Replies: 1 comment
-
|
It's been a while since you asked this, but in case anyone else stumbles upon this question: The Keycloak Rest API expects a CredentialRepresentation Object, which has the fields secretData and credentialData. Those are both Strings which have to contain a JSON Object. In this JSON, for argon2, you need to pass the addititional Parameters as additionalParameters. For example, something like this worked for me: Note also that the argon2 String stores the Hash without padding at the end (No '=' signs), but Keycloak expects them with padding, so you need to add those. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I'm trying to migrate users from our existing database to Keycloak v26.3.4 and having some trouble migrating the passwords. I'm attempting to rehash our current user passwords with argon2 and then migrate them into Keycloak to avoid them having to change their passwords. I have been able to hash the passwords and create the new user in Keycloak but it looks like the additional parameters don't match the parameters in the hash. I'm trying to import the user credentials using the Keycloak API like this:
"credentials": [ { "hashIterations": 4, "algorithm": "argon2", "salt": "SALT", "value": "$argon2id$v=19$m=65536,t=10,p=5$SALT$HASHED_PASSWORD", "type": "password" } ]but in Keycloak I can see the parameters are different
This is new to me so any help is much appreciated.
Thanks
Beta Was this translation helpful? Give feedback.
All reactions