Hi,
I've implemented a custom user storage provider and a custom password
hash provider as the user storage doesn't use Pbkdf2.
I added some logging to check if I can see it in the server.log but
there's no output from my custom password hash provider:
public class MyPasswordHashProvider implements
PasswordHashProviderFactory, PasswordHashProvider {
private static final Logger logger =
Logger.getLogger(MyPasswordHashProvider.class);
public static final String ID = "XX";
public PasswordHashProvider create(KeycloakSession session) {
logger.info(">>>>>> Creating factory");
return this;
}
public void close() {
logger.info("<<<<<< Closing provider/factory");
}
public void encode(String rawPassword, PasswordPolicy policy,
CredentialModel credential) {
logger.info("Encoding password");
String salt = getSalt();
String encodedPassword = encode(rawPassword, salt);
credential.setType(UserCredentialModel.PASSWORD);
credential.setValue(encodedPassword);
credential.setSalt(salt.getBytes());
credential.setAlgorithm(ID);
logger.info("Credential model: " + credential);
}
}
In src/main/resources/META-INF/services I've created a file called
org.keycloak.credential.hash.PasswordHashProviderFactory which contains
the fully qualified class name (including package):
com.example.keycloak.credential.hash.MyPasswordHashProvider
This is the log I can see while trying to login:
2017-03-14 14:57:14,215 INFO
[com.example.keycloak.storage.MyUserStorageProviderFactory] (default
task-4) >>>>>> Creating factory
2017-03-14 14:57:14,217 WARN [org.keycloak.events] (default task-4)
type=LOGIN_ERROR, realmId=test, clientId=test,
userId=f:dbXXXXbb-aXXf-XXXX-befb-XXXeaXcbXXbb:john.doe@example.com,
ipAddress=127.0.0.1, error=invalid_user_credentials,
auth_method=openid-connect, auth_type=code,
redirect_uri=https://XXX.XXX.XX.XX:8443/login.html,
code_id=fbfXbXXX-dfdX-Xfba-bfXX-XXXXacXXXeXe, username=john.doe(a)example.com
Do I miss something?