6:25 a.m.
Hello,
I'm trying to create some migration scripts that will port users from
Application1 into keycloak. Users in Application1 already have usernames,
passwords etc. I use the admin rest api to create the users.
The problem i'm facing is that user passwords in Application1 database are
already hashed using md5. So, i don't really know the actual passwords
(security wise that makes sense).
The only solution i've come down to is store the password as they are in
keycloak (md5ed) and tell the users to use the hashed value instead of the
plaintext one wieh signing in. Then, force them to reset passwords. Not the
best UX :-(
Is there a way to tell keycloak that "these passwords are already hashed in
md5" so, "store them as they are" and "when a user tries to sign in,
first
hash his password with md5 and the compare to the value stored in db" or
sth like that?
Any alternatives come to mind ?
Regards
Orestis
6:29 a.m.
We are planning to add a Password Hashing SPI, which will allow plugging in
additional hashing mechanisms. It's not ready quite yet though.
On 1 December 2015 at 13:25, Orestis Tsakiridis <
orestis.tsakiridis(a)telestax.com> wrote:
Hello,
I'm trying to create some migration scripts that will port users from
Application1 into keycloak. Users in Application1 already have usernames,
passwords etc. I use the admin rest api to create the users.
The problem i'm facing is that user passwords in Application1 database are
already hashed using md5. So, i don't really know the actual passwords
(security wise that makes sense).
The only solution i've come down to is store the password as they are in
keycloak (md5ed) and tell the users to use the hashed value instead of the
plaintext one wieh signing in. Then, force them to reset passwords. Not the
best UX :-(
Is there a way to tell keycloak that "these passwords are already hashed
in md5" so, "store them as they are" and "when a user tries to sign
in,
first hash his password with md5 and the compare to the value stored in
db" or sth like that?
Any alternatives come to mind ?
Regards
Orestis
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
6:36 a.m.
Ok, so i guess i'll have to go with a workaround, password reset, etc as
i've described.
Thanks Stian
On Tue, Dec 1, 2015 at 2:29 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
We are planning to add a Password Hashing SPI, which will allow
plugging
in additional hashing mechanisms. It's not ready quite yet though.
On 1 December 2015 at 13:25, Orestis Tsakiridis <
orestis.tsakiridis(a)telestax.com> wrote:
> Hello,
>
> I'm trying to create some migration scripts that will port users from
> Application1 into keycloak. Users in Application1 already have usernames,
> passwords etc. I use the admin rest api to create the users.
>
> The problem i'm facing is that user passwords in Application1 database
> are already hashed using md5. So, i don't really know the actual passwords
> (security wise that makes sense).
>
> The only solution i've come down to is store the password as they are in
> keycloak (md5ed) and tell the users to use the hashed value instead of the
> plaintext one wieh signing in. Then, force them to reset passwords. Not the
> best UX :-(
>
> Is there a way to tell keycloak that "these passwords are already hashed
> in md5" so, "store them as they are" and "when a user tries to
sign in,
> first hash his password with md5 and the compare to the value stored in
> db" or sth like that?
>
> Any alternatives come to mind ?
>
>
> Regards
>
> Orestis
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
7:12 a.m.
So looks like we will indeed have password hash spi in 1.8. It'll be
released in early January.
If you can't wait for that I think it would be better to not import users
with a password at all and instead send reset password links to their email
address. That would assume all users have emails registered. Or you could
also modify the password authenticator and make it run md5 the value of the
input password for users that haven't updated their password yet.
On 1 December 2015 at 13:36, Orestis Tsakiridis <
orestis.tsakiridis(a)telestax.com> wrote:
Ok, so i guess i'll have to go with a workaround, password reset,
etc as
i've described.
Thanks Stian
On Tue, Dec 1, 2015 at 2:29 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
> We are planning to add a Password Hashing SPI, which will allow plugging
> in additional hashing mechanisms. It's not ready quite yet though.
>
> On 1 December 2015 at 13:25, Orestis Tsakiridis <
> orestis.tsakiridis(a)telestax.com> wrote:
>
>> Hello,
>>
>> I'm trying to create some migration scripts that will port users from
>> Application1 into keycloak. Users in Application1 already have usernames,
>> passwords etc. I use the admin rest api to create the users.
>>
>> The problem i'm facing is that user passwords in Application1 database
>> are already hashed using md5. So, i don't really know the actual passwords
>> (security wise that makes sense).
>>
>> The only solution i've come down to is store the password as they are in
>> keycloak (md5ed) and tell the users to use the hashed value instead of the
>> plaintext one wieh signing in. Then, force them to reset passwords. Not the
>> best UX :-(
>>
>> Is there a way to tell keycloak that "these passwords are already hashed
>> in md5" so, "store them as they are" and "when a user tries
to sign in,
>> first hash his password with md5 and the compare to the value stored in
>> db" or sth like that?
>>
>> Any alternatives come to mind ?
>>
>>
>> Regards
>>
>> Orestis
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
8:39 a.m.
Thanks Stian.
Can you send me some documentation or source code pointers about "modifying
the password authenticator" ? Are we talking about a Java class, overriding
login form ? sth else?
On Tue, Dec 1, 2015 at 3:12 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
So looks like we will indeed have password hash spi in 1.8. It'll
be
released in early January.
If you can't wait for that I think it would be better to not import users
with a password at all and instead send reset password links to their email
address. That would assume all users have emails registered. Or you could
also modify the password authenticator and make it run md5 the value of the
input password for users that haven't updated their password yet.
