[keycloak-user] Custom password hash provider seems not getting triggered
Danny Trunk
dt at zyres.com
Wed Mar 15 05:52:21 EDT 2017
This is my CredentialInputValidator.isValid implementation of the user
storage provider:
public boolean isValid(RealmModel realm, UserModel user, CredentialInput
input) {
if (!supportsCredentialType(input.getType()) || !(input instanceof
UserCredentialModel)) {
return false;
}
UserCredentialModel cred = (UserCredentialModel) input;
String password = getPassword(user);
logger.info("isValid: " + password + " - " + cred.getValue());
return password != null && password.equals(cred.getValue());
}
After adding the logging here I can see that password is the hashed
password from the db and cred.getValue() returns the raw password.
That's why I get an invalid credentials error message.
But I don't know why it's raw in cred.getValue().
Do I have to add the hash provider there manually?
Am 15.03.2017 um 08:06 schrieb Danny Trunk:
> I deployed the hash provider the same way I deployed the user storage
> provider: I've put the jar files into standalone/deployments:
>
> 2017-03-15 08:03:06,012 INFO [org.jboss.as.repository]
> (DeploymentScanner-threads - 2) WFLYDR0001: Content added at location
> /opt/keycloak/standalone/data/content/5b/7be86171d601f1b725cec361a2ec9e4b8fb766/content
> 2017-03-15 08:03:06,015 INFO [org.jboss.as.server.deployment] (MSC
> service thread 1-4) WFLYSRV0027: Starting deployment of
> "keycloak-navcrypt-provider.jar" (runtime-name:
> "keycloak-navcrypt-provider.jar")
> 2017-03-15 08:03:06,029 WARN [org.jboss.as.dependency.private] (MSC
> service thread 1-4) WFLYSRV0018: Deployment
> "deployment.keycloak-navcrypt-provider.jar" is using a private module
> ("org.apache.commons.codec:main") which may be changed or removed in
> future versions without notice.
> 2017-03-15 08:03:06,030 WARN [org.jboss.as.dependency.private] (MSC
> service thread 1-4) WFLYSRV0018: Deployment
> "deployment.keycloak-navcrypt-provider.jar" is using a private module
> ("org.apache.commons.lang:main") which may be changed or removed in
> future versions without notice.
> 2017-03-15 08:03:06,030 WARN [org.jboss.as.dependency.private] (MSC
> service thread 1-4) WFLYSRV0018: Deployment
> "deployment.keycloak-navcrypt-provider.jar" is using a private module
> ("org.keycloak.keycloak-server-spi-private:main") which may be changed
> or removed in future versions without notice.
> 2017-03-15 08:03:06,040 INFO
> [org.keycloak.subsystem.server.extension.KeycloakProviderDeploymentProcessor]
> (MSC service thread 1-3) Deploying Keycloak provider: {0}
> 2017-03-15 08:03:06,076 INFO [org.jboss.as.server]
> (DeploymentScanner-threads - 2) WFLYSRV0010: Deployed
> "keycloak-navcrypt-provider.jar" (runtime-name :
> "keycloak-navcrypt-provider.jar")
>
> Keycloak version is 2.5.4.Final
>
> In Server Info > Providers I can see my provider:
>
> password-hashing
>
> pbkdf2
> navcrypt
>
> Maybe I misunderstood the SPI? I'm expecting the hash provider to be
> called while authentication process.
>
> Am 14.03.2017 um 16:21 schrieb Bill Burke:
>> Hmm, the log message should be popping up. How are you deploying your
>> hash provider? Is it in the same jar as the User Storage Provider? How
>> do you deploy this jar? What version of Keycloak?
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list