Hi Stian,
I've added password hashing as a SPI with default encoder
as Pbkdf2PasswordEncoder. Some code clean up is remaining. I'll send out a
PR by Wednesday 3rd Dec.
On Tue, Dec 1, 2015 at 6:16 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Hi,
Just wondering what is the status on this? We'd like to make sure it makes
it into 1.8 release
On 18 November 2015 at 15:09, Kunal K <kunal(a)plivo.com> wrote:
> Hi Stian,
>
> Could you please review this code -
>
https://github.com/tsudot/keycloak/commit/ce58d795bfea9e6c19663fa40d7a499...
>
> I'm having trouble figuring out how to call
session.getProvider(PasswordHashProvider.class,
> algorithm) to replace Pbkdf2PasswordEncoder.
>
> I checked
>
https://github.com/tsudot/keycloak/blob/master/model/jpa/src/main/java/or...
> but couldn't find any instance of KeycloakSession. Am I missing something?
>
> On Tue, Nov 17, 2015 at 11:07 PM, Kunal K <kunal(a)plivo.com> wrote:
>
>> Thanks for those notes Stian, I will read up and document my progress on
>> this thread.
>>
>> On Tue, Nov 17, 2015 at 8:50 PM, Stian Thorgersen <sthorger(a)redhat.com>
>> wrote:
>>
>>> Hi,
>>>
>>> That would be awesome.
>>>
>>> First step would be to read
>>>
http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html
>>> to understand how Keycloak provides SPIs.
>>>
>>> Next thing would be to add:
>>>
>>> * class PasswordHashSPI
>>> * interface PasswordHashProviderFactory
>>> * interface PasswordHashProvider
>>>
>>> These should be added to services module. You would also need to
>>> change Pbkdf2PasswordEncoder to be the default implementation.
>>>
>>> Instead of using Pbkdf2PasswordEncoder directly code should use
>>> session.getProvider(PasswordHashProvider.class, algorithm). algorithm
>>> should be set to on credential entities
>>> (UserCredentialValueModel.algorithm). We also need a mechanism to specify
>>> the default algorithm (that would be used when users sets new password and
>>> also for existing users in the db).
>>>
>>>
>>> On 17 November 2015 at 16:06, Kunal K <kunal(a)plivo.com> wrote:
>>>
>>>> Hi all,
>>>>
>>>> I would like to start a discussion on how to implement -
>>>>
https://issues.jboss.org/browse/KEYCLOAK-1900
>>>>
>>>> I have a django web app and all of my users are in a postgres database
>>>> with salted passwords hashed using SHA. I have been reading how I can
use
>>>> UserFederation to implement by own credential validation, but the
drawback
>>>> here would be that I'll have to keep maintaining my old database.
>>>>
>>>> For starters, I was thinking of replacing all occurrences of
>>>> Pbkdf2PasswordEncoder with an equivalent SHAPasswordEncoder, which is a
>>>> very crude approach and I'm not sure if it will even work. After some
bit
>>>> of reading I saw this ticket -
>>>>
https://issues.jboss.org/browse/KEYCLOAK-1900
>>>>
>>>> I would like to implement a custom hashing SPI and would love to get
>>>> some pointers on how to go about it.
>>>>
>>>> Thanks
>>>>
>>>> --
>>>> *KUNAL KERKAR *| PRODUCT ENGINEER
>>>> Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
>>>> Web:
www.plivo.com | Twitter: @plivo <
http://twitter.com/plivo>,
>>>> @tsudot <
http://twitter.com/tsudot>
>>>>
>>>> Free Incoming SMS for All US Short Codes – Get One Today!
>>>> <
https://www.plivo.com/sms-short-code/?utm=emailsig>
>>>>
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev(a)lists.jboss.org
>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>
>>>
>>>
>>
>>
>> --
>> *KUNAL KERKAR *| PRODUCT ENGINEER
>> Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
>> Web:
www.plivo.com | Twitter: @plivo <
http://twitter.com/plivo>, @tsudot
>> <
http://twitter.com/tsudot>
>>
>> Free Incoming SMS for All US Short Codes – Get One Today!
>> <
https://www.plivo.com/sms-short-code/?utm=emailsig>
>>
>
>
>
> --
> *KUNAL KERKAR *| PRODUCT ENGINEER
> Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
> Web:
www.plivo.com | Twitter: @plivo <
http://twitter.com/plivo>, @tsudot
> <
http://twitter.com/tsudot>
>
> Free Incoming SMS for All US Short Codes – Get One Today!
> <
https://www.plivo.com/sms-short-code/?utm=emailsig>
>
--
*KUNAL KERKAR *| PRODUCT ENGINEER
Plivo, Inc. 340 Pine St, San Francisco - 94104, USA
Web: