[keycloak-user] mongodb 3.0 scram-sha security

Dean Peterson peterson.dean at gmail.com
Tue Jan 26 12:53:20 EST 2016


I can see the DefaultMongoConnectionFactoryProvider hard codes the old
mongocr security:


MongoCredential credential = MongoCredential.createMongoCRCredential(user,
dbName, password.toCharArray());
client = new MongoClient(new ServerAddress(host, port),
Collections.singletonList(credential),
clientOptions);
} else {
client = new MongoClient(new ServerAddress(host, port), clientOptions);
} It should be using:
MongoCredential credential = MongoCredential.createScramSha1Credential(
System.getProperty("mongouser"),
System.getProperty("mongodatabase"),
System.getProperty("mongopassword").toCharArray());

On Tue, Jan 26, 2016 at 11:40 AM, Dean Peterson <peterson.dean at gmail.com>
wrote:

> Does keycloak v1.3.1 support mongodb 3.0 and it's new default scram-sha
> security?  If not, do later versions support it?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160126/ffba1914/attachment.html 


More information about the keycloak-user mailing list