On 1 December 2015 at 13:36, Orestis Tsakiridis <
orestis.tsakiridis(a)telestax.com> wrote:
> Ok, so i guess i'll have to go with a workaround, password reset, etc as
> i've described.
>
> Thanks Stian
>
> On Tue, Dec 1, 2015 at 2:29 PM, Stian Thorgersen <sthorger(a)redhat.com>
> wrote:
>
>> We are planning to add a Password Hashing SPI, which will allow plugging
>> in additional hashing mechanisms. It's not ready quite yet though.
>>
>> On 1 December 2015 at 13:25, Orestis Tsakiridis <
>> orestis.tsakiridis(a)telestax.com> wrote:
>>
>>> Hello,
>>>
>>> I'm trying to create some migration scripts that will port users from
>>> Application1 into keycloak. Users in Application1 already have usernames,
>>> passwords etc. I use the admin rest api to create the users.
>>>
>>> The problem i'm facing is that user passwords in Application1 database
>>> are already hashed using md5. So, i don't really know the actual
passwords
>>> (security wise that makes sense).
>>>
>>> The only solution i've come down to is store the password as they are
>>> in keycloak (md5ed) and tell the users to use the hashed value instead of
>>> the plaintext one wieh signing in. Then, force them to reset passwords. Not
>>> the best UX :-(
>>>
>>> Is there a way to tell keycloak that "these passwords are already
>>> hashed in md5" so, "store them as they are" and "when a
user tries to sign
>>> in, first hash his password with md5 and the compare to the value stored in
>>> db" or sth like that?
>>>
>>> Any alternatives come to mind ?
>>>
>>>
>>> Regards
>>>
>>> Orestis
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
8:51 a.m.
http://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html
On 1 December 2015 at 15:39, Orestis Tsakiridis <
orestis.tsakiridis(a)telestax.com> wrote:
Thanks Stian.
Can you send me some documentation or source code pointers about
"modifying the password authenticator" ? Are we talking about a Java class,
overriding login form ? sth else?
On Tue, Dec 1, 2015 at 3:12 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
> So looks like we will indeed have password hash spi in 1.8. It'll be
> released in early January.
>
> If you can't wait for that I think it would be better to not import users
> with a password at all and instead send reset password links to their email
> address. That would assume all users have emails registered. Or you could
> also modify the password authenticator and make it run md5 the value of the
> input password for users that haven't updated their password yet.
>
> On 1 December 2015 at 13:36, Orestis Tsakiridis <
> orestis.tsakiridis(a)telestax.com> wrote:
>
>> Ok, so i guess i'll have to go with a workaround, password reset, etc as
>> i've described.
>>
>> Thanks Stian
>>
>> On Tue, Dec 1, 2015 at 2:29 PM, Stian Thorgersen <sthorger(a)redhat.com>
>> wrote:
>>
>>> We are planning to add a Password Hashing SPI, which will allow
>>> plugging in additional hashing mechanisms. It's not ready quite yet
though.
>>>
>>> On 1 December 2015 at 13:25, Orestis Tsakiridis <
>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>
>>>> Hello,
>>>>
>>>> I'm trying to create some migration scripts that will port users
from
>>>> Application1 into keycloak. Users in Application1 already have
usernames,
>>>> passwords etc. I use the admin rest api to create the users.
>>>>
>>>> The problem i'm facing is that user passwords in Application1
database
>>>> are already hashed using md5. So, i don't really know the actual
passwords
>>>> (security wise that makes sense).
>>>>
>>>> The only solution i've come down to is store the password as they
are
>>>> in keycloak (md5ed) and tell the users to use the hashed value instead
of
>>>> the plaintext one wieh signing in. Then, force them to reset passwords.
Not
>>>> the best UX :-(
>>>>
>>>> Is there a way to tell keycloak that "these passwords are already
>>>> hashed in md5" so, "store them as they are" and "when
a user tries to sign
>>>> in, first hash his password with md5 and the compare to the value stored
in
>>>> db" or sth like that?
>>>>
>>>> Any alternatives come to mind ?
>>>>
>>>>
>>>> Regards
>>>>
>>>> Orestis
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>>
>>
>
3:08 a.m.
Ok Stian.
I will try to implement auth_spi.
Btw, if you need any early adopters for your new Password Hashing SPI
feature, we will gladly use it in our new "Restcomm as a Service"
implementation and send feedback.
Thanks
Orestis
Telestax
On Tue, Dec 1, 2015 at 4:51 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
http://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html
On 1 December 2015 at 15:39, Orestis Tsakiridis <
orestis.tsakiridis(a)telestax.com> wrote:
> Thanks Stian.
>
> Can you send me some documentation or source code pointers about
> "modifying the password authenticator" ? Are we talking about a Java
class,
> overriding login form ? sth else?
>
>
>
> On Tue, Dec 1, 2015 at 3:12 PM, Stian Thorgersen <sthorger(a)redhat.com>
> wrote:
>
>> So looks like we will indeed have password hash spi in 1.8. It'll be
>> released in early January.
>>
>> If you can't wait for that I think it would be better to not import
>> users with a password at all and instead send reset password links to their
>> email address. That would assume all users have emails registered. Or you
>> could also modify the password authenticator and make it run md5 the value
>> of the input password for users that haven't updated their password yet.
>>
>> On 1 December 2015 at 13:36, Orestis Tsakiridis <
>> orestis.tsakiridis(a)telestax.com> wrote:
>>
>>> Ok, so i guess i'll have to go with a workaround, password reset, etc
>>> as i've described.
>>>
>>> Thanks Stian
>>>
>>> On Tue, Dec 1, 2015 at 2:29 PM, Stian Thorgersen <sthorger(a)redhat.com>
>>> wrote:
>>>
>>>> We are planning to add a Password Hashing SPI, which will allow
>>>> plugging in additional hashing mechanisms. It's not ready quite yet
though.
>>>>
>>>> On 1 December 2015 at 13:25, Orestis Tsakiridis <
>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I'm trying to create some migration scripts that will port users
from
>>>>> Application1 into keycloak. Users in Application1 already have
usernames,
>>>>> passwords etc. I use the admin rest api to create the users.
>>>>>
>>>>> The problem i'm facing is that user passwords in Application1
>>>>> database are already hashed using md5. So, i don't really know
the actual
>>>>> passwords (security wise that makes sense).
>>>>>
>>>>> The only solution i've come down to is store the password as they
are
>>>>> in keycloak (md5ed) and tell the users to use the hashed value
instead of
>>>>> the plaintext one wieh signing in. Then, force them to reset
passwords. Not
>>>>> the best UX :-(
>>>>>
>>>>> Is there a way to tell keycloak that "these passwords are
already
>>>>> hashed in md5" so, "store them as they are" and
"when a user tries to sign
>>>>> in, first hash his password with md5 and the compare to the value
stored in
>>>>> db" or sth like that?
>>>>>
>>>>> Any alternatives come to mind ?
>>>>>
>>>>>
>>>>> Regards
>>>>>
>>>>> Orestis
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user(a)lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>
>>>>
>>>
>>
>
4:18 a.m.
That'd be great. If you watch this
https://issues.jboss.org/browse/KEYCLOAK-1900 you'll know when it's in
master.
Hopefully it should be added within a few days.
On 3 December 2015 at 10:08, Orestis Tsakiridis <
orestis.tsakiridis(a)telestax.com> wrote:
Ok Stian.
I will try to implement auth_spi.
Btw, if you need any early adopters for your new Password Hashing SPI
feature, we will gladly use it in our new "Restcomm as a Service"
implementation and send feedback.
Thanks
Orestis
Telestax
On Tue, Dec 1, 2015 at 4:51 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
>
> http://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html
>
> On 1 December 2015 at 15:39, Orestis Tsakiridis <
> orestis.tsakiridis(a)telestax.com> wrote:
>
>> Thanks Stian.
>>
>> Can you send me some documentation or source code pointers about
>> "modifying the password authenticator" ? Are we talking about a Java
class,
>> overriding login form ? sth else?
>>
>>
>>
>> On Tue, Dec 1, 2015 at 3:12 PM, Stian Thorgersen <sthorger(a)redhat.com>
>> wrote:
>>
>>> So looks like we will indeed have password hash spi in 1.8. It'll be
>>> released in early January.
>>>
>>> If you can't wait for that I think it would be better to not import
>>> users with a password at all and instead send reset password links to their
>>> email address. That would assume all users have emails registered. Or you
>>> could also modify the password authenticator and make it run md5 the value
>>> of the input password for users that haven't updated their password yet.
>>>
>>> On 1 December 2015 at 13:36, Orestis Tsakiridis <
>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>
>>>> Ok, so i guess i'll have to go with a workaround, password reset,
etc
>>>> as i've described.
>>>>
>>>> Thanks Stian
>>>>
>>>> On Tue, Dec 1, 2015 at 2:29 PM, Stian Thorgersen
<sthorger(a)redhat.com>
>>>> wrote:
>>>>
>>>>> We are planning to add a Password Hashing SPI, which will allow
>>>>> plugging in additional hashing mechanisms. It's not ready quite
yet though.
>>>>>
>>>>> On 1 December 2015 at 13:25, Orestis Tsakiridis <
>>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I'm trying to create some migration scripts that will port
users
>>>>>> from Application1 into keycloak. Users in Application1 already
have
>>>>>> usernames, passwords etc. I use the admin rest api to create the
users.
>>>>>>
>>>>>> The problem i'm facing is that user passwords in
Application1
>>>>>> database are already hashed using md5. So, i don't really
know the actual
>>>>>> passwords (security wise that makes sense).
>>>>>>
>>>>>> The only solution i've come down to is store the password as
they
>>>>>> are in keycloak (md5ed) and tell the users to use the hashed
value instead
>>>>>> of the plaintext one wieh signing in. Then, force them to reset
passwords.
>>>>>> Not the best UX :-(
>>>>>>
>>>>>> Is there a way to tell keycloak that "these passwords are
already
>>>>>> hashed in md5" so, "store them as they are" and
"when a user tries to sign
>>>>>> in, first hash his password with md5 and the compare to the value
stored in
>>>>>> db" or sth like that?
>>>>>>
>>>>>> Any alternatives come to mind ?
>>>>>>
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Orestis
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user(a)lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
5:22 a.m.
Great! I will keep an eye on it.
BR
Orestis
On Thu, Dec 3, 2015 at 12:18 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
That'd be great. If you watch this
https://issues.jboss.org/browse/KEYCLOAK-1900 you'll know when it's in
master.
Hopefully it should be added within a few days.
On 3 December 2015 at 10:08, Orestis Tsakiridis <
orestis.tsakiridis(a)telestax.com> wrote:
> Ok Stian.
>
> I will try to implement auth_spi.
>
> Btw, if you need any early adopters for your new Password Hashing SPI
> feature, we will gladly use it in our new "Restcomm as a Service"
> implementation and send feedback.
