KC 9.0.0 compatibility?

dreezey / argon2-password-hash-provider

Argon2 Password Hash Provider for Keycloak

Apache License 2.0

25 stars 16 forks source link

KC 9.0.0 compatibility? #1

Closed iilei closed 4 years ago

iilei commented 4 years ago

Hi, I made an attempt to use argon2 in Keycloak v9 -- I think I am missing something here, because Keycloak complains the Password Hashing Provider "argon2" is not found.

Here is my Dockerfile - I'd appreciate your help.

dreezey commented 4 years ago

Hi @iilei ,

I was working on bumping to 9.0.0, just had to perform some additional testing.

However, it could also be a missing system dependency; you may need to install argon2 package:

microdnf install argon2;

I'm not sure whether it's in the repositories of the jboss/keycloak container, you might need to check that.

iilei commented 4 years ago

Thank you for the swift response - I updated the Dockerfile so argon2 is available on he command line.

I'll proceed with my experiments once you released v9. Thanks :)

dreezey commented 4 years ago

@iilei just updated to support Keycloak 9.0.0 as well.

Tested your Dockerfile, but noticed the provider was not loaded. I manually moved it to ./standalone/deployments (hot-deployment) and that worked. So you could either move it there, or open a PR to make it load via "providers" as well, I haven't tested that myself yet.

iilei commented 4 years ago

So is the Readme outdated on that matter?

... create the directory in ./modules/: mkdir -p ./modules/system/layers/custom Now simply copy the 2 jboss modules folders into the custom directory in Keycloak modules.

Regarding the PR to make it load via "providers" as well – once I managed that, I'll happily do so. Might take a while though.

dreezey commented 4 years ago

@iilei README was not very clear, I improved the installation instructions.

The provider itself should be dropped in ./standalone/deployments/ directory such that it can be deployed by the Keycloak Deployer (see README).

But you'd still need to modify your Dockerfile:

RUN echo "layers=keycloak,custom" >| /opt/jboss/keycloak/modules/layers.conf && \
    mkdir -p /opt/jboss/keycloak/modules/system/layers/custom && \
    cp -R  /usr/src/${HASH_PROVIDER_NAME}-${HASH_PROVIDER_REF}/target/jboss-modules/de /usr/src/${HASH_PROVIDER_NAME}-${HASH_PROVIDER_REF}/target/jboss-modules/net /opt/jboss/keycloak/modules/system/layers/custom/ && \
    cp -r /usr/src/${HASH_PROVIDER_NAME}-${HASH_PROVIDER_REF}/target/argon2-password-hash-provider-${HASH_PROVIDER_REF}.jar /opt/jboss/keycloak/standalone/deployments/

Noticed that the artifact name is different from the repository name, which may cause problems so I'll rename the repository such that it reflects the artifact name, which is cleaner IMO.

iilei commented 4 years ago

@dreezey thank's a bunch, now I got it running.

☝️🎩