From Jean-Damien.BOUVIER at calvados.fr Wed Jan 30 06:50:48 2019 Content-Type: multipart/mixed; boundary="===============8174622336932918071==" MIME-Version: 1.0 From: BOUVIER Jean-Damien To: keycloak-user at lists.jboss.org Subject: [keycloak-user] Add optional LDAP userPassword hashing Date: Wed, 30 Jan 2019 11:50:45 +0000 Message-ID: <9b8eac664ecc4ebc8e710d1630f2bb43@calvados.fr> --===============8174622336932918071== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Hi all ! My problem is described in the KEYCLOAK-4989 issue, titled < add optional L= DAP userPassword hashing > I'm in the worst case scenario as I use OpenLDAP that doesn't hash password= by default and the way it has been installed, I don't have the < ppolicy o= verlay > available. So Keycloak sends password in clear text and I thought that I could add spe= cific OpenLDAP configuration to hash the password before. The LDAP administration has already some specific configuration for AD and = I thought that I could start from here. (org.keycloak.storage.ldap.mappers.= msad. MSADUserAccountControlStorageMapperFactory for example) So, I've written my own StorageMapperFactory : public class OpenLDAPUserAccountControlStorageMapperFactory implements LDAP= StorageMapperFactory That needs these dependencies : org.keycloak keycloak-core ${version.keycloak} provided org.keycloak keycloak-services ${version.keycloak} provided org.keycloak keycloak-server-spi ${version.keycloak} provided org.keycloak keycloak-ldap-federation ${version.keycloak} provided But whenever I try to deploy the jar, I get : cat hash-password-openldap-provider.jar.failed {"WFLYCTL0080: Failed services" =3D> {"jboss.deployment.unit.\"hash-passwor= d-openldap-provider.jar\".POST_MODULE" =3D> "WFLYSRV0153: Failed to process= phase POST_MODULE of deployment \"hash-password-openldap-provider.jar\" Caused by: java.lang.NoClassDefFoundError: Failed to link fr/calvados/k= eycloak/storage/ldap/mappers/openldap/OpenLDAPUserAccountControlStorageMapp= erFactory (Module \"deployment.hash-password-openldap-provider.jar\" from S= ervice Module Loader): org/keycloak/storage/ldap/mappers/LDAPStorageMapperF= actory"}} I probably lack one dependence but I can't find which one as the error mess= age doesn't give a clue and my maven project compiles. Could you help me to find out what is wrong ? Regards, Jean-Damien Bouvier 3D"Calvados ***************************************************************************= *********************** =C2=AB Cette transmission contient des informations confidentielles et/ou p= ersonnelles appartenant au conseil d=C3=A9partemental du Calvados pour =C3=AAtre utilis= =C3=A9es exclusivement par le destinataire. Toute utilisation, reproduction, publication, diffusion en l'= =C3=A9tat ou partiellement par une autre personne que le destinataire est interdite, sau= f autorisation expresse du conseil d=C3=A9partemental du Calvados. En cas d'erreur de tran= smission, merci de d=C3=A9truire le(s) document(s) re=C3=A7u(s). Le conseil d=C3=A9partemental= du Calvados n'est pas responsable des virus, alt=C3=A9rations, falsifications. Droits r=C3=A9serv=C3=A9s - conseil d=C3=A9partemental du Calvados=C2=BB. ***************************************************************************= *********************** --===============8174622336932918071==-- From dt at acutus.pro Fri Feb 1 15:13:20 2019 Content-Type: multipart/mixed; boundary="===============0045236580953083230==" MIME-Version: 1.0 From: Dmitry Telegin
To: keycloak-user at lists.jboss.org Subject: Re: [keycloak-user] Add optional LDAP userPassword hashing Date: Fri, 01 Feb 2019 23:13:17 +0300 Message-ID: <1549051997.23571.14.camel@acutus.pro> In-Reply-To: 9b8eac664ecc4ebc8e710d1630f2bb43@calvados.fr --===============0045236580953083230== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Hello Jean-Damien, When deploying via the standalone/deployments dir, you'll need to provide a= META-INF/jboss-deployment-structure.xml similar to this: AFAIK other dependencies (keycloak-core,=C2=A0keycloak-services,=C2=A0keycl= oak-server-spi) should be provided implicitly, so no need to declare them. Good luck, Dmitry Telegin CTO, Acutus s.r.o. Keycloak Consulting and Training Pod lipami street 339/52, 130 00 Prague 3, Czech Republic +42 (022) 888-30-71 