I'm having trouble figuring out how to call
session.getProvider(PasswordHashProvider.class,
algorithm) to replace Pbkdf2PasswordEncoder.
I checked
but couldn't find any instance of KeycloakSession. Am I missing something?
On Tue, Nov 17, 2015 at 11:07 PM, Kunal K <kunal(a)plivo.com> wrote:
Thanks for those notes Stian, I will read up and document my progress
on
this thread.
On Tue, Nov 17, 2015 at 8:50 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
> Hi,
>
> That would be awesome.
>
> First step would be to read
>
http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html
> to understand how Keycloak provides SPIs.
>
> Next thing would be to add:
>
> * class PasswordHashSPI
> * interface PasswordHashProviderFactory
> * interface PasswordHashProvider
>
> These should be added to services module. You would also need to
> change Pbkdf2PasswordEncoder to be the default implementation.
>
> Instead of using Pbkdf2PasswordEncoder directly code should use
> session.getProvider(PasswordHashProvider.class, algorithm). algorithm
> should be set to on credential entities
> (UserCredentialValueModel.algorithm). We also need a mechanism to specify
> the default algorithm (that would be used when users sets new password and
> also for existing users in the db).
>
>
> On 17 November 2015 at 16:06, Kunal K <kunal(a)plivo.com> wrote:
>
>> Hi all,
>>
>> I would like to start a discussion on how to implement -
>>
https://issues.jboss.org/browse/KEYCLOAK-1900
>>
>> I have a django web app and all of my users are in a postgres database
>> with salted passwords hashed using SHA. I have been reading how I can use
>> UserFederation to implement by own credential validation, but the drawback
>> here would be that I'll have to keep maintaining my old database.
>>
>> For starters, I was thinking of replacing all occurrences of
>> Pbkdf2PasswordEncoder with an equivalent SHAPasswordEncoder, which is a
>> very crude approach and I'm not sure if it will even work. After some bit
>> of reading I saw this ticket -
>>
https://issues.jboss.org/browse/KEYCLOAK-1900
>>
>> I would like to implement a custom hashing SPI and would love to get
>> some pointers on how to go about it.
>>
>> Thanks
>>
>> --
>> *KUNAL KERKAR *| PRODUCT ENGINEER
>> Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
>> Web:
www.plivo.com | Twitter: @plivo <
http://twitter.com/plivo>, @tsudot
>> <
http://twitter.com/tsudot>
>>
>> Free Incoming SMS for All US Short Codes – Get One Today!
>> <
https://www.plivo.com/sms-short-code/?utm=emailsig>
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>
--
*KUNAL KERKAR *| PRODUCT ENGINEER
Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
Web:
www.plivo.com | Twitter: @plivo <
http://twitter.com/plivo>, @tsudot
<
http://twitter.com/tsudot>
Free Incoming SMS for All US Short Codes – Get One Today!
<
https://www.plivo.com/sms-short-code/?utm=emailsig>
--
*KUNAL KERKAR *| PRODUCT ENGINEER
Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
Web: