[keycloak-user] Custom password hash provider seems not getting triggered

Danny Trunk dt at zyres.com
Tue Mar 14 09:59:10 EDT 2017 

Hi,

I've implemented a custom user storage provider and a custom password 
hash provider as the user storage doesn't use Pbkdf2.
I added some logging to check if I can see it in the server.log but 
there's no output from my custom password hash provider:

public class MyPasswordHashProvider implements 
PasswordHashProviderFactory, PasswordHashProvider {

     private static final Logger logger = 
Logger.getLogger(MyPasswordHashProvider.class);
     public static final String ID = "XX";

     public PasswordHashProvider create(KeycloakSession session) {
         logger.info(">>>>>> Creating factory");
         return this;
     }

     public void close() {
         logger.info("<<<<<< Closing provider/factory");
     }

     public void encode(String rawPassword, PasswordPolicy policy, 
CredentialModel credential) {
         logger.info("Encoding password");

         String salt = getSalt();
         String encodedPassword = encode(rawPassword, salt);

         credential.setType(UserCredentialModel.PASSWORD);
         credential.setValue(encodedPassword);
         credential.setSalt(salt.getBytes());
         credential.setAlgorithm(ID);

         logger.info("Credential model: " + credential);
     }
}

In src/main/resources/META-INF/services I've created a file called 
org.keycloak.credential.hash.PasswordHashProviderFactory which contains 
the fully qualified class name (including package): 
com.example.keycloak.credential.hash.MyPasswordHashProvider

This is the log I can see while trying to login:
2017-03-14 14:57:14,215 INFO 
[com.example.keycloak.storage.MyUserStorageProviderFactory] (default 
task-4) >>>>>> Creating factory
2017-03-14 14:57:14,217 WARN  [org.keycloak.events] (default task-4) 
type=LOGIN_ERROR, realmId=test, clientId=test, 
userId=f:dbXXXXbb-aXXf-XXXX-befb-XXXeaXcbXXbb:john.doe at example.com, 
ipAddress=127.0.0.1, error=invalid_user_credentials, 
auth_method=openid-connect, auth_type=code, 
redirect_uri=https://XXX.XXX.XX.XX:8443/login.html, 
code_id=fbfXbXXX-dfdX-Xfba-bfXX-XXXXacXXXeXe, username=john.doe at example.com

Do I miss something?

More information about the keycloak-user mailing list