I can see the DefaultMongoConnectionFactoryProvider hard codes the old mongocr security:


	MongoCredential credential = MongoCredential.createMongoCRCredential(user, dbName, password.toCharArray());
	client = new MongoClient(new ServerAddress(host, port), Collections.singletonList(credential), clientOptions);
	} else {
	client = new MongoClient(new ServerAddress(host, port), clientOptions);
	}

It should be using:

MongoCredential credential = MongoCredential.createScramSha1Credential(

System.getProperty("mongouser"),

System.getProperty("mongodatabase"),

System.getProperty("mongopassword").toCharArray());

On Tue, Jan 26, 2016 at 11:40 AM, Dean Peterson <peterson.dean@gmail.com> wrote:

Does keycloak v1.3.1 support mongodb 3.0 and it's new default scram-sha security? If not, do later versions support it?