This is my CredentialInputValidator.isValid implementation of the user
storage provider:
public boolean isValid(RealmModel realm, UserModel user, CredentialInput
input) {
if (!supportsCredentialType(input.getType()) || !(input instanceof
UserCredentialModel)) {
return false;
}
UserCredentialModel cred = (UserCredentialModel) input;
String password = getPassword(user);
logger.info("isValid: " + password + " - " + cred.getValue());
return password != null && password.equals(cred.getValue());
}
After adding the logging here I can see that password is the hashed
password from the db and cred.getValue() returns the raw password.
That's why I get an invalid credentials error message.
But I don't know why it's raw in cred.getValue().
Do I have to add the hash provider there manually?
Am 15.03.2017 um 08:06 schrieb Danny Trunk:
I deployed the hash provider the same way I deployed the user
storage
provider: I've put the jar files into standalone/deployments:
2017-03-15 08:03:06,012 INFO [org.jboss.as.repository]
(DeploymentScanner-threads - 2) WFLYDR0001: Content added at location
/opt/keycloak/standalone/data/content/5b/7be86171d601f1b725cec361a2ec9e4b8fb766/content
2017-03-15 08:03:06,015 INFO [org.jboss.as.server.deployment] (MSC
service thread 1-4) WFLYSRV0027: Starting deployment of
"keycloak-navcrypt-provider.jar" (runtime-name:
"keycloak-navcrypt-provider.jar")
2017-03-15 08:03:06,029 WARN [org.jboss.as.dependency.private] (MSC
service thread 1-4) WFLYSRV0018: Deployment
"deployment.keycloak-navcrypt-provider.jar" is using a private module
("org.apache.commons.codec:main") which may be changed or removed in
future versions without notice.
2017-03-15 08:03:06,030 WARN [org.jboss.as.dependency.private] (MSC
service thread 1-4) WFLYSRV0018: Deployment
"deployment.keycloak-navcrypt-provider.jar" is using a private module
("org.apache.commons.lang:main") which may be changed or removed in
future versions without notice.
2017-03-15 08:03:06,030 WARN [org.jboss.as.dependency.private] (MSC
service thread 1-4) WFLYSRV0018: Deployment
"deployment.keycloak-navcrypt-provider.jar" is using a private module
("org.keycloak.keycloak-server-spi-private:main") which may be changed
or removed in future versions without notice.
2017-03-15 08:03:06,040 INFO
[org.keycloak.subsystem.server.extension.KeycloakProviderDeploymentProcessor]
(MSC service thread 1-3) Deploying Keycloak provider: {0}
2017-03-15 08:03:06,076 INFO [org.jboss.as.server]
(DeploymentScanner-threads - 2) WFLYSRV0010: Deployed
"keycloak-navcrypt-provider.jar" (runtime-name :
"keycloak-navcrypt-provider.jar")
Keycloak version is 2.5.4.Final
In Server Info > Providers I can see my provider:
password-hashing
pbkdf2
navcrypt
Maybe I misunderstood the SPI? I'm expecting the hash provider to be
called while authentication process.
Am 14.03.2017 um 16:21 schrieb Bill Burke:
> Hmm, the log message should be popping up. How are you deploying your
> hash provider? Is it in the same jar as the User Storage Provider? How
> do you deploy this jar? What version of Keycloak?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user