Skip to content

Add {SSHA} hashing OpenLDAP support to Keycloak. i.e. you're migrating to Keycloak and need to import legacy passwords stored as SHA-1 salted hashes in OpenLDAP.

Notifications You must be signed in to change notification settings

ristekusdi/keycloak-ssha

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Keycloak SSHA

Add salted SHA1 hashing OpenLDAP support to Keycloak. i.e. you're migrating to Keycloak and need to import legacy passwords stored as SHA-1 salted hashes in OpenLDAP.

Requirements

  • Java 17
  • Maven 3.9.6

Building

  • Run mvn package
  • JAR archive is generated in ./target/keycloak-ssha.jar

Deploying to Keycloak Container

  1. Move the built JAR file to Keycloak's directory /opt/keycloak/providers.

How to use

Use algorithm ssha when importing users through JSON. Below an example with

  • rawPassword: Hello123
  • hash: 81559ae5f35fa393f804f1ad89a199dd4a4912b5
  • salt 765a7f0e9daff310 (base64-encoded: NzY1YTdmMGU5ZGFmZjMxMA==)

JSON:

{
  "realm": "master",
  "users": [
    {
      "username": "user1",
      "enabled": true,
      "totp": false,
      "emailVerified": true,
      "firstName": "user1",
      "lastName": "user1",
      "email": "[email protected]",
      "credentials": [
        {
          "algorithm": "ssha",
          "hashedSaltedValue": "81559ae5f35fa393f804f1ad89a199dd4a4912b5",
          "salt": "NzY1YTdmMGU5ZGFmZjMxMA==",
          "hashIterations": 0,
          "type": "password"
        }
      ],
      "disableableCredentialTypes": [],
      "requiredActions": [],
      "realmRoles": [
        "offline_access",
        "uma_authorization"
      ],
      "clientRoles": {
        "account": [
          "manage-account",
          "view-profile"
        ]
      }
    }
  ]
}

About

Add {SSHA} hashing OpenLDAP support to Keycloak. i.e. you're migrating to Keycloak and need to import legacy passwords stored as SHA-1 salted hashes in OpenLDAP.

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages