaya at expedia.com
Mon Jul 17 20:32:02 EDT 2017
Hello,
I know that this is an internal SPI but I believe it’s broken.
I realised that interface has been changed, now it’s giving the iterations directly for the “encode” method. The problem is it’s always calling encode method with iterations valued –1 regardless of what you put in the UI. I realised that in keycloak for "Pbkdf2PasswordHashProvider” it’s defaulting to 20000 iterations; but if you want this to be higher or lower, it doesn’t work either (since iterations will always be –1)
My question is, could you please check this? Also if you don’t support “internal SPIs” how are we going to use other encryption methods such as bcrypt or scrypt etc?
More information about the keycloak-user
mailing list