>
>
> Thanks
>
> Orestis
>
> Telestax
>
> On Tue, Dec 1, 2015 at 4:51 PM, Stian Thorgersen <sthorger(a)redhat.com>
> wrote:
>
>>
>> http://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html
>>
>> On 1 December 2015 at 15:39, Orestis Tsakiridis <
>> orestis.tsakiridis(a)telestax.com> wrote:
>>
>>> Thanks Stian.
>>>
>>> Can you send me some documentation or source code pointers about
>>> "modifying the password authenticator" ? Are we talking about a
Java class,
>>> overriding login form ? sth else?
>>>
>>>
>>>
>>> On Tue, Dec 1, 2015 at 3:12 PM, Stian Thorgersen <sthorger(a)redhat.com>
>>> wrote:
>>>
>>>> So looks like we will indeed have password hash spi in 1.8. It'll be
>>>> released in early January.
>>>>
>>>> If you can't wait for that I think it would be better to not import
>>>> users with a password at all and instead send reset password links to
their
>>>> email address. That would assume all users have emails registered. Or
you
>>>> could also modify the password authenticator and make it run md5 the
value
>>>> of the input password for users that haven't updated their password
yet.
>>>>
>>>> On 1 December 2015 at 13:36, Orestis Tsakiridis <
>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>
>>>>> Ok, so i guess i'll have to go with a workaround, password reset,
etc
>>>>> as i've described.
>>>>>
>>>>> Thanks Stian
>>>>>
>>>>> On Tue, Dec 1, 2015 at 2:29 PM, Stian Thorgersen
<sthorger(a)redhat.com
>>>>> > wrote:
>>>>>
>>>>>> We are planning to add a Password Hashing SPI, which will allow
>>>>>> plugging in additional hashing mechanisms. It's not ready
quite yet though.
>>>>>>
>>>>>> On 1 December 2015 at 13:25, Orestis Tsakiridis <
>>>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I'm trying to create some migration scripts that will
port users
>>>>>>> from Application1 into keycloak. Users in Application1
already have
>>>>>>> usernames, passwords etc. I use the admin rest api to create
the users.
>>>>>>>
>>>>>>> The problem i'm facing is that user passwords in
Application1
>>>>>>> database are already hashed using md5. So, i don't really
know the actual
>>>>>>> passwords (security wise that makes sense).
>>>>>>>
>>>>>>> The only solution i've come down to is store the password
as they
>>>>>>> are in keycloak (md5ed) and tell the users to use the hashed
value instead
>>>>>>> of the plaintext one wieh signing in. Then, force them to
reset passwords.
>>>>>>> Not the best UX :-(
>>>>>>>
>>>>>>> Is there a way to tell keycloak that "these passwords
are already
>>>>>>> hashed in md5" so, "store them as they are"
and "when a user tries to sign
>>>>>>> in, first hash his password with md5 and the compare to the
value stored in
>>>>>>> db" or sth like that?
>>>>>>>
>>>>>>> Any alternatives come to mind ?
>>>>>>>
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>> Orestis
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
6:47 a.m.
Hello again!
So, i've recently pulled your master branch and started working on it (HEAD
was 0197c69ac3d6e8d90a6e7c93e1eaf) and implemented the password hashing
SPI.
Actually, i implemented PasswordHashProvider and
PasswordHashProviderFactory and created a provider .jar as described in
http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html
.
So, all went fine there. Deployment on keycloak had no issues too.
I'm wondering however how i enable this custom Password Hash Provider. Is
there a switch that instead of using the "Pbkdf2PasswordHashProvider" to
use my custom "RestcommPasswordHashProvider".
All i've found is the "Authentication/Password Policy/Hash algorithm" in
the Administration Console UI that directly maps to
"Pbkdf2PasswordHashProvider" but adding a new entry and changing this
to "restcomm-md5" (the id of the new provider) seems to have no effect.
Any ideas ?
On Thu, Dec 3, 2015 at 1:22 PM, Orestis Tsakiridis <
orestis.tsakiridis(a)telestax.com> wrote:
Great! I will keep an eye on it.
BR
Orestis
On Thu, Dec 3, 2015 at 12:18 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
> That'd be great. If you watch this
> https://issues.jboss.org/browse/KEYCLOAK-1900 you'll know when it's in
> master.
>
> Hopefully it should be added within a few days.
>
> On 3 December 2015 at 10:08, Orestis Tsakiridis <
> orestis.tsakiridis(a)telestax.com> wrote:
>
>> Ok Stian.
>>
>> I will try to implement auth_spi.
>>
>> Btw, if you need any early adopters for your new Password Hashing SPI
>> feature, we will gladly use it in our new "Restcomm as a Service"
>> implementation and send feedback.
>>
>>
>> Thanks
>>
>> Orestis
>>
>> Telestax
>>
>> On Tue, Dec 1, 2015 at 4:51 PM, Stian Thorgersen <sthorger(a)redhat.com>
>> wrote:
>>
>>>
>>> http://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html
>>>
>>> On 1 December 2015 at 15:39, Orestis Tsakiridis <
>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>
>>>> Thanks Stian.
>>>>
>>>> Can you send me some documentation or source code pointers about
>>>> "modifying the password authenticator" ? Are we talking about a
Java class,
>>>> overriding login form ? sth else?
>>>>
>>>>
>>>>
>>>> On Tue, Dec 1, 2015 at 3:12 PM, Stian Thorgersen
<sthorger(a)redhat.com>
>>>> wrote:
>>>>
>>>>> So looks like we will indeed have password hash spi in 1.8. It'll
be
>>>>> released in early January.