E-mail: info(a)acutus.pro On Wed, 2019-01-30 at 11:50 +0000, BOUVIER Jean-Damien wrote: > Hi all ! > = > My problem is described in the KEYCLOAK-4989 issue, titled < add optional= LDAP userPassword hashing > > = > I'm in the worst case scenario as I use OpenLDAP that doesn't hash passwo= rd by default and the way it has been installed, I don't have the < ppolicy= overlay > available. > So Keycloak sends password in clear text and I thought that I could add s= pecific OpenLDAP configuration to hash the password before. > The LDAP administration has already some specific configuration for AD an= d I thought that I could start from here. (org.keycloak.storage.ldap.mapper= s.msad. MSADUserAccountControlStorageMapperFactory for example) > = > So, I've written my own StorageMapperFactory : > = > public class OpenLDAPUserAccountControlStorageMapperFactory implements LD= APStorageMapperFactory > = > That needs these dependencies : > = > =C2=A0=C2=A0=C2=A0 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0<= groupId>org.keycloak > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0<= artifactId>keycloak-core > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0<= version>${version.keycloak} > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0<= scope>provided > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0<= groupId>org.keycloak > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0<= artifactId>keycloak-services > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0<= version>${version.keycloak} > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0<= scope>provided > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0<= groupId>org.keycloak > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0<= artifactId>keycloak-server-spi > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0<= version>${version.keycloak} > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0<= scope>provided > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0<= groupId>org.keycloak > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0<= artifactId>keycloak-ldap-federation > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0<= version>${version.keycloak} > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0<= scope>provided > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > =C2=A0=C2=A0=C2=A0=C2=A0 > = > But whenever I try to deploy the jar, I get : > = > cat hash-password-openldap-provider.jar.failed > {"WFLYCTL0080: Failed services" =3D> {"jboss.deployment.unit.\"hash-passw= ord-openldap-provider.jar\".POST_MODULE" =3D> "WFLYSRV0153: Failed to proce= ss phase POST_MODULE of deployment \"hash-password-openldap-provider.jar\" > =C2=A0=C2=A0=C2=A0=C2=A0Caused by: java.lang.NoClassDefFoundError: Failed= to link fr/calvados/keycloak/storage/ldap/mappers/openldap/OpenLDAPUserAcc= ountControlStorageMapperFactory (Module \"deployment.hash-password-openldap= -provider.jar\" from Service Module Loader): org/keycloak/storage/ldap/mapp= ers/LDAPStorageMapperFactory"}} > = > I probably lack one dependence but I can't find which one as the error me= ssage doesn't give a clue and my maven project compiles. > = > Could you help me to find out what is wrong ? > = > Regards, > Jean-Damien Bouvier > = > = > > 3D"Calvados= > *************************************************************************= ************************* > =C2=AB Cette transmission contient des informations confidentielles et/ou= personnelles > appartenant au conseil d=C3=A9partemental du Calvados pour =C3=AAtre util= is=C3=A9es exclusivement par le > destinataire. Toute utilisation, reproduction, publication, diffusion en = l'=C3=A9tat ou > partiellement par une autre personne que le destinataire est interdite, s= auf autorisation > expresse du conseil d=C3=A9partemental du Calvados. En cas d'erreur de tr= ansmission, merci de > d=C3=A9truire le(s) document(s) re=C3=A7u(s). Le conseil d=C3=A9partement= al du Calvados n'est pas > responsable des virus, alt=C3=A9rations, falsifications. > Droits r=C3=A9serv=C3=A9s - conseil d=C3=A9partemental du Calvados=C2=BB. > *************************************************************************= ************************* > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user --===============0045236580953083230==--