KC 9.0.0 compatibility?

Question

KC 9.0.0 compatibility?

Closed this issue 5 years ago · 6 comments

Hi,
I made an attempt to use argon2 in Keycloak v9 -- I think I am missing something here, because Keycloak complains the Password Hashing Provider "argon2" is not found.

Here is my Dockerfile - I'd appreciate your help.

Answer 1 · 2020-02-21T14:39:38.000Z

Hi @iilei ,

I was working on bumping to 9.0.0, just had to perform some additional testing.

However, it could also be a missing system dependency; you may need to install argon2 package:

microdnf install argon2;

I'm not sure whether it's in the repositories of the jboss/keycloak container, you might need to check that.

Answer 2 · 2020-02-21T15:16:26.000Z

Thank you for the swift response - I updated the Dockerfile so argon2 is available on he command line.

I'll proceed with my experiments once you released v9. Thanks :)

Answer 3 · 2020-02-21T22:14:01.000Z

@iilei just updated to support Keycloak 9.0.0 as well.

Tested your Dockerfile, but noticed the provider was not loaded. I manually moved it to ./standalone/deployments (hot-deployment) and that worked. So you could either move it there, or open a PR to make it load via "providers" as well, I haven't tested that myself yet.

Answer 4 · 2020-02-22T07:04:00.000Z

So is the Readme outdated on that matter?

... create the directory in ./modules/:
mkdir -p ./modules/system/layers/custom
Now simply copy the 2 jboss modules folders into the custom directory in Keycloak modules.

Regarding the PR to make it load via "providers" as well – once I managed that, I'll happily do so. Might take a while though.

Answer 5 · 2020-02-22T09:42:23.000Z

@iilei README was not very clear, I improved the installation instructions.

The provider itself should be dropped in ./standalone/deployments/ directory such that it can be deployed by the Keycloak Deployer (see README).

But you'd still need to modify your Dockerfile:

RUN echo "layers=keycloak,custom" >| /opt/jboss/keycloak/modules/layers.conf && \
    mkdir -p /opt/jboss/keycloak/modules/system/layers/custom && \
    cp -R  /usr/src/${HASH_PROVIDER_NAME}-${HASH_PROVIDER_REF}/target/jboss-modules/de /usr/src/${HASH_PROVIDER_NAME}-${HASH_PROVIDER_REF}/target/jboss-modules/net /opt/jboss/keycloak/modules/system/layers/custom/ && \
    cp -r /usr/src/${HASH_PROVIDER_NAME}-${HASH_PROVIDER_REF}/target/argon2-password-hash-provider-${HASH_PROVIDER_REF}.jar /opt/jboss/keycloak/standalone/deployments/

Noticed that the artifact name is different from the repository name, which may cause problems so I'll rename the repository such that it reflects the artifact name, which is cleaner IMO.

Answer 6 · 2020-02-23T07:33:26.000Z

@dreezey thank's a bunch, now I got it running.

☝️🎩