[keycloak-user] Customization of authentication mechanism and +

[Kalinga Dissanayake]

Guys,
I need to understand the capability of keycloak with my requirement and to ensure that keycloak is scalable to meet my needs. My main requirement is to integrate keycloak to our system to support SSO hence I need to migrate my existing users. My main concerns;
 
1/ Customize authentication method.
I need to authenticate users similar to what we currently use in our production system. In our system, users are identified by username, password and the pin.
For instance;
User -> jack, password -> pwd, pin -> 50000
User should enter all three to login to the system.
I went through the codebase and I saw that the Authentication Manager (which is a concrete class) does all the work inside keycloak. I managed to customize the frontend with ease, however, in order to support the pin in the backend seems like I have to customize the AuthenticationManager class (no direct SPIs).
Although there is a link here;
[ http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/authentication-spi.html ]( http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/authentication-spi.html )
I cant seem to find anything here which matches the current code base (to via a new authentication method via spis) and the example has been removed.
 
2/ Customize password hashes.
We have our own algorithm used to store password hashes. What should I do to add this to keycloak?
I do not know the current passwords of the users already in our system, so when doing the migration i need keyclock to support the current algorithm we use. Can we plugin new hashing algorithms to meet my needs?
 
 Any other issues I might face?
I feel key cloak is the right choice if the above two questions are answered. Please let me know.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150316/74431b88/attachment.html