[keycloak-dev] Script based Authenticators

Thomas Darimont thomas.darimont at googlemail.com
Tue Feb 9 17:48:26 EST 2016


Hello group,

I built a little prototype [0] for script based authenticators inspired by
a discussion on the keycloak-users mailing list -
think it was about post broker authentication checks, e.g. if the user has
an email address that belongs to the google apps domain...

I introduced a ScriptBasedAuthenticator that is bootstraped via a
ScriptBasedAuthenticatorFactory can be execute a configured script
via a JSR-223 ScriptEngine against a provided execution context.

I also added a new "script" value type for proper rendering in the UI as
well as an alias property
to the AuthFlowExecutionRepresentation in order to be able to differentiate
multiple instances of an Authenticator
within the same AuthFlow - this comes pretty close to having Auth0  like
scriptable rules in Keycloak.

For convenient editing I added the AngularJS bindings for the popular ACE
editor.

Looking forward to your thoughts :)

Cheers,
Thomas

[0]
https://github.com/thomasdarimont/keycloak/commit/3f39479e7fa0c75941cd524ba99de5c85db43b62
[1] https://auth0.com/docs/rules
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160209/9fbd7dba/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: keycloak-script-authenticator.png
Type: image/png
Size: 39402 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160209/9fbd7dba/attachment-0001.png 


More information about the keycloak-dev mailing list