dreezey
commented
3 years ago @RobertHeim code changes look good, just tested this and Keycloak is now able to migrate to this hashing algorithm transparently as expected, thanks!
Closed RobertHeim closed 3 years ago
dreezey
commented
3 years ago @RobertHeim code changes look good, just tested this and Keycloak is now able to migrate to this hashing algorithm transparently as expected, thanks!
The
extractArgon2ParametersFromEncodedPasswordassumesargon2based hashes and hence fails with an "Index out of bound" exception if the hash does not include a$sign. The introduced test checks this assumption to short cut testing the policy. If the stored hash is not anargon2-hash than the policy is violated and a rehash is required.see #3