Hello,
We are currently in the process of moving from Keycloak to Auth0 and we are having issues trying to migrate users using the User Import / Export Extension, as we want users to retain their old passwords. We want the migration process to be as seamless as possible.
Our Keycloak hashed passwords are encrypted using pbkdf2-sha256 with 27500 hash iterations.
According to the User JSON schema there is no field were we can configure the number of hash iterations under the “custom_password_hash”.
For reference, the Keycloak user has this set as credentials (real values obfuscated):
"secretData" : "{\"value\":\"hashedPassword==\",\"salt\":\"someSalt==\"}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}"
If I try to adapt that in to a JSON file to use to import, I get an error saying “Additional properties not allowed: salt”. I feel that since there is no field to insert the number of hash iterations, I might not be able to use that extension, but I might be missing something or someone might have some other alternative.
The JSON file I used to import the users looked something like this:
[
{
"email": "example@test.com",
"email_verified": true,
"name": "Imported User",
"custom_password_hash": {
"algorithm": "pbkdf2",
"hash": {
"value": "hashedPassword==",
"encoding": "utf8",
"digest": "sha256"
},
"salt": {
"value": "someSalt==",
"position": "suffix"
}
}
}
]
Thank you,
Francisco Araújo.