Hi Cas Community, I am trying to setup a cas server with query and encode database authentication handler. In the current application, the encrypted password is calculated with 20 runs of SHA-512 with an APPENDED salt. However since this encoding is delegated to Apache Shiro's DefaultHashService, it is not possible to change this hashing behavior.
This exact problem was already expected as stated in the header of the QueryAndEncodeDatabaseAuthenticationHandler class <https://github.com/apereo/cas/blob/master/support/cas-server-support-jdbc-authentication/src/main/java/org/apereo/cas/adaptors/jdbc/QueryAndEncodeDatabaseAuthenticationHandler.java#L34>. It states: If the hashing behavior and/or configuration of private and public salts > does nto meet your needs, a extension can be developed to specify > alternative methods of encoding and digestion of the encoded password. So this is exactly what I want to achieve, however, what I can understand from the source code it is not possible to dynamically set the extension. It is hardcoded here <https://github.com/apereo/cas/blob/master/support/cas-server-support-jdbc-authentication/src/main/java/org/apereo/cas/adaptors/jdbc/QueryAndEncodeDatabaseAuthenticationHandler.java#L168> . What I understand from the rest of the source code is that you need to create a bean to resolve the requested hash service into an actual class. But before I dive into java programming I wanted to hear your opinions, maybe I am missing something completely here. Thanks! -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/657d3c0b-7fc0-4f79-aa59-819abe46c530%40apereo.org.
