7:25 a.m.
We desire to create customised credential SPI for device fingerprinting. We
developed an authenticator SPI but we got an issue about credential size.
By default standard credential model limits the secret attribute to 4 KB.
Our fingerprint requires around 30 KB. What is the best way to solve this
issue ? Based on our research, I think there are 3 different approaches:
1. split the fingerprint in 4K blocks. Simple to develop but it will
increase credential table entries by 8 ! Also, the 4K default size might
change in a future release.
2. extend userstorage and credentialModel classes. I’m not sure of this
solution as the users are local to Keycloak.
3. extend UsercredentialStore and create a new credential table.
From my perspective, this should be the best solution but not sure it
will
be possible. I’ll be happy to get community advice. Thanks,
7:51 a.m.
Maybe this can help?
https://www.keycloak.org/docs/latest/server_development/index.html#_exten...
On Wed, Aug 1, 2018 at 9:25 AM, Mangna POUTOULI <mangna.poutouli(a)gmail.com>
wrote:
We desire to create customised credential SPI for device
fingerprinting. We
developed an authenticator SPI but we got an issue about credential size.
By default standard credential model limits the secret attribute to 4 KB.
Our fingerprint requires around 30 KB. What is the best way to solve this
issue ? Based on our research, I think there are 3 different approaches:
1. split the fingerprint in 4K blocks. Simple to develop but it will
increase credential table entries by 8 ! Also, the 4K default size might
change in a future release.
2. extend userstorage and credentialModel classes. I’m not sure of this
solution as the users are local to Keycloak.
3. extend UsercredentialStore and create a new credential table.
From my perspective, this should be the best solution but not sure it will
be possible. I’ll be happy to get community advice. Thanks,
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
7:10 p.m.
Hi,
Agree with Pedro, I'd also recommend creating a custom JPA entity for your credentials
and use it in your authenticator.
Or maybe there is another way - to file a RFE in JIRA, so maybe the developers are OK with
increasing the field length to, say, 32K?
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Wed, 2018-08-01 at 09:51 -0300, Pedro Igor Silva wrote:
Maybe this can help?
https://www.keycloak.org/docs/latest/server_development/index.html#_exten...
On Wed, Aug 1, 2018 at 9:25 AM, Mangna POUTOULI <mangna.poutouli(a)gmail.com>
wrote:
> We desire to create customised credential SPI for device fingerprinting. We
> developed an authenticator SPI but we got an issue about credential size.
> By default standard credential model limits the secret attribute to 4 KB.
> Our fingerprint requires around 30 KB. What is the best way to solve this
> issue ? Based on our research, I think there are 3 different approaches:
>
> 1. split the fingerprint in 4K blocks. Simple to develop but it will
> increase credential table entries by 8 ! Also, the 4K default size might
> change in a future release.
> 2. extend userstorage and credentialModel classes. I’m not sure of this
> solution as the users are local to Keycloak.
> 3. extend UsercredentialStore and create a new credential table.
>
> From my perspective, this should be the best solution but not sure it will
> be possible. I’ll be happy to get community advice. Thanks,
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2339
days inactive
2340
days old
2 comments
3 participants
participants (3)
-
Dmitry Telegin -
Mangna POUTOULI -
Pedro Igor Silva