[keycloak-user] Custom password hash provider seems not getting triggered
Danny Trunk
dt at zyres.com
Fri Mar 17 07:07:50 EDT 2017
The User Storage Provider is based on the JPA Example and the Password
Hash Provider is based on the builtin Pbkdf2.
Could this be a bug in Keycloak?
Am 15.03.2017 um 10:52 schrieb Danny Trunk:
> This is my CredentialInputValidator.isValid implementation of the user
> storage provider:
>
> public boolean isValid(RealmModel realm, UserModel user, CredentialInput
> input) {
> if (!supportsCredentialType(input.getType()) || !(input instanceof
> UserCredentialModel)) {
> return false;
> }
>
> UserCredentialModel cred = (UserCredentialModel) input;
> String password = getPassword(user);
>
> logger.info("isValid: " + password + " - " + cred.getValue());
> return password != null && password.equals(cred.getValue());
> }
>
> After adding the logging here I can see that password is the hashed
> password from the db and cred.getValue() returns the raw password.
>
> That's why I get an invalid credentials error message.
>
> But I don't know why it's raw in cred.getValue().
>
> Do I have to add the hash provider there manually?
>
>
> Am 15.03.2017 um 08:06 schrieb Danny Trunk:
>> I deployed the hash provider the same way I deployed the user storage
>> provider: I've put the jar files into standalone/deployments:
>>
>> 2017-03-15 08:03:06,012 INFO [org.jboss.as.repository]
>> (DeploymentScanner-threads - 2) WFLYDR0001: Content added at location
>> /opt/keycloak/standalone/data/content/5b/7be86171d601f1b725cec361a2ec9e4b8fb766/content
>> 2017-03-15 08:03:06,015 INFO [org.jboss.as.server.deployment] (MSC
>> service thread 1-4) WFLYSRV0027: Starting deployment of
>> "keycloak-navcrypt-provider.jar" (runtime-name:
>> "keycloak-navcrypt-provider.jar")
>> 2017-03-15 08:03:06,029 WARN [org.jboss.as.dependency.private] (MSC
>> service thread 1-4) WFLYSRV0018: Deployment
>> "deployment.keycloak-navcrypt-provider.jar" is using a private module
>> ("org.apache.commons.codec:main") which may be changed or removed in
>> future versions without notice.
>> 2017-03-15 08:03:06,030 WARN [org.jboss.as.dependency.private] (MSC
>> service thread 1-4) WFLYSRV0018: Deployment
>> "deployment.keycloak-navcrypt-provider.jar" is using a private module
>> ("org.apache.commons.lang:main") which may be changed or removed in
>> future versions without notice.
>> 2017-03-15 08:03:06,030 WARN [org.jboss.as.dependency.private] (MSC
>> service thread 1-4) WFLYSRV0018: Deployment
>> "deployment.keycloak-navcrypt-provider.jar" is using a private module
>> ("org.keycloak.keycloak-server-spi-private:main") which may be changed
>> or removed in future versions without notice.
>> 2017-03-15 08:03:06,040 INFO
>> [org.keycloak.subsystem.server.extension.KeycloakProviderDeploymentProcessor]
>> (MSC service thread 1-3) Deploying Keycloak provider: {0}
>> 2017-03-15 08:03:06,076 INFO [org.jboss.as.server]
>> (DeploymentScanner-threads - 2) WFLYSRV0010: Deployed
>> "keycloak-navcrypt-provider.jar" (runtime-name :
>> "keycloak-navcrypt-provider.jar")
>>
>> Keycloak version is 2.5.4.Final
>>
>> In Server Info > Providers I can see my provider:
>>
>> password-hashing
>>
>> pbkdf2
>> navcrypt
>>
>> Maybe I misunderstood the SPI? I'm expecting the hash provider to be
>> called while authentication process.
>>
>> Am 14.03.2017 um 16:21 schrieb Bill Burke:
>>> Hmm, the log message should be popping up. How are you deploying your
>>> hash provider? Is it in the same jar as the User Storage Provider? How
>>> do you deploy this jar? What version of Keycloak?
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list