>>>>>
>>>>> If you can't wait for that I think it would be better to not
import
>>>>> users with a password at all and instead send reset password links to
their
>>>>> email address. That would assume all users have emails registered. Or
you
>>>>> could also modify the password authenticator and make it run md5 the
value
>>>>> of the input password for users that haven't updated their
password yet.
>>>>>
>>>>> On 1 December 2015 at 13:36, Orestis Tsakiridis <
>>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>>
>>>>>> Ok, so i guess i'll have to go with a workaround, password
reset,
>>>>>> etc as i've described.
>>>>>>
>>>>>> Thanks Stian
>>>>>>
>>>>>> On Tue, Dec 1, 2015 at 2:29 PM, Stian Thorgersen <
>>>>>> sthorger(a)redhat.com> wrote:
>>>>>>
>>>>>>> We are planning to add a Password Hashing SPI, which will
allow
>>>>>>> plugging in additional hashing mechanisms. It's not ready
quite yet though.
>>>>>>>
>>>>>>> On 1 December 2015 at 13:25, Orestis Tsakiridis <
>>>>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> I'm trying to create some migration scripts that will
port users
>>>>>>>> from Application1 into keycloak. Users in Application1
already have
>>>>>>>> usernames, passwords etc. I use the admin rest api to
create the users.
>>>>>>>>
>>>>>>>> The problem i'm facing is that user passwords in
Application1
>>>>>>>> database are already hashed using md5. So, i don't
really know the actual
>>>>>>>> passwords (security wise that makes sense).
>>>>>>>>
>>>>>>>> The only solution i've come down to is store the
password as they
>>>>>>>> are in keycloak (md5ed) and tell the users to use the
hashed value instead
>>>>>>>> of the plaintext one wieh signing in. Then, force them to
reset passwords.
>>>>>>>> Not the best UX :-(
>>>>>>>>
>>>>>>>> Is there a way to tell keycloak that "these
passwords are already
>>>>>>>> hashed in md5" so, "store them as they
are" and "when a user tries to sign
>>>>>>>> in, first hash his password with md5 and the compare to
the value stored in
>>>>>>>> db" or sth like that?
>>>>>>>>
>>>>>>>> Any alternatives come to mind ?
>>>>>>>>
>>>>>>>>
>>>>>>>> Regards
>>>>>>>>
>>>>>>>> Orestis
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-user mailing list
>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
6:48 a.m.
Btw, hHere is a screenshot of the 'switch' i referred to:
On Mon, Dec 21, 2015 at 2:47 PM, Orestis Tsakiridis <
orestis.tsakiridis(a)telestax.com> wrote:
Hello again!
So, i've recently pulled your master branch and started working on it
(HEAD was 0197c69ac3d6e8d90a6e7c93e1eaf) and implemented the password
hashing SPI.
Actually, i implemented PasswordHashProvider and
PasswordHashProviderFactory and created a provider .jar as described in
http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html
.
So, all went fine there. Deployment on keycloak had no issues too.
I'm wondering however how i enable this custom Password Hash Provider. Is
there a switch that instead of using the "Pbkdf2PasswordHashProvider" to
use my custom "RestcommPasswordHashProvider".
All i've found is the "Authentication/Password Policy/Hash algorithm" in
the Administration Console UI that directly maps to
"Pbkdf2PasswordHashProvider" but adding a new entry and changing this
to "restcomm-md5" (the id of the new provider) seems to have no effect.
Any ideas ?
On Thu, Dec 3, 2015 at 1:22 PM, Orestis Tsakiridis <
orestis.tsakiridis(a)telestax.com> wrote:
> Great! I will keep an eye on it.
>
> BR
>
> Orestis
>
> On Thu, Dec 3, 2015 at 12:18 PM, Stian Thorgersen <sthorger(a)redhat.com>
> wrote:
>
>> That'd be great. If you watch this
>> https://issues.jboss.org/browse/KEYCLOAK-1900 you'll know when it's in
>> master.
>>
>> Hopefully it should be added within a few days.
>>
>> On 3 December 2015 at 10:08, Orestis Tsakiridis <
>> orestis.tsakiridis(a)telestax.com> wrote:
>>
>>> Ok Stian.
>>>
>>> I will try to implement auth_spi.
>>>
>>> Btw, if you need any early adopters for your new Password Hashing SPI
>>> feature, we will gladly use it in our new "Restcomm as a Service"
>>> implementation and send feedback.
>>>
>>>
>>> Thanks
>>>
>>> Orestis
>>>
>>> Telestax
>>>
>>> On Tue, Dec 1, 2015 at 4:51 PM, Stian Thorgersen <sthorger(a)redhat.com>
>>> wrote:
>>>
>>>>
>>>>
http://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html
>>>>
>>>> On 1 December 2015 at 15:39, Orestis Tsakiridis <
>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>
>>>>> Thanks Stian.
>>>>>
>>>>> Can you send me some documentation or source code pointers about
>>>>> "modifying the password authenticator" ? Are we talking
about a Java class,
>>>>> overriding login form ? sth else?
>>>>>
>>>>>
>>>>>
>>>>> On Tue, Dec 1, 2015 at 3:12 PM, Stian Thorgersen
<sthorger(a)redhat.com
>>>>> > wrote:
>>>>>
>>>>>> So looks like we will indeed have password hash spi in 1.8.
It'll be
>>>>>> released in early January.
>>>>>>
>>>>>> If you can't wait for that I think it would be better to not
import
>>>>>> users with a password at all and instead send reset password
links to their
>>>>>> email address. That would assume all users have emails
registered. Or you
>>>>>> could also modify the password authenticator and make it run md5
the value
>>>>>> of the input password for users that haven't updated their
password yet.
