Hi Stian,Could you please review this code - https://github.com/tsudot/keycloak/commit/ce58d795bfea9e6c19663fa40d7a499d2d78aeabI'm having trouble figuring out how to call session.getProvider(PasswordHashProvider.class, algorithm) to replace Pbkdf2PasswordEncoder.I checked https://github.com/tsudot/keycloak/blob/master/model/jpa/src/main/java/org/keycloak/models/jpa/UserAdapter.java#L399 but couldn't find any instance of KeycloakSession. Am I missing something?On Tue, Nov 17, 2015 at 11:07 PM, Kunal K <kunal@plivo.com> wrote:Thanks for those notes Stian, I will read up and document my progress on this thread.On Tue, Nov 17, 2015 at 8:50 PM, Stian Thorgersen <sthorger@redhat.com> wrote:Hi,That would be awesome.First step would be to read http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html to understand how Keycloak provides SPIs.Next thing would be to add:* class PasswordHashSPI* interface PasswordHashProviderFactory* interface PasswordHashProviderThese should be added to services module. You would also need to change Pbkdf2PasswordEncoder to be the default implementation.Instead of using Pbkdf2PasswordEncoder directly code should use session.getProvider(PasswordHashProvider.class, algorithm). algorithm should be set to on credential entities (UserCredentialValueModel.algorithm). We also need a mechanism to specify the default algorithm (that would be used when users sets new password and also for existing users in the db).On 17 November 2015 at 16:06, Kunal K <kunal@plivo.com> wrote:_______________________________________________Hi all,I would like to start a discussion on how to implement - https://issues.jboss.org/browse/KEYCLOAK-1900I have a django web app and all of my users are in a postgres database with salted passwords hashed using SHA. I have been reading how I can use UserFederation to implement by own credential validation, but the drawback here would be that I'll have to keep maintaining my old database.For starters, I was thinking of replacing all occurrences of Pbkdf2PasswordEncoder with an equivalent SHAPasswordEncoder, which is a very crude approach and I'm not sure if it will even work. After some bit of reading I saw this ticket - https://issues.jboss.org/browse/KEYCLOAK-1900I would like to implement a custom hashing SPI and would love to get some pointers on how to go about it.Thanks--KUNAL KERKAR | PRODUCT ENGINEERPlivo, Inc. 340 Pine St, San Francisco - 94104, USA
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev--KUNAL KERKAR | PRODUCT ENGINEERPlivo, Inc. 340 Pine St, San Francisco - 94104, USA--KUNAL KERKAR | PRODUCT ENGINEERPlivo, Inc. 340 Pine St, San Francisco - 94104, USA