[keycloak-user] Keycloak customised credential model

Dmitry Telegin dt at acutus.pro
Wed Aug 1 20:10:40 EDT 2018 

Hi,

Agree with Pedro, I'd also recommend creating a custom JPA entity for your credentials and use it in your authenticator.

Or maybe there is another way - to file a RFE in JIRA, so maybe the developers are OK with increasing the field length to, say, 32K?

Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

On Wed, 2018-08-01 at 09:51 -0300, Pedro Igor Silva wrote:
> Maybe this can help?
> 
> https://www.keycloak.org/docs/latest/server_development/index.html#_extensions_jpa
> 
> On Wed, Aug 1, 2018 at 9:25 AM, Mangna POUTOULI <mangna.poutouli at gmail.com>
> wrote:
> 
> > We desire to create customised credential SPI for device fingerprinting. We
> > developed an authenticator SPI but we got an issue about credential size.
> > By default standard credential model limits the secret attribute to 4 KB.
> > Our fingerprint requires around 30 KB. What is the best way to solve this
> > issue ? Based on our research, I think there are 3 different approaches:
> > 
> >    1. split the fingerprint in 4K blocks. Simple to develop but it will
> >    increase credential table entries by 8 ! Also, the 4K default size might
> >    change in a future release.
> >    2. extend userstorage and credentialModel classes. I’m not sure of this
> >    solution as the users are local to Keycloak.
> >    3. extend UsercredentialStore and create a new credential table.
> > 
> > From my perspective, this should be the best solution but not sure it will
> > be possible. I’ll be happy to get community advice. Thanks,
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list