Re: [keycloak-user] Hash Algorithm
Yeah, for now, federation provider would be the correct approach. But
if you're migrating we should provide a facility to plug in hash
algorithm. I'll add a jira.
On 10/5/2015 11:59 AM, Remi Cartier wrote:
Hey guys,
I will have to migrate from a custom in house user management system to
keycloak.
We are using this algorithm to store salted/hashed password :
public static String hashPassword(String password, String salt) {
try {
KeySpec keySpec = new PBEKeySpec(password.toCharArray(),
salt.getBytes(), 2048, 160);
SecretKeyFactory secretKeyFactory =
SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
byte[] hash =
secretKeyFactory.generateSecret(keySpec).getEncoded();
return new BigInteger(1, hash).toString(16);
} catch (Exception x) {
throw new IllegalStateException(x);
}
}
I was wondering, in order to ease the migration, if I could configure
keycloak to use the same hash algorithm ?
Or if there was any other ways ? Like maybe a federation provider, but
then comes the question when to push things into keycloak, at password
change ?
What do you think ?
Sincerely.
------------------------------------------------------------------------
REMI CARTIER
B.O.S.S. (Business & Operation Support Systems) P.O (Product Owner)
*IMETRIK GLOBAL INC.*
*T :* +1 514 448-6407 x2009
*T :* +1 866 276-5382 (toll free)
*F :* +1 514 904-0611
740 Notre Dame St. West, Suite 1575
Montreal, Quebec, Canada H3C 3X6
imetrik.com <http://www.imetrik.com/>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com