Hello,
I am trying to set up a CAS server authenticating user based on a database with a very specific structure/content.
User password are stored in a very specific way. Two columns: user (username), pwd (encrypted-hashed password).
Encrypted-hashed password means :
Plain pwd -> BCrypt-hashed with a random-generated salt and 12 iterations -> AES-Encrypted with a static known key
In a nutshell : Crypto.encryptAES(BCrypt.hash(pwd, BCrypt.gensalt(12)), myStaticKey)
I test user authentication with BCrypt.checkpw(passwordToCheck, Crypto.decryptAES(retrievedStoredPwd, myStaticKey)) === true
Where should I start to have it working with CAS Server // Spring ?
Thanks for your hints !!
Karim