[keycloak-dev] Authentication Provider chaining

Rashmi Singh singhrasster at gmail.com
Thu May 19 10:31:08 EDT 2016


Could someone please tell me if this is even possible? I do not want the
execution engines/authentication providers to be executed in a fixed order
defined in the admin console. But, need to be able to switch to any in the
chain depending on some response I get upon invoking an external service. I
needed to know if this is possible and if yes, then how? Any help would be
appreciated.

On Wed, May 18, 2016 at 4:21 PM, Rashmi Singh <singhrasster at gmail.com>
wrote:

> Thanks a lot for your response. I went through the chapter. What I
> understand is we can create multiple executions (authentication providers)
> but they are executed in a serial fashion in a fixed order defined. Is
> there a way to be able to switch between them (so, not have it executed in
> the default serial way but depending on the response we get from an
> external service we called, we can switch to the corresponding one). Any
> ideas?
>
> On Tue, May 17, 2016 at 3:49 AM, Marek Posolda <mposolda at redhat.com>
> wrote:
>
>> The docs is here :
>> http://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html
>>
>> We have also example for authentication SPI. Note that you can create
>> sub-flows in the "top" flow, which might be a way to split the
>> authenticator into multiple ones. For example see "Forms" flow in default
>> "Browser" flow. Also maybe you will need to implement some logic
>> programatically in your authenticators based on various conditions etc.
>> Depends on  the usecase though...
>>
>> Marek
>>
>>
>> On 16/05/16 23:52, Rashmi Singh wrote:
>>
>> Hi,
>>
>> I am looking for a way to do authentication provider chaining with
>> keycloak. Basically, I want to have multiple authentication providers,
>> example username, Suregrid etc. On submitting username, we call a service
>> and if that service tells us to use SureGrid, then we should be able to
>> pass control to the corresponding authentication provider. So basically, I
>> want to spilt one authentication provider into multiple and be able to
>> chain them based on the response from the service called. I have not found
>> any documentation that explains this. Could you suggest how to achieve this?
>>
>>
>>
>>
>>
>> _______________________________________________
>> keycloak-dev mailing listkeycloak-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160519/b9a2ea9a/attachment.html 


More information about the keycloak-dev mailing list