I can see the DefaultMongoConnectionFactoryProvider hard codes the old mongocr security:

MongoCredential credential = MongoCredential.createMongoCRCredential(user, dbName, password.toCharArray());
client = new MongoClient(new ServerAddress(host, port), Collections.singletonList(credential), clientOptions);
} else {
client = new MongoClient(new ServerAddress(host, port), clientOptions);
It should be using:
MongoCredential credential = MongoCredential.createScramSha1Credential(

On Tue, Jan 26, 2016 at 11:40 AM, Dean Peterson <peterson.dean@gmail.com> wrote:
Does keycloak v1.3.1 support mongodb 3.0 and it's new default scram-sha security?  If not, do later versions support it?