@Override public void setPasswordPolicy(PasswordPolicy policy) { this.passwordPolicy = policy; realm.setPasswordPolicy(policy.toString()); em.flush(); }
public static PasswordPolicy empty() { return new PasswordPolicy(null, new HashMap<>()); }
public static UserCredentialValueModel encode(KeycloakSession session, PasswordPolicy passwordPolicy, String rawPassword) { String algorithm = passwordPolicy.getHashAlgorithm(); int iterations = passwordPolicy.getHashIterations(); if (iterations < 1) { iterations = 1; } PasswordHashProvider provider = session.getProvider(PasswordHashProvider.class, passwordPolicy.getHashAlgorithm()); if (provider == null) { log.warnv("Could not find hash provider {0} from password policy, using default provider {1}", algorithm, Constants.DEFAULT_HASH_ALGORITHM); provider = session.getProvider(PasswordHashProvider.class, Constants.DEFAULT_HASH_ALGORITHM); } return provider.encode(rawPassword, iterations); }
public void updateCredential(RealmModel realm, UserModel user, UserCredentialModel credential) { if (credential.getType().equals(UserCredentialModel.PASSWORD)) { if (realm.getPasswordPolicy() != null) { PasswordPolicy.Error error = realm.getPasswordPolicy().validate(session, user, credential.getValue()); if (error != null) throw new ModelException(error.getMessage(), error.getParameters()); } } user.updateCredential(credential); }
private static int hashIterations(RealmModel realm) { PasswordPolicy policy = realm.getPasswordPolicy(); if (policy != null) { return policy.getHashIterations(); } return -1; }
public static boolean verify(KeycloakSession session, PasswordPolicy passwordPolicy, String password, UserCredentialValueModel credential) { String algorithm = credential.getAlgorithm() != null ? credential.getAlgorithm() : passwordPolicy.getHashAlgorithm(); PasswordHashProvider provider = session.getProvider(PasswordHashProvider.class, algorithm); if (provider == null) { log.warnv("Could not find hash provider {0} for password", algorithm); return false; } return provider.verify(password, credential); }
@Override public PasswordPolicy getPasswordPolicy() { if (passwordPolicy == null) { passwordPolicy = PasswordPolicy.parse(session, realm.getPasswordPolicy()); } return passwordPolicy; }
public String getHashAlgorithm() { if (policyConfig.containsKey(HASH_ALGORITHM_ID)) { return getPolicyConfig(HASH_ALGORITHM_ID); } else { return HASH_ALGORITHM_DEFAULT; } }
@Override public boolean updateCredential(RealmModel currentRealm, Map<String, String> config, String username, String password) throws AuthenticationProviderException { RealmModel realm = getRealm(currentRealm, config); // Validate password policy String error = realm.getPasswordPolicy().validate(password); if (error != null) { throw new AuthenticationProviderException(error); } UserModel user = realm.getUser(username); if (user == null) { logger.warnf("User '%s' doesn't exists. Skip password update", username); return false; } UserCredentialModel cred = new UserCredentialModel(); cred.setType(CredentialRepresentation.PASSWORD); cred.setValue(password); user.updateCredential(cred); return true; }
@Override public boolean policyCheck(PasswordPolicy policy, CredentialModel credential) { return credential.getHashIterations() == policy.getHashIterations() && providerId.equals(credential.getAlgorithm()); }
private Set<String> getPasswordHashAlgorithms() { Set<String> hashAlgos = new HashSet<>(); boolean enmasseRealmsFound = false; KeycloakSession keycloakSession = keycloakSessionFactory.create(); KeycloakTransactionManager transactionManager = keycloakSession.getTransactionManager(); transactionManager.begin(); try { List<RealmModel> realms = keycloakSession.realms().getRealms(); for(RealmModel realm : realms) { if(realm.getAttribute("enmasse-realm",Boolean.FALSE)) { enmasseRealmsFound = true; hashAlgos.add(realm.getPasswordPolicy().getHashAlgorithm()); } } } finally { transactionManager.commit(); keycloakSession.close(); } if(!enmasseRealmsFound) { LOG.warn("No realms with attribute \"enmasse-realm\" found, only universally accepted SASL mechanisms will be offered"); } return hashAlgos; }
@Override public PasswordPolicy getPasswordPolicy() { if (passwordPolicy == null) { passwordPolicy = PasswordPolicy.parse(session, realm.getPasswordPolicy()); } return passwordPolicy; }
public int getDaysToExpirePassword() { if (policyConfig.containsKey(FORCE_EXPIRED_ID)) { return getPolicyConfig(FORCE_EXPIRED_ID); } else { return -1; } }
@Override public void setPasswordPolicy(PasswordPolicy policy) { this.passwordPolicy = policy; realm.setPasswordPolicy(policy.toString()); updateRealm(); }
public PasswordPolicy build(KeycloakSession session) { Map<String, Object> config = new HashMap<>(); for (Map.Entry<String, String> e : map.entrySet()) { PasswordPolicyProvider provider = session.getProvider(PasswordPolicyProvider.class, e.getKey()); if (provider == null) { throw new PasswordPolicyConfigException("Password policy not found"); } Object o; try { o = provider.parseConfig(e.getValue()); } catch (PasswordPolicyConfigException ex) { throw new ModelException("Invalid config for " + e.getKey() + ": " + ex.getMessage()); } config.put(e.getKey(), o); } return new PasswordPolicy(this, config); }
public int getHashIterations() { if (policyConfig.containsKey(HASH_ITERATIONS_ID)) { return getPolicyConfig(HASH_ITERATIONS_ID); } else { return -1; } }
entity.setPasswordPolicy(realmModel.getPasswordPolicy().toString());
protected void importRealms(KeycloakSession keycloakSession, String fileName) { List<RealmEntity> realms = this.importReader.readEntities(fileName, RealmEntity.class); for (RealmEntity realmEntity : realms) { RealmModel realm = keycloakSession.createRealm(realmEntity.getId(), realmEntity.getName()); this.propertiesManager.setBasicPropertiesToModel(realm, realmEntity); Set<String> reqCredModels = new HashSet<String>(); for (RequiredCredentialEntity requiredCredEntity : realmEntity.getRequiredCredentials()) { reqCredModels.add(requiredCredEntity.getType()); } realm.updateRequiredCredentials(reqCredModels); // AdminApp and defaultRoles are set in step2 // password policy realm.setPasswordPolicy(new PasswordPolicy(realmEntity.getPasswordPolicy())); // authentication providers List<AuthenticationProviderModel> authProviderModels = new ArrayList<AuthenticationProviderModel>(); for (AuthenticationProviderEntity authProviderEntity : realmEntity.getAuthenticationProviders()) { AuthenticationProviderModel authProvider = new AuthenticationProviderModel(); this.propertiesManager.setBasicPropertiesToModel(authProvider, authProviderEntity); authProviderModels.add(authProvider); } realm.setAuthenticationProviders(authProviderModels); } logger.infof("Realms imported: " + realms); }
public int getExpiredPasswords() { if (policyConfig.containsKey(PASSWORD_HISTORY_ID)) { return getPolicyConfig(PASSWORD_HISTORY_ID); } else { return -1; } }
rep.setEmailTheme(realm.getEmailTheme()); if (realm.getPasswordPolicy() != null) { rep.setPasswordPolicy(realm.getPasswordPolicy().toString());