Hi Alvaro,
Two suggestions here: install keycloak-bcrypt, create a test realm,
change password hashing algorithm to bcrypt (Authentication -> Password
policy -> Add policy... -> Hashing algorithm -> Policy Value = bcrypt),
create a user, set a password, then look into the "credential" DB table
and see what's been created. How does it compare to what you have in
Spring Security DB?
Next, you can write Guillaume (the author of keycloak-bcrypt), his
email is in the sources (pro.guillaume.leroy(a)gmail.com). Most likely he
has created this project for the purposes similar to yours.
Cheers,
Dmitry
On Tue, 2018-07-03 at 16:33 +0200, Alvaro Abella wrote:
Thanks Dmitry for your orientation.
I found this
project https://github.com/leroyguillaume/keycloak-bcryp
t looking about PasswordHashProvider.
I'm a little lost about how to configure my User Storage SPI to
connect with my database. The first approach is trying to use BCryp
to cipher the password and compare it with the password stored on the
database, but I don't know the salt. I'm trying to discover how
Spring Security works.
The only way that I found to connect with an user from this data
base, is to change password from keycloak, and then due the password
is stored in plain text, I can login successfully.
Thanks!
On Mon, Jul 2, 2018 at 11:13 PM, Dmitry Telegin <dt(a)acutus.pro>
wrote:
> Hi Alvaro,
>
> In addition to user storage provider, you'll need to implement a
> org.keycloak.credential.hash.PasswordHashProvider. Use
> Pbkdf2PasswordHashProvider as a reference.
>
> Cheers,
> Dmitry Telegin
> CTO, Acutus s.r.o.
> Keycloak Consulting and Training
>
> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> + 42 (022) 888-30-71
> E-mail: info(a)acutus.pro
>
> On Mon, 2018-07-02 at 18:12 +0200, Alvaro Abella wrote:
> > Hi,
> > I followed this example
https://github.com/keycloak/keycloak-quic
> ksta
> > rts/
> > tree/latest/user-storage-jpa and I modified to connect with my
> Oracle
> > database after a little work with Jboss.
> > Now, I can view all users on my Keycloak admin panel, but I can't
> > login
> > with them into his account because password are cyphered with
> Bcrypt.
> > How do you usually deal with this situations? Has anyone
> integrated a
> > Spring-Security-based database with keycloak?
> >
> > Thanks!
> >
> >
>
--
Álvaro Abella González
alvaro.abella(a)bluetab.net