[keycloak-user] Custom password hash provider seems not getting triggered
Bill Burke
bburke at redhat.com
Tue Mar 14 11:21:48 EDT 2017
Hmm, the log message should be popping up. How are you deploying your
hash provider? Is it in the same jar as the User Storage Provider? How
do you deploy this jar? What version of Keycloak?
On 3/14/17 9:59 AM, Danny Trunk wrote:
> Hi,
>
> I've implemented a custom user storage provider and a custom password
> hash provider as the user storage doesn't use Pbkdf2.
> I added some logging to check if I can see it in the server.log but
> there's no output from my custom password hash provider:
>
> public class MyPasswordHashProvider implements
> PasswordHashProviderFactory, PasswordHashProvider {
>
> private static final Logger logger =
> Logger.getLogger(MyPasswordHashProvider.class);
> public static final String ID = "XX";
>
> public PasswordHashProvider create(KeycloakSession session) {
> logger.info(">>>>>> Creating factory");
> return this;
> }
>
> public void close() {
> logger.info("<<<<<< Closing provider/factory");
> }
>
> public void encode(String rawPassword, PasswordPolicy policy,
> CredentialModel credential) {
> logger.info("Encoding password");
>
> String salt = getSalt();
> String encodedPassword = encode(rawPassword, salt);
>
> credential.setType(UserCredentialModel.PASSWORD);
> credential.setValue(encodedPassword);
> credential.setSalt(salt.getBytes());
> credential.setAlgorithm(ID);
>
> logger.info("Credential model: " + credential);
> }
> }
>
> In src/main/resources/META-INF/services I've created a file called
> org.keycloak.credential.hash.PasswordHashProviderFactory which contains
> the fully qualified class name (including package):
> com.example.keycloak.credential.hash.MyPasswordHashProvider
>
> This is the log I can see while trying to login:
> 2017-03-14 14:57:14,215 INFO
> [com.example.keycloak.storage.MyUserStorageProviderFactory] (default
> task-4) >>>>>> Creating factory
> 2017-03-14 14:57:14,217 WARN [org.keycloak.events] (default task-4)
> type=LOGIN_ERROR, realmId=test, clientId=test,
> userId=f:dbXXXXbb-aXXf-XXXX-befb-XXXeaXcbXXbb:john.doe at example.com,
> ipAddress=127.0.0.1, error=invalid_user_credentials,
> auth_method=openid-connect, auth_type=code,
> redirect_uri=https://XXX.XXX.XX.XX:8443/login.html,
> code_id=fbfXbXXX-dfdX-Xfba-bfXX-XXXXacXXXeXe, username=john.doe at example.com
>
> Do I miss something?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list