I’m a new user of KeyCloak. My company is currently transferring from a legacy monolith server to microservices. Therefore we are starting a migration process to KeyCloak. Up till now, it is going very well. However, our legacy user management password-hashing method uses both password and username, but in KeyCloak the PasswordHashProvider.encodedCredential method accepts only the raw password as a parameter. Is there a way to override this behavior?
I will be happy to get some feedback.
You could write a custom Authenticator to override UsernamePasswordForm (if that’s what you’re using in your auth flow) and then update the form value for the password to something like “{username}{special delimiter}{password}”. Then your PasswordHashProvider could parse out the username and password.
Hi, Thanks for your answer!
I was wandering, can I create my own UserStorageProvider that overrides the UserStorageProvider, CredentialInputValidator,
CredentialInputUpdater,
UserStorageProviderFactory interfaces and change behavior from there?
I’m asking because I need to override both isValid and createCredential methods. Does it make sense?