<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue-Light, Helvetica Neue Light, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div><span></span></div><div id="yui_3_16_0_1_1426499522055_5852">Kalinga - The latest published version is 1.1 and you can find the documentation at the below link.</div><div id="yui_3_16_0_1_1426499522055_5851"><br></div><div id="yui_3_16_0_1_1426499522055_5850"><a id="yui_3_16_0_1_1426499522055_5849" href="http://keycloak.jboss.org/docs">http://keycloak.jboss.org/docs</a></div><div id="yui_3_16_0_1_1426499522055_5853"><br></div><div id="yui_3_16_0_1_1426499522055_5870" dir="ltr">Raghu<br>&nbsp; </div><div id="yui_3_16_0_1_1426499522055_5830" style="font-family: HelveticaNeue-Light, Helvetica Neue Light, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div id="yui_3_16_0_1_1426499522055_5829" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div id="yui_3_16_0_1_1426499522055_5828" dir="ltr"> <hr size="1">  <font id="yui_3_16_0_1_1426499522055_5827" face="Arial" size="2"> <b><span style="font-weight: bold;">From:</span></b> Kalinga Dissanayake &lt;kalinga@leapset.com&gt;<br> <b><span style="font-weight: bold;">To:</span></b> Stian Thorgersen &lt;stian@redhat.com&gt; <br><b><span style="font-weight: bold;">Cc:</span></b> keycloak-user@lists.jboss.org <br> <b><span style="font-weight: bold;">Sent:</span></b> Monday, March 16, 2015 6:32 AM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [keycloak-user] Customization of authentication mechanism and +<br> </font> </div> <div class="y_msg_container" id="yui_3_16_0_1_1426499522055_5873"><br><div id="yiv2518617105"><div id="yui_3_16_0_1_1426499522055_5872"><font face="arial" size="2"></font><div style="margin: 0px; padding: 0px; font-family: arial; font-size: 10pt; -ms-word-wrap: break-word;">Stian,</div>
<div id="yui_3_16_0_1_1426499522055_5871" style="margin: 0px; padding: 0px; font-family: arial; font-size: 10pt; -ms-word-wrap: break-word;">Thanks&nbsp; for responding in a matter of few minutes.</div>
<div style="margin: 0px; padding: 0px; font-family: arial; font-size: 10pt; -ms-word-wrap: break-word;">&nbsp;</div>
<div style="margin: 0px; padding: 0px; font-family: arial; font-size: 10pt; -ms-word-wrap: break-word;">I will then look to see if i can manage my doing changes on the Authentication Manager class for now.</div>
<div style="margin: 0px; padding: 0px; font-family: arial; font-size: 10pt; -ms-word-wrap: break-word;">Further, I will have a look at the user provider and get back to u.</div>
<div style="margin: 0px; padding: 0px; font-family: arial; font-size: 10pt; -ms-word-wrap: break-word;">btw, Is the content on this link outdated;</div>
<div id="yui_3_16_0_1_1426499522055_5877" style="margin: 0px; padding: 0px; font-family: arial; font-size: 10pt; -ms-word-wrap: break-word;"><span id="yui_3_16_0_1_1426499522055_5876" style="font-family: monospace;"><span id="yui_3_16_0_1_1426499522055_5875" style="color: rgb(128, 0, 0);"> <a id="yui_3_16_0_1_1426499522055_5874" href="" rel="nofollow" shape="rect">http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/authentication-spi.html</a></span></span></div>
<div id="yui_3_16_0_1_1426499522055_5878" style="margin: 0px; padding: 0px; font-family: arial; font-size: 10pt; -ms-word-wrap: break-word;">&nbsp;</div>
<div style="margin: 0px; padding: 0px; font-family: arial; font-size: 10pt; -ms-word-wrap: break-word;"><span style="font-family: monospace;"><span style="color: rgb(128, 0, 0);">Kalinga.</span></span></div>
<div style="margin: 0px; padding: 0px; font-family: arial; font-size: 10pt; -ms-word-wrap: break-word;">&nbsp;</div>

<div class="qtdSeparateBR"><br><br></div><div class="yiv2518617105yqt0239841417" id="yiv2518617105yqtfd23764"><div style="margin: 0px; padding: 0px; font-family: arial; font-size: 10pt; -ms-word-wrap: break-word;">-----Original Message-----<br clear="none">From: "Stian Thorgersen" &lt;stian@redhat.com&gt;<br clear="none">Sent: Monday, March 16, 2015 3:31pm<br clear="none">To: "Kalinga Dissanayake" &lt;kalinga@leapset.com&gt;<br clear="none">Cc: keycloak-user@lists.jboss.org<br clear="none">Subject: Re: [keycloak-user] Customization of authentication mechanism and +<br clear="none"><br clear="none"></div>
<div id="yiv2518617105SafeStyles1426501772">
