[keycloak-user] Authenticating non-interactive users

Stian Thorgersen stian at redhat.com
Mon Oct 13 02:55:39 EDT 2014


In the future we'll add better support for non-human users, by adding better authentication mechanisms such as JWT and Cert. Quite likely we'll also add a separate account type (a non-human wants permitted IP addresses, not a first name).

However, for now you're limited to creating a standard user account for this purpose. I recommend you create a separate account with a random longish password that can be shared between the nodes. I certainly wouldn't use the admin account.

----- Original Message -----
> From: "Juraci Paixão Kröhling" <juraci at kroehling.de>
> To: keycloak-user at lists.jboss.org
> Sent: Saturday, 11 October, 2014 9:38:57 AM
> Subject: Re: [keycloak-user] Authenticating non-interactive users
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> On 10/10/2014 07:29 PM, Bill Burke wrote:
> > We have a Direct grant REST API to obtain access/refresh token.
> > You have to enable it in the admin console.  Docs here:
> 
> That would require to store the admin's plain text password somewhere
> (or create an user for each node), right? If so, that's a no-go :-)
> 
> - - Juca.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQEcBAEBCgAGBQJUON6RAAoJEDnJtskdmzLMfv4H/0dE8tW6RipFSIwqZuwbnKrc
> cThrFv45G8fIqBSaYxz/tszsYB+lsQHzZ+xVeAJsjvJrDXHwNCjh8TIIOdfSCgLF
> ZTdRIO4pgjhgorD484uuIi+sNnEZ5BBPraWsymxZrs8L6lmkOVNfRDmLqTJ3LTFl
> AhBepJoLR6h7LJnFELDsvRFHYOun70tU3uGHBFczcBY0RKELI3X6czjQ2m16pJCC
> QggbYG5OE/OQZ+HRyCp897fHSAj2XkvUcVnDyQpn6p3gtufF98QDUoUhWlrwV2Wp
> A3W6mRZBoJ6L4hBf//Xh9Hlwl7G2qsQgXJjOHv0mNW1c0KZZBXCdWc233h3elmg=
> =j4RQ
> -----END PGP SIGNATURE-----
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> 



More information about the keycloak-user mailing list