1 Reply Latest reply on Dec 17, 2014 3:54 AM by franco80

    PIcketLink 2.7 DatabaseServerLoginModule and Wildfly

    franco80 Novice

      Hello all


      I started to work with the PicketLink and I have a question. Is it possible to get the password salt via DatabaseServerLoginModule or this is not the best way to get it ?


      Part of configuration from standalone.xml file:

      <security-domain name="idp" cache-type="default">


                              <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

                                  <module-option name="dsJndiName" value="java:jboss/datasources/SOME_DS"/>

                                  <module-option name="principalsQuery" value="SELECT pct.passwordEncodedHash as password FROM ..."/>

                                  <module-option name="rolesQuery" value="SELECT r.name as Role, 'Roles' as RoleGroup FROM ..."/>

                                  <module-option name="hashAlgorithm" value="SHA-512"/>

                                  <module-option name="hashEncoding" value="BASE64"/>

                                  <module-option name="hashStorePassword" value="false"/>

                                  <module-option name="hashCharset" value="UTF-8"/>

                                  <module-option name="hashUserPassword" value="true"/>

                                  <module-option name="ignorePasswordCase" value="false"/>

                                  <module-option name="passwordIsA1Hash" value="false"/>





      I have two example projects:

      1) picketlink-federation-saml-idp-basic

      2) picketlink-federation-saml-sp-post-basic


      After integration this two projects problem is when I try to compare entered password with the password from above configuration becouse entered password is without the salt (can be hashed only). I used a jsp page (form with j_security_check). Default configuration for IDP (eg: picketlink-authorization-idm-jpa) has default values: SHA-512 with salt and I try to match both parameters from projects: federation project with jpa project (picketlink-authorization-idm-jpa). Ofcourse I need to use salt in my project also.


      Any ideas ?