Couchbase DB: implement bcrypt support for password storage

JanssenProject / jans

An open source enterprise digital identity platform for CIAM or workforce... Janssen is a distribution of standards-based, developer friendly, components that are engineered to work together in any cloud. #OAuth #OpenID #FIDO

https://docs.jans.io

Apache License 2.0

471 stars 75 forks source link

Couchbase DB: implement bcrypt support for password storage #1520

Open nynymike opened 2 years ago

nynymike commented 2 years ago

It would be helpful if we could us bcrypt password hashing, instead of the native/default SSHA256 when using CB as persistence.

yurem commented 2 years ago

We can use any method from this enum. We need to specify which one to use in /etc/gluu/conf/gluu-couchbase.properties. Property:

password.encryption.method: SSHA-256

Also we support PersistenceExtension custom script in ORM with methods:

    String createHashedPassword(String credential);
    boolean compareHashedPasswords(String credential, String storedCredential);

sandovalezequiel commented 2 years ago

I've been playing a little bit with the PersistenceExtension script, I could execute the compareHashedPasswords. But when I create a new User via SCIM endpoint 'createHashedPassword' is never executed, but it is actually defined on my script. Could it be possible that for SCIM this is somehow skipped or executed on a different way? For example I can see on CouchbaseOperationServiceImpl that createStoragePassword method has the logic to execute the script code, but is not executed when I go through SCIM