[keycloak-user] Porting user passwords to keycloak
Orestis Tsakiridis
orestis.tsakiridis at telestax.com
Tue Dec 1 07:36:46 EST 2015
Ok, so i guess i'll have to go with a workaround, password reset, etc as
i've described.
Thanks Stian
On Tue, Dec 1, 2015 at 2:29 PM, Stian Thorgersen <sthorger at redhat.com>
wrote:
> We are planning to add a Password Hashing SPI, which will allow plugging
> in additional hashing mechanisms. It's not ready quite yet though.
>
> On 1 December 2015 at 13:25, Orestis Tsakiridis <
> orestis.tsakiridis at telestax.com> wrote:
>
>> Hello,
>>
>> I'm trying to create some migration scripts that will port users from
>> Application1 into keycloak. Users in Application1 already have usernames,
>> passwords etc. I use the admin rest api to create the users.
>>
>> The problem i'm facing is that user passwords in Application1 database
>> are already hashed using md5. So, i don't really know the actual passwords
>> (security wise that makes sense).
>>
>> The only solution i've come down to is store the password as they are in
>> keycloak (md5ed) and tell the users to use the hashed value instead of the
>> plaintext one wieh signing in. Then, force them to reset passwords. Not the
>> best UX :-(
>>
>> Is there a way to tell keycloak that "these passwords are already hashed
>> in md5" so, "store them as they are" and "when a user tries to sign in,
>> first hash his password with md5 and the compare to the value stored in
>> db" or sth like that?
>>
>> Any alternatives come to mind ?
>>
>>
>> Regards
>>
>> Orestis
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151201/3d2734e6/attachment.html
More information about the keycloak-user
mailing list