Import existing users with Argon2 hashes

By: Maarten Vergouwe user 21 Jan 2021 at 1:17 p.m. CST

4 Responses
Maarten Vergouwe gravatar
We would like to look at Gluu for an alternative to our currently custom authentication module. We have a database with email addresses and argon2 hashes for passwords. I can find little information on importing users, let alone if they have argon2 hashed passwords. Is it possible to migrate our users without them having to request a new password? I was thinking of implementing a password conversion function in our current authentication server so that users who login successfully will have their passwords stored with the Gluu compatible hashing/encryption algorithm. But I cannot find the documentation on which type encryption/hashing is used. Can someone point me in the right direction?
Gluu 4.2.1 Docker 1.0
closed

Answers

By Michael Schwartz Account Admin 25 Jan 2021 at 9:47 p.m. CST

Copy
Michael Schwartz gravatar
If you are using LDAP as a database, the hashing algorithm is configured in OpenDJ. It does not support argon2. You can use a person authentication script to validate against your old database, and then write the password to ldap. I would suggest front ending your old database with an API, because you don't want to make a stateful database connection from a Gluu interception script. There is also a way to implement custom password hashes in the persistence interception script. But it wouldn't be my first choice for the simlest solution.

By Maarten Vergouwe user 26 Jan 2021 at 3:48 a.m. CST

Copy
Maarten Vergouwe gravatar
I thought as much. We have an API on top of our database, so that's not going to be very difficult I guess. One last question, though: What if we want to use a Couchbase backend? What is the password hashing scheme then? If you could point me to the right direction in the Gluu source code, I will be able to interpret quite a number of things.

By Yuriy Movchan staff 08 Feb 2021 at 10:19 a.m. CST

Copy
Yuriy Movchan gravatar
[Here](https://github.com/GluuFederation/oxCore/blob/master/persistence-core/src/main/java/org/gluu/persist/operation/auth/PasswordEncryptionMethod.java#L11) is list of hashing methods which we support in CB by default. Gluu also supports custom hashing algorithms. To add them support you need to implement Persistence extension script. [Here](https://github.com/GluuFederation/community-edition-setup/blob/version_4.2.3/static/extension/persistence_extension/SampleScript.py) is example

By Mobarak Hosen Shakil staff 15 Feb 2021 at 8:55 a.m. CST

Copy
Mobarak Hosen Shakil gravatar
Closed due to inactivity, please reopen if required. Thanks & Regards ~ Shakil

Post an answer