Skip to content
/ keycloak-phpass Public

PHPass password provider in Keycloak (no encoding, verifying passwords only)

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fjf2002/keycloak-phpass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit

.settings

.settings

 
 

gradle/wrapper

gradle/wrapper

 
 

src

src

 
 

.classpath

.classpath

 
 

.gitignore

.gitignore

 
 

.project

.project

 
 

README.md

README.md

 
 

build.gradle.kts

build.gradle.kts

 
 

gradle.properties

gradle.properties

 
 

gradlew

gradlew

 
 

gradlew.bat

gradlew.bat

 
 

settings.gradle.kts

settings.gradle.kts

 
 

Repository files navigation

Keycloak PHPass

A password hash provider to handle PHPass passwords inside Keycloak.

Cannot encrypt passwords, can only verify them.

The primary purpose is to smoothly migrate from legacy databases with PHPass hashes.

You should set Authentication->Policies->Hashing Algorithm to pbkdf2-sha256. Keycloak will then automatically replace your legacy PHPass hashes with pbkdf2-sha256 hashes at the first login of the corresponding user.

Build JAR

./gradlew assemble -Pdependency.keycloak.version=${KEYCLOAK_VERSION}

Install

Copy the jar file (./build/libs) to the keycloak providers directory.

You need to restart Keycloak.

How test.

Take a user with existing credentials, and modify them to be PHPass credentials.

For example,

  • Open the database's credential table.
  • Locate the user's row.
  • In the secret_data column, set value to the full $P$... password hash.
  • In the credential_data column, set algorithm to phpass.
  • You need to restart Keycloak to clear its caches.

About

PHPass password provider in Keycloak (no encoding, verifying passwords only)

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages