[keycloak-user] Hash Algorithm

Remi Cartier remi.cartier at imetrik.com
Mon Oct 5 11:59:42 EDT 2015

Hey guys,

I will have to migrate from a custom in house user management system to keycloak.
We are using this algorithm to store salted/hashed password :

    public static String hashPassword(String password, String salt) {
        try {
            KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt.getBytes(), 2048, 160);
            SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
            byte[] hash = secretKeyFactory.generateSecret(keySpec).getEncoded();
            return new BigInteger(1, hash).toString(16);
        } catch (Exception x) {
            throw new IllegalStateException(x);

I was wondering, in order to ease the migration, if I could configure keycloak to use the same hash algorithm ?

Or if there was any other ways ? Like maybe a federation provider, but then comes the question when to push things into keycloak, at password change ?

What do you think ?



B.O.S.S. (Business & Operation Support Systems) P.O (Product Owner)

T : +1 514 448-6407 x2009
T : +1 866 276-5382 (toll free)
F : +1 514 904-0611

740 Notre Dame St. West, Suite 1575
Montreal, Quebec, Canada H3C 3X6

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151005/5d27b5be/attachment.html 

More information about the keycloak-user mailing list