>>>>>>
>>>>>> On 1 December 2015 at 13:36, Orestis Tsakiridis <
>>>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>>>
>>>>>>> Ok, so i guess i'll have to go with a workaround,
password reset,
>>>>>>> etc as i've described.
>>>>>>>
>>>>>>> Thanks Stian
>>>>>>>
>>>>>>> On Tue, Dec 1, 2015 at 2:29 PM, Stian Thorgersen <
>>>>>>> sthorger(a)redhat.com> wrote:
>>>>>>>
>>>>>>>> We are planning to add a Password Hashing SPI, which will
allow
>>>>>>>> plugging in additional hashing mechanisms. It's not
ready quite yet though.
>>>>>>>>
>>>>>>>> On 1 December 2015 at 13:25, Orestis Tsakiridis <
>>>>>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>>>>>
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> I'm trying to create some migration scripts that
will port users
>>>>>>>>> from Application1 into keycloak. Users in
Application1 already have
>>>>>>>>> usernames, passwords etc. I use the admin rest api to
create the users.
>>>>>>>>>
>>>>>>>>> The problem i'm facing is that user passwords in
Application1
>>>>>>>>> database are already hashed using md5. So, i
don't really know the actual
>>>>>>>>> passwords (security wise that makes sense).
>>>>>>>>>
>>>>>>>>> The only solution i've come down to is store the
password as they
>>>>>>>>> are in keycloak (md5ed) and tell the users to use the
hashed value instead
>>>>>>>>> of the plaintext one wieh signing in. Then, force
them to reset passwords.
>>>>>>>>> Not the best UX :-(
>>>>>>>>>
>>>>>>>>> Is there a way to tell keycloak that "these
passwords are already
>>>>>>>>> hashed in md5" so, "store them as they
are" and "when a user tries to sign
>>>>>>>>> in, first hash his password with md5 and the compare
to the value stored in
>>>>>>>>> db" or sth like that?
>>>>>>>>>
>>>>>>>>> Any alternatives come to mind ?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Regards
>>>>>>>>>
>>>>>>>>> Orestis
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> keycloak-user mailing list
>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
8:43 a.m.
In authentication / password policy you can configure what hashing
algorithm new passwords are hashed with. If you change that value then
update the users password either through admin console or account
management it should use your provider.
However, this is probably not what you want as you are implementing a md5
hash provider which is weaker than the built in provider. I assume you want
to import users with passwords that are hashed using md5? If so you need to
specify the algorithm for the password in the json when you import the
user. For example:
"users" : [ {
"username" : "myuser",
"enabled" : true,
"credentials" : [ {
"type" : "password",
"hashedSaltedValue" : "***************",
"salt" : "**************",
"hashIterations" : 1000,
"algorithm" : "restcomm-md5"
} ]
} ]
On 21 December 2015 at 13:48, Orestis Tsakiridis <
orestis.tsakiridis(a)telestax.com> wrote:
Btw, hHere is a screenshot of the 'switch' i referred to:
On Mon, Dec 21, 2015 at 2:47 PM, Orestis Tsakiridis <
orestis.tsakiridis(a)telestax.com> wrote:
> Hello again!
>
> So, i've recently pulled your master branch and started working on it
> (HEAD was 0197c69ac3d6e8d90a6e7c93e1eaf) and implemented the password
> hashing SPI.
>
> Actually, i implemented PasswordHashProvider and
> PasswordHashProviderFactory and created a provider .jar as described in
> http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html
> .
>
> So, all went fine there. Deployment on keycloak had no issues too.
>
> I'm wondering however how i enable this custom Password Hash Provider. Is
> there a switch that instead of using the "Pbkdf2PasswordHashProvider" to
> use my custom "RestcommPasswordHashProvider".
>
> All i've found is the "Authentication/Password Policy/Hash algorithm"
in
> the Administration Console UI that directly maps to
> "Pbkdf2PasswordHashProvider" but adding a new entry and changing this
> to "restcomm-md5" (the id of the new provider) seems to have no effect.
>
> Any ideas ?
>
>
>
> On Thu, Dec 3, 2015 at 1:22 PM, Orestis Tsakiridis <
> orestis.tsakiridis(a)telestax.com> wrote:
>
>> Great! I will keep an eye on it.
>>
>> BR
>>
>> Orestis
>>
>> On Thu, Dec 3, 2015 at 12:18 PM, Stian Thorgersen <sthorger(a)redhat.com>
>> wrote:
>>
>>> That'd be great. If you watch this
>>> https://issues.jboss.org/browse/KEYCLOAK-1900 you'll know when it's
in
>>> master.
>>>
>>> Hopefully it should be added within a few days.
>>>
>>> On 3 December 2015 at 10:08, Orestis Tsakiridis <
>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>
>>>> Ok Stian.
>>>>
>>>> I will try to implement auth_spi.
>>>>
>>>> Btw, if you need any early adopters for your new Password Hashing SPI
>>>> feature, we will gladly use it in our new "Restcomm as a
Service"
>>>> implementation and send feedback.
>>>>
>>>>
>>>> Thanks
>>>>
>>>> Orestis
>>>>
>>>> Telestax
>>>>
>>>> On Tue, Dec 1, 2015 at 4:51 PM, Stian Thorgersen
<sthorger(a)redhat.com>
>>>> wrote:
>>>>
>>>>>
>>>>>
http://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html
>>>>>
>>>>> On 1 December 2015 at 15:39, Orestis Tsakiridis <
>>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>>
>>>>>> Thanks Stian.
