[keycloak-user] Keycloak User Storage SPI with external data base based on Spring Security
Dmitry Telegin
dt at acutus.pro
Wed Jul 4 22:15:59 EDT 2018
Hi Alvaro,
Two suggestions here: install keycloak-bcrypt, create a test realm,
change password hashing algorithm to bcrypt (Authentication -> Password
policy -> Add policy... -> Hashing algorithm -> Policy Value = bcrypt),
create a user, set a password, then look into the "credential" DB table
and see what's been created. How does it compare to what you have in
Spring Security DB?
Next, you can write Guillaume (the author of keycloak-bcrypt), his
email is in the sources (pro.guillaume.leroy at gmail.com). Most likely he
has created this project for the purposes similar to yours.
Cheers,
Dmitry
On Tue, 2018-07-03 at 16:33 +0200, Alvaro Abella wrote:
> Thanks Dmitry for your orientation.
>
> I found this project https://github.com/leroyguillaume/keycloak-bcryp
> t looking about PasswordHashProvider.
> I'm a little lost about how to configure my User Storage SPI to
> connect with my database. The first approach is trying to use BCryp
> to cipher the password and compare it with the password stored on the
> database, but I don't know the salt. I'm trying to discover how
> Spring Security works.
>
> The only way that I found to connect with an user from this data
> base, is to change password from keycloak, and then due the password
> is stored in plain text, I can login successfully.
>
> Thanks!
>
> On Mon, Jul 2, 2018 at 11:13 PM, Dmitry Telegin <dt at acutus.pro>
> wrote:
> > Hi Alvaro,
> >
> > In addition to user storage provider, you'll need to implement a
> > org.keycloak.credential.hash.PasswordHashProvider. Use
> > Pbkdf2PasswordHashProvider as a reference.
> >
> > Cheers,
> > Dmitry Telegin
> > CTO, Acutus s.r.o.
> > Keycloak Consulting and Training
> >
> > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> > + 42 (022) 888-30-71
> > E-mail: info at acutus.pro
> >
> > On Mon, 2018-07-02 at 18:12 +0200, Alvaro Abella wrote:
> > > Hi,
> > > I followed this example https://github.com/keycloak/keycloak-quic
> > ksta
> > > rts/
> > > tree/latest/user-storage-jpa and I modified to connect with my
> > Oracle
> > > database after a little work with Jboss.
> > > Now, I can view all users on my Keycloak admin panel, but I can't
> > > login
> > > with them into his account because password are cyphered with
> > Bcrypt.
> > > How do you usually deal with this situations? Has anyone
> > integrated a
> > > Spring-Security-based database with keycloak?
> > >
> > > Thanks!
> > >
> > >
> >
>
>
>
> --
> Álvaro Abella González
> alvaro.abella at bluetab.net
More information about the keycloak-user
mailing list