<div style="margin: 0px; padding: 0px; font-family: arial; font-size: 10pt; -ms-word-wrap: break-word;">We don't currently have a way to plugin your own authentication mechanism, but this is something we'll be adding.<br clear="none"><br clear="none">You have two choices when it comes to users, you can either use our user federation provider mechanism to sync between Keycloak and your current db. Or you can migrate the users fully to the Keycloak db. In either case you have an option on overriding how passwords are verified (either UserFederationProvider or by extending an existing UserProvider). With the above authentication mechanism we'll most likely also make the verification of passwords pluggable which would support different hash algorithms.<br clear="none"><br clear="none">----- Original Message -----<br clear="none">&gt; From: "Kalinga Dissanayake" &lt;kalinga@leapset.com&gt;<br clear="none">&gt; To: keycloak-user@lists.jboss.org<br clear="none">&gt; Sent: Monday, March 16, 2015 10:48:55 AM<br clear="none">&gt; Subject: [keycloak-user] Customization of authentication mechanism and +<br clear="none">&gt; <br clear="none">&gt; <br clear="none">&gt; <br clear="none">&gt; Guys,<br clear="none">&gt; <br clear="none">&gt; I need to understand the capability of keycloak with my requirement and to<br clear="none">&gt; ensure that keycloak is scalable to meet my needs. My main requirement is to<br clear="none">&gt; integrate keycloak to our system to support SSO hence I need to migrate my<br clear="none">&gt; existing users. My main concerns;<br clear="none">&gt; <br clear="none">&gt; <br clear="none">&gt; <br clear="none">&gt; 1/ Customize authentication method.<br clear="none">&gt; <br clear="none">&gt; I need to authenticate users similar to what we currently use in our<br clear="none">&gt; production system. In our system, users are identified by username, password<br clear="none">&gt; and the pin.<br clear="none">&gt; <br clear="none">&gt; For instance;<br clear="none">&gt; <br clear="none">&gt; User -&gt; jack, password -&gt; pwd, pin -&gt; 50000<br clear="none">&gt; <br clear="none">&gt; User should enter all three to login to the system.<br clear="none">&gt; <br clear="none">&gt; I went through the codebase and I saw that the Authentication Manager (which<br clear="none">&gt; is a concrete class) does all the work inside keycloak. I managed to<br clear="none">&gt; customize the frontend with ease, however, in order to support the pin in<br clear="none">&gt; the backend seems like I have to customize the AuthenticationManager class<br clear="none">&gt; (no direct SPIs).<br clear="none">&gt; <br clear="none">&gt; Although there is a link here;<br clear="none">&gt; <br clear="none">&gt; http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/authentication-spi.html<br clear="none">&gt; <br clear="none">&gt; I cant seem to find anything here which matches the current code base (to via<br clear="none">&gt; a new authentication method via spis) and the example has been removed.<br clear="none">&gt; <br clear="none">&gt; <br clear="none">&gt; <br clear="none">&gt; 2/ Customize password hashes.<br clear="none">&gt; <br clear="none">&gt; We have our own algorithm used to store password hashes. What should I do to<br clear="none">&gt; add this to keycloak?<br clear="none">&gt; <br clear="none">&gt; I do not know the current passwords of the users already in our system, so<br clear="none">&gt; when doing the migration i need keyclock to support the current algorithm we<br clear="none">&gt; use. Can we plugin new hashing algorithms to meet my needs?<br clear="none">&gt; <br clear="none">&gt; <br clear="none">&gt; <br clear="none">&gt; Any other issues I might face?<br clear="none">&gt; <br clear="none">&gt; I feel key cloak is the right choice if the above two questions are answered.<br clear="none">&gt; Please let me know.<br clear="none">&gt; <br clear="none">&gt; _______________________________________________<br clear="none">&gt; keycloak-user mailing list<br clear="none">&gt; keycloak-user@lists.jboss.org<br clear="none">&gt; https://lists.jboss.org/mailman/listinfo/keycloak-user</div>
</div></div></div></div><br><div class="yqt0239841417" id="yqtfd48690">_______________________________________________<br clear="none">keycloak-user mailing list<br clear="none"><a href="mailto:keycloak-user@lists.jboss.org" shape="rect" ymailto="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br clear="none"><a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank" shape="rect">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></div><br><br></div> </div> </div>  </div></body></html>