I’ve been following through a discussion posted back in July '21 about migrating users from Keycloak to Auth0
User @thameera posted the solution and following it I’ve been able to export the users from Keycloak, and import them using the Management API
But! I cannot log in with any of the credentials
It seems to me that I have created a valid JSON structure, but I have not set the values correctly
Here’s an example of a user I get from Keycloak
{
"id" : "ac492a5c-df80-4012-b3c3-b2cd1dbc037c",
"createdTimestamp" : 1675074404666,
"username" : "the-user-1",
"enabled" : true,
"totp" : false,
"emailVerified" : false,
"firstName" : "User",
"lastName" : "One",
"email" : "the-user-1@sequencemedia.net",
"credentials" : [ {
"id" : "d6d16776-c2a3-458f-97b8-719cd07a2f97",
"type" : "password",
"userLabel" : "My password",
"createdDate" : 1675260278399,
"secretData" : "{\"value\":\"zC9qCa/0XjQOt/fy/XFZ69rvnw6w6hueI294PnqmPeKOeMH3Qr8S5RWhg1v+b60DhkcSlw1FKZWpgNjsQflxYA==\",\"salt\":\"9xdUcOPkoYYS/kr2URMArw==\",\"additionalParameters\":{}}",
"credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
} ],
"disableableCredentialTypes" : [ ],
"requiredActions" : [ ],
"realmRoles" : [ "default-roles-master" ],
"notBefore" : 0,
"groups" : [ ]
}
And here is the user transformed for Auth0
{
"email": "the-user-1@sequencemedia.net",
"email_verified": false,
"name": "User One",
"custom_password_hash": {
"algorithm": "pbkdf2",
"hash": {
"value": "$pbkdf2-sha256$i=27500,l=32$9xdUcOPkoYYS/kr2URMArw$zC9qCa/0XjQOt/fy/XFZ69rvnw6w6hueI294PnqmPeKOeMH3Qr8S5RWhg1v+b60DhkcSlw1FKZWpgNjsQflxYA"
}
}
}
I used the pattern provided by @thameera to produce the value
$pbkdf2-${digest}$i=${iterations},l=${keylen}$${b64Salt}$${hash}
I noticed that the salt value is named “b64Salt” but the hash only “hash”. I’ve assumed that they are both expected to be in base64
format – is this where I have borked?
This is a test-only local instance user so I’m happy to supply the actual credentials:
- Username
the-user-1@sequencemedia.net
- Password
$b!6A6t7M7URi.