Great! I will keep an eye on it.
BR
Orestis
On Thu, Dec 3, 2015 at 12:18 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
That'd be great. If you watch this
https://issues.jboss.org/browse/KEYCLOAK-1900 you'll know when it's in
master.
Hopefully it should be added within a few days.
On 3 December 2015 at 10:08, Orestis Tsakiridis <
orestis.tsakiridis(a)telestax.com> wrote:
> Ok Stian.
>
> I will try to implement auth_spi.
>
> Btw, if you need any early adopters for your new Password Hashing SPI
> feature, we will gladly use it in our new "Restcomm as a Service"
> implementation and send feedback.
>
>
> Thanks
>
> Orestis
>
> Telestax
>
> On Tue, Dec 1, 2015 at 4:51 PM, Stian Thorgersen <sthorger(a)redhat.com>
> wrote:
>
>>
>>
http://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html
>>
>> On 1 December 2015 at 15:39, Orestis Tsakiridis <
>> orestis.tsakiridis(a)telestax.com> wrote:
>>
>>> Thanks Stian.
>>>
>>> Can you send me some documentation or source code pointers about
>>> "modifying the password authenticator" ? Are we talking about a
Java class,
>>> overriding login form ? sth else?
>>>
>>>
>>>
>>> On Tue, Dec 1, 2015 at 3:12 PM, Stian Thorgersen <sthorger(a)redhat.com>
>>> wrote:
>>>
>>>> So looks like we will indeed have password hash spi in 1.8. It'll be
>>>> released in early January.
>>>>
>>>> If you can't wait for that I think it would be better to not import
>>>> users with a password at all and instead send reset password links to
their
>>>> email address. That would assume all users have emails registered. Or
you
>>>> could also modify the password authenticator and make it run md5 the
value
>>>> of the input password for users that haven't updated their password
yet.
>>>>
>>>> On 1 December 2015 at 13:36, Orestis Tsakiridis <
>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>
>>>>> Ok, so i guess i'll have to go with a workaround, password reset,
etc
>>>>> as i've described.
>>>>>
>>>>> Thanks Stian
>>>>>
>>>>> On Tue, Dec 1, 2015 at 2:29 PM, Stian Thorgersen
<sthorger(a)redhat.com
>>>>> > wrote:
>>>>>
>>>>>> We are planning to add a Password Hashing SPI, which will allow
>>>>>> plugging in additional hashing mechanisms. It's not ready
quite yet though.
>>>>>>
>>>>>> On 1 December 2015 at 13:25, Orestis Tsakiridis <
>>>>>> orestis.tsakiridis(a)telestax.com> wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I'm trying to create some migration scripts that will
port users
>>>>>>> from Application1 into keycloak. Users in Application1
already have
>>>>>>> usernames, passwords etc. I use the admin rest api to create
the users.
>>>>>>>
>>>>>>> The problem i'm facing is that user passwords in
Application1
>>>>>>> database are already hashed using md5. So, i don't really
know the actual
>>>>>>> passwords (security wise that makes sense).
>>>>>>>
>>>>>>> The only solution i've come down to is store the password
as they
>>>>>>> are in keycloak (md5ed) and tell the users to use the hashed
value instead
>>>>>>> of the plaintext one wieh signing in. Then, force them to
reset passwords.
>>>>>>> Not the best UX :-(
>>>>>>>
>>>>>>> Is there a way to tell keycloak that "these passwords
are already
>>>>>>> hashed in md5" so, "store them as they are"
and "when a user tries to sign
>>>>>>> in, first hash his password with md5 and the compare to the
value stored in
>>>>>>> db" or sth like that?
>>>>>>>
>>>>>>> Any alternatives come to mind ?
>>>>>>>
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>> Orestis
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>