Ok, so i guess i'll have to go with a workaround, password reset, etc as
i've described.
Thanks Stian
On Tue, Dec 1, 2015 at 2:29 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
We are planning to add a Password Hashing SPI, which will allow
plugging
in additional hashing mechanisms. It's not ready quite yet though.
On 1 December 2015 at 13:25, Orestis Tsakiridis <
orestis.tsakiridis(a)telestax.com> wrote:
> Hello,
>
> I'm trying to create some migration scripts that will port users from
> Application1 into keycloak. Users in Application1 already have usernames,
> passwords etc. I use the admin rest api to create the users.
>
> The problem i'm facing is that user passwords in Application1 database
> are already hashed using md5. So, i don't really know the actual passwords
> (security wise that makes sense).
>
> The only solution i've come down to is store the password as they are in
> keycloak (md5ed) and tell the users to use the hashed value instead of the
> plaintext one wieh signing in. Then, force them to reset passwords. Not the
> best UX :-(
>
> Is there a way to tell keycloak that "these passwords are already hashed
> in md5" so, "store them as they are" and "when a user tries to
sign in,
> first hash his password with md5 and the compare to the value stored in
> db" or sth like that?
>
> Any alternatives come to mind ?
>
>
> Regards
>
> Orestis
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>