Reputation: 296
keycloak - how to get current user password or store encrypted data?
The java ee application (deployed to wildfly) stores sensitive data like access keys, etc. for different users in a DB. In order to decrypt these data - it needs a master password associated with the current user. A password entered when the user logs in to application is used for this.
Now I'm considering a possibility of using keycloak to secure this application. But it looks like there's no way to obtain a password for a currently logged in user with keycloak (as it operates with tokens)? Asking user to enter the password again in the application is not an option.
The question is - is it possible to configure keycloak to provide a constant (secret) value in a token for a current user which will not be stored unencrypted in the keycloak db?
Upvotes: 3
Views: 9895
Answers (1)
Reputation: 296
It looks like it is possible to get hold of the password or the data derived from it using the custom Authenticator API. I am not 100% sure that it works but it seems to be a possible answer.
Upvotes: 0
Related Questions
- Keycloak endpoints for user registration, password reset, forgot password etc
- Secure WebApp in Wildfly 25 using OpenID Connect (OIDC) without installing a Keycloak client adapter
- in keycloak how to change the password of an authenticated user
- Keycloak JavaScript API to get current logged in user
- Obtain Keycloak access token from trusted client without user password
- Keycloak: Update user password in AngularJS application
- Keycloak modify registration data