Store password in Keycloak

Question

I have created a custom user storage provider which will migrate users from legacy system to keycloak's local storage on demand basis.

All the details of the migrated user is being stored in Keycloak except password.

userModel.setEmail(email);
userModel.setEnabled(isEnabled);
userModel.setEmailVerified(isEmailVerified);
userModel.setFirstName(firstName);
userModel.setLastName(lastName);

I am using the above code to store all the information of the user, but I didn't find any method/class in which stores the password.

Can anyone please help me with it?

P.S. I am using Keycloak-3.3.0-Final version.

Answer 1

Thanks to Boomer's answer I managed to make it work in my implementation where the isValid function - which sends the POST request to validate the password - needed to trigger the update of password in Keycloak database.

@Override
public boolean isValid(RealmModel realm, UserModel user, CredentialInput input) {
  if (!supportsCredentialType(input.getType()) || !(input instanceof UserCredentialModel)) return false;

  UserCredentialModel cred = (UserCredentialModel)input;
  // sending a POST request
  Response response = userService.validateLogin(user.getUsername(), new EventivalUserCredentialsDto(cred.getValue()));

  boolean isValid = HttpStatus.SC_OK == response.getStatus();

  if (isValid) {
    // save the password to local (keycloak's native) database
    session.userCredentialManager().updateCredential(realm, user, cred);
    // unset the federation link to never ask again - Import Implementation Strategy
    user.setFederationLink(null);
  }

  return isValid;
}

Answer 2

You can use

session.userCredentialManager().updateCredential(realm, user, UserCredentialModel.password(passwordNew, false));

where session is the current KeycloakSession which you have access to in your custom user storage provider.