[keycloak-dev] BeerCloak: a comprehensive KeyCloak extension example
Thomas Darimont
thomas.darimont at googlemail.com
Mon Oct 31 10:48:44 EDT 2016
Hello Dmitry,
this is so cool! Just what I needed :)
Thank you very much!
Cheers,
Thomas
2016-10-31 13:44 GMT+01:00 Dmitry Telegin <mitya at cargosoft.ru>:
> Hi,
>
> For a while, I've been working on a complex KeyCloak extension (for
> those interested - it adds support for hardware OTP generators with
> lifecycle management, provisioning etc.)
>
> In the course of my work, I have developed some techniques not
> documented elsewhere that I'd like to share. The main focus is creating
> custom realm admin resources (even not yet having an official admin
> resource SPI). However, this could also serve as a general-purpose
> example that combines several SPIs in a form of complete, ready-to-use
> extension.
>
> https://github.com/dteleguin/beercloak
>
> As the name suggests, the extension brings into KeyCloak... well, beer
> :) you can manage a list of beers, and even try to virtually "drink"
> some amount to know how drunk you will be.
>
> Humor aside, what's under the hood:
>
> * a JPA entity (using Entity SPI) and LiquiBase changelog;
> * a REST resource (using Realm Resource SPI) with CRUD operations and
> one special operation ("drink");
> * admin console GUI extensions (using theme mechanism) that work with
> REST resource.
>
> Now what makes it "admin resource":
>
> * new roles "view-beer" and "manage-beer" are automatically added to
> every existing and newly added realms, as well as included into the
> master "admin" role;
> * an AdminAuth instance is initialized and subsequently used to secure
> REST operations;
> * an AdminEventBuilder is initialized to be used for event logging.
>
> Future ideas include adding "Beer" tab for users, where the favorite
> beer kind could be chosen; this would be to demonstrate many-to-one and
> many-to-one relationships between system entities and custom entities.
> This could be later used to create a "secret question"-like
> authenticator that would ask a user to enter his/her correct beer
> preference.
>
> If there is demand, I think I could turn this example into a complete
> tutorial and maybe publish it on GitBooks. Let me know what you think.
>
> Cheers, Dmitry
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list