>>>>>>
>>>>>> Can you send me some documentation or source code pointers about
>>>>>> "modifying the password authenticator" ? Are we talking
about a Java class,
>>>>>> overriding login form ? sth else?
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Tue, Dec 1, 2015 at 3:12 PM, Stian Thorgersen <
>>>>>> sthorger(a)redhat.com> wrote:
>>>>>>
>>>>>>> So looks like we will indeed have password hash spi in 1.8.
It'll
>>>>>>> be released in early January.
>>>>>>>
>>>>>>> If you can't wait for that I think it would be better to
not import
>>>>>>> users with a password at all and instead send reset password
links to their
>>>>>>> email address. That would assume all users have emails
registered. Or you
>>>>>>> could also modify the password authenticator and make it run
md5 the value
>>>>>>> of the input password for users that haven't updated
their password yet.
>>>>>>>
>>>>>>> On 1 December 2015 at 13:36, Orestis Tsakiridis <
>>>>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>>>>
>>>>>>>> Ok, so i guess i'll have to go with a workaround,
password reset,
>>>>>>>> etc as i've described.
>>>>>>>>
>>>>>>>> Thanks Stian
>>>>>>>>
>>>>>>>> On Tue, Dec 1, 2015 at 2:29 PM, Stian Thorgersen <
>>>>>>>> sthorger(a)redhat.com> wrote:
>>>>>>>>
>>>>>>>>> We are planning to add a Password Hashing SPI, which
will allow
>>>>>>>>> plugging in additional hashing mechanisms. It's
not ready quite yet though.
>>>>>>>>>
>>>>>>>>> On 1 December 2015 at 13:25, Orestis Tsakiridis <
>>>>>>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hello,
>>>>>>>>>>
>>>>>>>>>> I'm trying to create some migration scripts
that will port users
>>>>>>>>>> from Application1 into keycloak. Users in
Application1 already have
>>>>>>>>>> usernames, passwords etc. I use the admin rest
api to create the users.
>>>>>>>>>>
>>>>>>>>>> The problem i'm facing is that user passwords
in Application1
>>>>>>>>>> database are already hashed using md5. So, i
don't really know the actual
>>>>>>>>>> passwords (security wise that makes sense).
>>>>>>>>>>
>>>>>>>>>> The only solution i've come down to is store
the password as
>>>>>>>>>> they are in keycloak (md5ed) and tell the users
to use the hashed value
>>>>>>>>>> instead of the plaintext one wieh signing in.
Then, force them to reset
>>>>>>>>>> passwords. Not the best UX :-(
>>>>>>>>>>
>>>>>>>>>> Is there a way to tell keycloak that "these
passwords are
>>>>>>>>>> already hashed in md5" so, "store them
as they are" and "when a user tries
>>>>>>>>>> to sign in, first hash his password with md5 and
the compare to the value
>>>>>>>>>> stored in db" or sth like that?
>>>>>>>>>>
>>>>>>>>>> Any alternatives come to mind ?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Regards
>>>>>>>>>>
>>>>>>>>>> Orestis
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
9:12 a.m.
Hi Stian,
Indeed, changing the authentication/password policy works for new users
when created from Admin Console. The custom password hashing implementation
works fine.
However, creating a user WITH credentials using this:
http://keycloak.github.io/docs/rest-api/index.html#_create_a_new_user
does not work as expected. The user is created but the 'credentials' array
is empty in the resulting user record. I exported the realm and verified
that. Is the one above the correct method to use?
I can only set the password for a user using this:
http://keycloak.github.io/docs/rest-api/index.html#_set_up_a_temporary_pa...
But this does not take into account already "hashedSaltedValue".
PUT
127.0.0.1:8080/auth/admin/realms/test/users/216f6050-9c94-47d1-9b96-8534841305df/reset-password
For example i tried sending this:
{
"type" : "password",
"hashedSaltedValue" : "****",
"salt" : "****",
"hashIterations" : 1,
"algorithm" : "restcomm-md5"
}
but i got a "400 Bad Request" with "No password provided". Anyway,
the
'reset-password' path does not seem the way to go here.
On Mon, Dec 21, 2015 at 4:43 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
In authentication / password policy you can configure what hashing
algorithm new passwords are hashed with. If you change that value then
update the users password either through admin console or account
management it should use your provider.
However, this is probably not what you want as you are implementing a md5
hash provider which is weaker than the built in provider. I assume you want
to import users with passwords that are hashed using md5? If so you need to
specify the algorithm for the password in the json when you import the
user. For example:
"users" : [ {
"username" : "myuser",
"enabled" : true,
"credentials" : [ {
"type" : "password",
"hashedSaltedValue" : "***************",
"salt" : "**************",
"hashIterations" : 1000,
"algorithm" : "restcomm-md5"
} ]
} ]
On 21 December 2015 at 13:48, Orestis Tsakiridis <
orestis.tsakiridis(a)telestax.com> wrote:
> Btw, hHere is a screenshot of the 'switch' i referred to:
>
> On Mon, Dec 21, 2015 at 2:47 PM, Orestis Tsakiridis <
> orestis.tsakiridis(a)telestax.com> wrote:
>
>> Hello again!
>>
>> So, i've recently pulled your master branch and started working on it
>> (HEAD was 0197c69ac3d6e8d90a6e7c93e1eaf) and implemented the password
>> hashing SPI.
>>
>> Actually, i implemented PasswordHashProvider and
>> PasswordHashProviderFactory and created a provider .jar as described in
>> http://keycloak.github.io/docs/userguide/keycloak-server/html/providers.html
>> .
