[keycloak-user] Custom password hash provider seems not getting triggered

Danny Trunk dt at zyres.com
Wed Mar 15 05:52:21 EDT 2017 

This is my CredentialInputValidator.isValid implementation of the user 
storage provider:

public boolean isValid(RealmModel realm, UserModel user, CredentialInput 
input) {
     if (!supportsCredentialType(input.getType()) || !(input instanceof 
UserCredentialModel)) {
         return false;
     }

     UserCredentialModel cred = (UserCredentialModel) input;
     String password = getPassword(user);

     logger.info("isValid: " + password + " - " + cred.getValue());
     return password != null && password.equals(cred.getValue());
}

After adding the logging here I can see that password is the hashed 
password from the db and cred.getValue() returns the raw password.

That's why I get an invalid credentials error message.

But I don't know why it's raw in cred.getValue().

Do I have to add the hash provider there manually?


Am 15.03.2017 um 08:06 schrieb Danny Trunk:
> I deployed the hash provider the same way I deployed the user storage
> provider: I've put the jar files into standalone/deployments:
>
> 2017-03-15 08:03:06,012 INFO  [org.jboss.as.repository]
> (DeploymentScanner-threads - 2) WFLYDR0001: Content added at location
> /opt/keycloak/standalone/data/content/5b/7be86171d601f1b725cec361a2ec9e4b8fb766/content
> 2017-03-15 08:03:06,015 INFO  [org.jboss.as.server.deployment] (MSC
> service thread 1-4) WFLYSRV0027: Starting deployment of
> "keycloak-navcrypt-provider.jar" (runtime-name:
> "keycloak-navcrypt-provider.jar")
> 2017-03-15 08:03:06,029 WARN  [org.jboss.as.dependency.private] (MSC
> service thread 1-4) WFLYSRV0018: Deployment
> "deployment.keycloak-navcrypt-provider.jar" is using a private module
> ("org.apache.commons.codec:main") which may be changed or removed in
> future versions without notice.
> 2017-03-15 08:03:06,030 WARN  [org.jboss.as.dependency.private] (MSC
> service thread 1-4) WFLYSRV0018: Deployment
> "deployment.keycloak-navcrypt-provider.jar" is using a private module
> ("org.apache.commons.lang:main") which may be changed or removed in
> future versions without notice.
> 2017-03-15 08:03:06,030 WARN  [org.jboss.as.dependency.private] (MSC
> service thread 1-4) WFLYSRV0018: Deployment
> "deployment.keycloak-navcrypt-provider.jar" is using a private module
> ("org.keycloak.keycloak-server-spi-private:main") which may be changed
> or removed in future versions without notice.
> 2017-03-15 08:03:06,040 INFO
> [org.keycloak.subsystem.server.extension.KeycloakProviderDeploymentProcessor]
> (MSC service thread 1-3) Deploying Keycloak provider: {0}
> 2017-03-15 08:03:06,076 INFO  [org.jboss.as.server]
> (DeploymentScanner-threads - 2) WFLYSRV0010: Deployed
> "keycloak-navcrypt-provider.jar" (runtime-name :
> "keycloak-navcrypt-provider.jar")
>
> Keycloak version is 2.5.4.Final
>
> In Server Info > Providers I can see my provider:
>
> password-hashing
>
> pbkdf2
> navcrypt
>
> Maybe I misunderstood the SPI? I'm expecting the hash provider to be
> called while authentication process.
>
> Am 14.03.2017 um 16:21 schrieb Bill Burke:
>> Hmm, the log message should be popping up.   How are you deploying your
>> hash provider?  Is it in the same jar as the User Storage Provider?  How
>> do you deploy this jar?  What version of Keycloak?
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list