[keycloak-user] Custom password hash provider seems not getting triggered

Danny Trunk dt at zyres.com
Tue Mar 21 10:50:27 EDT 2017 

Maybe someone could help me finding the location where the password 
hashing provider should be called.

So I could take a look into the code what happens.


Am 17.03.2017 um 12:07 schrieb Danny Trunk:
> The User Storage Provider is based on the JPA Example and the Password
> Hash Provider is based on the builtin Pbkdf2.
>
> Could this be a bug in Keycloak?
>
>
> Am 15.03.2017 um 10:52 schrieb Danny Trunk:
>> This is my CredentialInputValidator.isValid implementation of the user
>> storage provider:
>>
>> public boolean isValid(RealmModel realm, UserModel user, CredentialInput
>> input) {
>>        if (!supportsCredentialType(input.getType()) || !(input instanceof
>> UserCredentialModel)) {
>>            return false;
>>        }
>>
>>        UserCredentialModel cred = (UserCredentialModel) input;
>>        String password = getPassword(user);
>>
>>        logger.info("isValid: " + password + " - " + cred.getValue());
>>        return password != null && password.equals(cred.getValue());
>> }
>>
>> After adding the logging here I can see that password is the hashed
>> password from the db and cred.getValue() returns the raw password.
>>
>> That's why I get an invalid credentials error message.
>>
>> But I don't know why it's raw in cred.getValue().
>>
>> Do I have to add the hash provider there manually?
>>
>>
>> Am 15.03.2017 um 08:06 schrieb Danny Trunk:
>>> I deployed the hash provider the same way I deployed the user storage
>>> provider: I've put the jar files into standalone/deployments:
>>>
>>> 2017-03-15 08:03:06,012 INFO  [org.jboss.as.repository]
>>> (DeploymentScanner-threads - 2) WFLYDR0001: Content added at location
>>> /opt/keycloak/standalone/data/content/5b/7be86171d601f1b725cec361a2ec9e4b8fb766/content
>>> 2017-03-15 08:03:06,015 INFO  [org.jboss.as.server.deployment] (MSC
>>> service thread 1-4) WFLYSRV0027: Starting deployment of
>>> "keycloak-navcrypt-provider.jar" (runtime-name:
>>> "keycloak-navcrypt-provider.jar")
>>> 2017-03-15 08:03:06,029 WARN  [org.jboss.as.dependency.private] (MSC
>>> service thread 1-4) WFLYSRV0018: Deployment
>>> "deployment.keycloak-navcrypt-provider.jar" is using a private module
>>> ("org.apache.commons.codec:main") which may be changed or removed in
>>> future versions without notice.
>>> 2017-03-15 08:03:06,030 WARN  [org.jboss.as.dependency.private] (MSC
>>> service thread 1-4) WFLYSRV0018: Deployment
>>> "deployment.keycloak-navcrypt-provider.jar" is using a private module
>>> ("org.apache.commons.lang:main") which may be changed or removed in
>>> future versions without notice.
>>> 2017-03-15 08:03:06,030 WARN  [org.jboss.as.dependency.private] (MSC
>>> service thread 1-4) WFLYSRV0018: Deployment
>>> "deployment.keycloak-navcrypt-provider.jar" is using a private module
>>> ("org.keycloak.keycloak-server-spi-private:main") which may be changed
>>> or removed in future versions without notice.
>>> 2017-03-15 08:03:06,040 INFO
>>> [org.keycloak.subsystem.server.extension.KeycloakProviderDeploymentProcessor]
>>> (MSC service thread 1-3) Deploying Keycloak provider: {0}
>>> 2017-03-15 08:03:06,076 INFO  [org.jboss.as.server]
>>> (DeploymentScanner-threads - 2) WFLYSRV0010: Deployed
>>> "keycloak-navcrypt-provider.jar" (runtime-name :
>>> "keycloak-navcrypt-provider.jar")
>>>
>>> Keycloak version is 2.5.4.Final
>>>
>>> In Server Info > Providers I can see my provider:
>>>
>>> password-hashing
>>>
>>> pbkdf2
>>> navcrypt
>>>
>>> Maybe I misunderstood the SPI? I'm expecting the hash provider to be
>>> called while authentication process.
>>>
>>> Am 14.03.2017 um 16:21 schrieb Bill Burke:
>>>> Hmm, the log message should be popping up.   How are you deploying your
>>>> hash provider?  Is it in the same jar as the User Storage Provider?  How
>>>> do you deploy this jar?  What version of Keycloak?
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list