[keycloak-user] Hash Algorithm

Bill Burke bburke at redhat.com
Mon Oct 5 13:08:04 EDT 2015


Yeah, for now, federation provider would be the correct approach.  But 
if you're migrating we should provide a facility to plug in hash 
algorithm.  I'll add a jira.

On 10/5/2015 11:59 AM, Remi Cartier wrote:
> Hey guys,
>
> I will have to migrate from a custom in house user management system to
> keycloak.
> We are using this algorithm to store salted/hashed password :
>
>      public static String hashPassword(String password, String salt) {
>          try {
>              KeySpec keySpec = new PBEKeySpec(password.toCharArray(),
> salt.getBytes(), 2048, 160);
>              SecretKeyFactory secretKeyFactory =
> SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
>              byte[] hash =
> secretKeyFactory.generateSecret(keySpec).getEncoded();
>              return new BigInteger(1, hash).toString(16);
>          } catch (Exception x) {
>              throw new IllegalStateException(x);
>          }
>      }
>
> I was wondering, in order to ease the migration, if I could configure
> keycloak to use the same hash algorithm ?
>
> Or if there was any other ways ? Like maybe a federation provider, but
> then comes the question when to push things into keycloak, at password
> change ?
>
> What do you think ?
>
> Sincerely.
>
> ------------------------------------------------------------------------
>
>
> REMI CARTIER
>
> B.O.S.S. (Business & Operation Support Systems) P.O (Product Owner)
>
> *IMETRIK GLOBAL INC.*
> *T :* +1 514 448-6407 x2009
> *T :* +1 866 276-5382 (toll free)
> *F :* +1 514 904-0611
>
> 740 Notre Dame St. West, Suite 1575
> Montreal, Quebec, Canada H3C 3X6
> imetrik.com <http://www.imetrik.com/>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-user mailing list