thank you all for the quick response.

do you guys have a basic idea on how to approach the policy spi? we are more than willing to help out to get it done.

maintaining a fork is maybe an option to resolve the immediate need, but would prefer to keep things upstream as much as possible.

On Mon, Apr 25, 2016 at 5:30 PM, Stian Thorgersen <sthorger@redhat.com> wrote:

We an to introduce a password policy spi soon, but for now you're stuck with the built-in policies.

On 25 Apr 2016 16:43, "Bruno Oliveira" <bruno@abstractj.org> wrote:
I believe we don't have an SPI for this, yet. See: https://issues.jboss.org/browse/KEYCLOAK-2824.

IMO, Argon2 is completely new and aside from the bindings, we don't have
a Java implementation, yet for this. I'm not sure if is a good idea to
introduce C to the codebase, but totally doable to have an SPI for
policies.

On 2016-04-25, Roelof Naude wrote:
> hi,
>
> a client has requested the use of the argon2 [1, 2] password hashing
> scheme. this can easily be added as an external provider. we do however
> require custom password policies, e.g. memory / parallelism cost as well as
> salt length. AFAIK there is no way to provide policy extensions using a
> provider interface?
>
> would argon2 be a worthwhile contribution?
>
> regards
> roelof.
>
> [1] https://github.com/P-H-C/phc-winner-argon2
> [2] https://github.com/phxql/argon2-jvm

> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev


--

abstractj
PGP: 0x84DC9914
_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev