Details
diff --git a/docbook/auth-server-docs/reference/en/en-US/modules/MigrationFromOlderVersions.xml b/docbook/auth-server-docs/reference/en/en-US/modules/MigrationFromOlderVersions.xml
index f77a6bd..06445e8 100755
--- a/docbook/auth-server-docs/reference/en/en-US/modules/MigrationFromOlderVersions.xml
+++ b/docbook/auth-server-docs/reference/en/en-US/modules/MigrationFromOlderVersions.xml
@@ -98,6 +98,17 @@
<title>Version specific migration</title>
<section>
+ <title>Migrating to 1.9.5</title>
+ <simplesect>
+ <title>Default password hashing interval increased to 20K</title>
+ <para>
+ The default password hashing interval for new realms is increased to 20K (from 1 previously). This will have a significant performance
+ when users login.
+ </para>
+ </simplesect>
+ </section>
+
+ <section>
<title>Migrating to 1.9.3</title>
<simplesect>
<title>Add User script renamed</title>
diff --git a/services/src/main/java/org/keycloak/services/managers/RealmManager.java b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
index c9a3b1e..4ff5588 100755
--- a/services/src/main/java/org/keycloak/services/managers/RealmManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/RealmManager.java
@@ -18,6 +18,7 @@ package org.keycloak.services.managers;
import org.keycloak.Config;
import org.keycloak.common.enums.SslRequired;
+import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.session.UserSessionPersisterProvider;
import org.keycloak.models.utils.RealmImporter;
import org.keycloak.models.AccountRoles;
@@ -218,6 +219,8 @@ public class RealmManager implements RealmImporter {
realm.setOTPPolicy(OTPPolicy.DEFAULT_POLICY);
realm.setEventsListeners(Collections.singleton("jboss-logging"));
+
+ realm.setPasswordPolicy(new PasswordPolicy("hashIterations(20000)"));
}
public boolean removeRealm(RealmModel realm) {
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AdapterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AdapterTest.java
index 869b3ff..27b550a 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AdapterTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/model/AdapterTest.java
@@ -163,7 +163,7 @@ public class AdapterTest extends AbstractModelTest {
user.updateCredential(cred);
Assert.assertTrue(userProvider.validCredentials(session, realmModel, user, UserCredentialModel.password("geheim")));
List<UserCredentialValueModel> creds = user.getCredentialsDirectly();
- Assert.assertEquals(creds.get(0).getHashIterations(), 1);
+ Assert.assertEquals(creds.get(0).getHashIterations(), 20000);
realmModel.setPasswordPolicy(new PasswordPolicy("hashIterations(200)"));
Assert.assertTrue(userProvider.validCredentials(session, realmModel, user, UserCredentialModel.password("geheim")));
creds = user.getCredentialsDirectly();
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
index 5aa88e5..ca5429c 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/realm/RealmTest.java
@@ -133,6 +133,26 @@ public class RealmTest extends AbstractAdminTest {
}
@Test
+ public void createRealmCheckDefaultPasswordPolicy() {
+ RealmRepresentation rep = new RealmRepresentation();
+ rep.setRealm("new-realm");
+
+ adminClient.realms().create(rep);
+
+ assertEquals("hashIterations(20000)", adminClient.realm("new-realm").toRepresentation().getPasswordPolicy());
+
+ adminClient.realms().realm("new-realm").remove();
+
+ rep.setPasswordPolicy("length(8)");
+
+ adminClient.realms().create(rep);
+
+ assertEquals("length(8)", adminClient.realm("new-realm").toRepresentation().getPasswordPolicy());
+
+ adminClient.realms().realm("new-realm").remove();
+ }
+
+ @Test
public void createRealmFromJson() {
RealmRepresentation rep = loadJson(getClass().getResourceAsStream("/admin-test/testrealm.json"), RealmRepresentation.class);
adminClient.realms().create(rep);
