[keycloak-user] IP Address based default user

Jess Sightler jsightle at redhat.com
Tue Sep 13 10:48:59 EDT 2016


Well, this be insecurity by design. :) Basically we would like to turn 
off security completely in some cases for local installations, but this 
brings a lot of deployment related considerations (multiple descriptors, 
conditional logic around the logged in user, etc).

An authenticator that is essentially just a bypass would accomplish the 
same thing without the additional complexity. It would be similar to a 
default "unauthenticatedIdentity", except with a default role as well.


On 09/13/2016 05:01 AM, Stian Thorgersen wrote:
> No there isn't anything like that. Sounds like a potential hackers 
> heaven as well.
>
> Assuming you've got the idea from WildFly. WildFly can do that by 
> writing to a local file to make sure the user is indeed on the local 
> machine. That doens't work in a web based flow unless you can find a 
> way to "share" a file between the Keycloak server and the browser.
>
> On 12 September 2016 at 17:17, Jess Sightler <jsightle at redhat.com 
> <mailto:jsightle at redhat.com>> wrote:
>
>     Is there a builtin authenticator that can provide a default user
>     account
>     based upon some criteria? For example, could we provide a default user
>     if the client is connecting to localhost?
>
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>     <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160913/aa4f762e/attachment.html 


More information about the keycloak-user mailing list