PIcketLink 2.7 DatabaseServerLoginModule and Wildfly
franco80 Dec 15, 2014 2:00 PMHello all
I started to work with the PicketLink and I have a question. Is it possible to get the password salt via DatabaseServerLoginModule or this is not the best way to get it ?
Part of configuration from standalone.xml file:
<security-domain name="idp" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/SOME_DS"/>
<module-option name="principalsQuery" value="SELECT pct.passwordEncodedHash as password FROM ..."/>
<module-option name="rolesQuery" value="SELECT r.name as Role, 'Roles' as RoleGroup FROM ..."/>
<module-option name="hashAlgorithm" value="SHA-512"/>
<module-option name="hashEncoding" value="BASE64"/>
<module-option name="hashStorePassword" value="false"/>
<module-option name="hashCharset" value="UTF-8"/>
<module-option name="hashUserPassword" value="true"/>
<module-option name="ignorePasswordCase" value="false"/>
<module-option name="passwordIsA1Hash" value="false"/>
</login-module>
</authentication>
</security-domain>
I have two example projects:
1) picketlink-federation-saml-idp-basic
2) picketlink-federation-saml-sp-post-basic
After integration this two projects problem is when I try to compare entered password with the password from above configuration becouse entered password is without the salt (can be hashed only). I used a jsp page (form with j_security_check). Default configuration for IDP (eg: picketlink-authorization-idm-jpa) has default values: SHA-512 with salt and I try to match both parameters from projects: federation project with jpa project (picketlink-authorization-idm-jpa). Ofcourse I need to use salt in my project also.
Any ideas ?