>>
>> So, all went fine there. Deployment on keycloak had no issues too.
>>
>> I'm wondering however how i enable this custom Password Hash Provider.
>> Is there a switch that instead of using the
"Pbkdf2PasswordHashProvider" to
>> use my custom "RestcommPasswordHashProvider".
>>
>> All i've found is the "Authentication/Password Policy/Hash
algorithm"
>> in the Administration Console UI that directly maps to
>> "Pbkdf2PasswordHashProvider" but adding a new entry and changing this
>> to "restcomm-md5" (the id of the new provider) seems to have no
effect.
>>
>> Any ideas ?
>>
>>
>>
>> On Thu, Dec 3, 2015 at 1:22 PM, Orestis Tsakiridis <
>> orestis.tsakiridis(a)telestax.com> wrote:
>>
>>> Great! I will keep an eye on it.
>>>
>>> BR
>>>
>>> Orestis
>>>
>>> On Thu, Dec 3, 2015 at 12:18 PM, Stian Thorgersen
<sthorger(a)redhat.com>
>>> wrote:
>>>
>>>> That'd be great. If you watch this
>>>> https://issues.jboss.org/browse/KEYCLOAK-1900 you'll know when
it's
>>>> in master.
>>>>
>>>> Hopefully it should be added within a few days.
>>>>
>>>> On 3 December 2015 at 10:08, Orestis Tsakiridis <
>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>
>>>>> Ok Stian.
>>>>>
>>>>> I will try to implement auth_spi.
>>>>>
>>>>> Btw, if you need any early adopters for your new Password Hashing
SPI
>>>>> feature, we will gladly use it in our new "Restcomm as a
Service"
>>>>> implementation and send feedback.
>>>>>
>>>>>
>>>>> Thanks
>>>>>
>>>>> Orestis
>>>>>
>>>>> Telestax
>>>>>
>>>>> On Tue, Dec 1, 2015 at 4:51 PM, Stian Thorgersen
<sthorger(a)redhat.com
>>>>> > wrote:
>>>>>
>>>>>>
>>>>>>
http://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html
>>>>>>
>>>>>> On 1 December 2015 at 15:39, Orestis Tsakiridis <
>>>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>>>
>>>>>>> Thanks Stian.
>>>>>>>
>>>>>>> Can you send me some documentation or source code pointers
about
>>>>>>> "modifying the password authenticator" ? Are we
talking about a Java class,
>>>>>>> overriding login form ? sth else?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Dec 1, 2015 at 3:12 PM, Stian Thorgersen <
>>>>>>> sthorger(a)redhat.com> wrote:
>>>>>>>
>>>>>>>> So looks like we will indeed have password hash spi in
1.8. It'll
>>>>>>>> be released in early January.
>>>>>>>>
>>>>>>>> If you can't wait for that I think it would be better
to not
>>>>>>>> import users with a password at all and instead send
reset password links
>>>>>>>> to their email address. That would assume all users have
emails registered.
>>>>>>>> Or you could also modify the password authenticator and
make it run md5 the
>>>>>>>> value of the input password for users that haven't
updated their password
>>>>>>>> yet.
>>>>>>>>
>>>>>>>> On 1 December 2015 at 13:36, Orestis Tsakiridis <
>>>>>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>>>>>
>>>>>>>>> Ok, so i guess i'll have to go with a workaround,
password reset,
>>>>>>>>> etc as i've described.
>>>>>>>>>
>>>>>>>>> Thanks Stian
>>>>>>>>>
>>>>>>>>> On Tue, Dec 1, 2015 at 2:29 PM, Stian Thorgersen
<
>>>>>>>>> sthorger(a)redhat.com> wrote:
>>>>>>>>>
>>>>>>>>>> We are planning to add a Password Hashing SPI,
which will allow
>>>>>>>>>> plugging in additional hashing mechanisms.
It's not ready quite yet though.
>>>>>>>>>>
>>>>>>>>>> On 1 December 2015 at 13:25, Orestis Tsakiridis
<
>>>>>>>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hello,
>>>>>>>>>>>
>>>>>>>>>>> I'm trying to create some migration
scripts that will port
>>>>>>>>>>> users from Application1 into keycloak. Users
in Application1 already have
>>>>>>>>>>> usernames, passwords etc. I use the admin
rest api to create the users.
>>>>>>>>>>>
>>>>>>>>>>> The problem i'm facing is that user
passwords in Application1
>>>>>>>>>>> database are already hashed using md5. So, i
don't really know the actual
>>>>>>>>>>> passwords (security wise that makes sense).
>>>>>>>>>>>
>>>>>>>>>>> The only solution i've come down to is
store the password as
>>>>>>>>>>> they are in keycloak (md5ed) and tell the
users to use the hashed value
>>>>>>>>>>> instead of the plaintext one wieh signing in.
Then, force them to reset
>>>>>>>>>>> passwords. Not the best UX :-(
>>>>>>>>>>>
>>>>>>>>>>> Is there a way to tell keycloak that
"these passwords are
>>>>>>>>>>> already hashed in md5" so, "store
them as they are" and "when a user tries
>>>>>>>>>>> to sign in, first hash his password with md5
and the compare to the value
>>>>>>>>>>> stored in db" or sth like that?
>>>>>>>>>>>
>>>>>>>>>>> Any alternatives come to mind ?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Regards
>>>>>>>>>>>
>>>>>>>>>>> Orestis
>>>>>>>>>>>
>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
3812
days inactive
3833
days old
12 comments
2 participants
participants (2)
-
Orestis Tsakiridis -
Stian Thorgersen