[keycloak-user] Authenticate user without using login page

Rodrigo Sasaki rodrigopsasaki at gmail.com
Thu Jul 24 13:13:17 EDT 2014 

Sorry to keep insisting on this, but since it's being a huge showstopper so
far, I just have to ask.

If I don't mind trading off SSO and all the other benefits that the
Keycloak login page provides me, would there be a way for me to do what I
want?


On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen <stian at redhat.com> wrote:

> We could add support for login_hint query param so you can have the
> username/email field on the login form pre-filled for the user, so once a
> user has to authenticate you redirect to login on KC and all they would
> have to do is enter their password.
>
> If you bypass the login forms you'd loose SSO, multi-factor support,
> required actions, recover password, etc, etc, etc..
>
> As Bill mentioned we provide very flexible login forms that can be
> templated using either just css or even FreeMarker templates if you need a
> lot of customization, so you should be able to make the login form
> integrate well with your website.
>
> ----- Original Message -----
> > From: "Rodrigo Sasaki" <rodrigopsasaki at gmail.com>
> > To: "Bill Burke" <bburke at redhat.com>
> > Cc: keycloak-user at lists.jboss.org
> > Sent: Thursday, 17 July, 2014 6:52:08 PM
> > Subject: Re: [keycloak-user] Authenticate user without using login page
> >
> > You think there could be a way to do this within keycloak itself?
> >
> >
> > On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki <
> rodrigopsasaki at gmail.com >
> > wrote:
> >
> >
> >
> > I'll give you an example:
> >
> > We have a situation in our website where we only ask for the user's
> e-mail,
> > and he can go on with the flow.
> >
> > On a determined step of the flow, if we identify that this is an e-mail
> that
> > we already have in our user database, we ask him for his password,
> > authenticate him, and let him go on, if this e-mail is new, we redirect
> him
> > to a page where he can register himself, and after that continue on.
> >
> > On this specific case and others, we wouldn't like to have to redirect
> him to
> > keycloak, because that would interrupt the flow that we designed.
> >
> >
> > On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < bburke at redhat.com > wrote:
> >
> >
> > http://docs.jboss.org/ keycloak/docs/1.0-beta-3/
> > userguide/html/direct-access- grants.html
> >
> > If you have to do it this way, please let us know why. Maybe we can
> solve the
> > issue within keycloak itself.
> >
> >
> > On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote:
> >
> >
> >
> > Just for the sake of conversation, if I did want to handle my own login
> > page, would there be a way for me to do it?
> >
> >
> > On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki
> > < rodrigopsasaki at gmail.com <mailto: rodrigopsasaki at gmail. com >> wrote:
> >
> > I don't want to miss out on all of that, which is why we're mostly
> > migrating everything to use keycloak that way.
> >
> > It's just that we have cases that are so specific, that it would be
> > better to authenticate the user in a different manner, create the
> > user session and everything, without redirecting.
> >
> > I'll have a look at that code. Thanks!
> >
> >
> > On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < bburke at redhat.com
> > <mailto: bburke at redhat.com >> wrote:
> >
> > If you want to handle your own login pages, IMO, you are missing
> > out on
> > a lot of Keycloak features. Specifically:
> >
> > * SSO
> > * forgot password
> > * admin forced credential reset/setup
> >
> >
> > Login pages can be styled however you like to look like your
> > application.
> >
> > There is a REST api for obtaining an access token. Here is an
> > example:
> >
> > https://github.com/keycloak/ keycloak/blob/master/examples/
> > demo-template/admin-access- app/src/main/java/org/
> > keycloak/example/AdminClient. java
> >
> > On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote:
> > > Is there a way to authenticate the user without having to
> > input username
> > > and password on the login page?
> > >
> > > For example:
> > >
> > > Say there's a situation in my application where I request the
> > user for
> > > his username and password, and I wouldn't like to redirect
> > that to the
> > > keycloak login page to authenticate him, would there be a way
> > for me to
> > > do that?
> > >
> > > --
> > > Rodrigo Sasaki
> > >
> > >
> > > ______________________________ _________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > <mailto: keycloak-user at lists. jboss.org >
> >
> > > https://lists.jboss.org/ mailman/listinfo/keycloak-user
> > >
> >
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> > http://bill.burkecentral.com
> > ______________________________ _________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org <mailto: keycloak-user at lists. jboss.org >
> >
> > https://lists.jboss.org/ mailman/listinfo/keycloak-user
> >
> >
> >
> >
> > --
> > Rodrigo Sasaki
> >
> >
> >
> >
> > --
> > Rodrigo Sasaki
> >
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> > http://bill.burkecentral.com
> >
> >
> >
> > --
> > Rodrigo Sasaki
> >
> >
> >
> > --
> > Rodrigo Sasaki
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>



-- 
Rodrigo Sasaki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140724/68428992/attachment.html

More information about the keycloak-user mailing list