[keycloak-user] Dynamically branded login?

Dmitry Telegin dt at acutus.pro
Tue Jul 31 00:25:48 EDT 2018 

Hi Craig, sorry for late response,

On Thu, 2018-07-12 at 06:08 -0500, Craig Setera wrote:
> We build and host a multitenant application that is currently using
> homegrown authentication and authorization (using Picketlink).  We are
> considering a move to Keycloak.  My preference would be to use the login
> flows that are built in to Keycloak rather than building our own, however
> that is dependent on whether we can properly brand those login flows on a
> per-customer basis in some dynamic way.

In Keycloak parlance, the term "login flow" has a very particular
meaning. Basically, it's what you see in the Authentication section in
the Admin Console. It defines how authentication *works* rather than
how it *looks like* (i.e. logic rather than appearance).

Do you really mean "login flows"? From the second part of your message
I can deduce you're mainly interested in customizing the GUI.

> In looking at the theme SPI support, it appears to be mostly targeted to
> supporting mulitple "static" themes.  Is it possible to make a theme that
> is dynamic based on, for example, a query parameter?

By default, Keycloak uses FreeMarker templates for login screens. In
the templates, the URL object is exposed as ${url}, so you can analyze
it and add conditional statements. If you're ok with that, probably you
won't need to implement any SPIs.

Otherwise, you can either implement custom theme selection logic based
on request parameters (Theme Selector SPI), or completely redefine
theming mechanism (Theme SPI).

>    Are there any
> examples anywhere on how that might be possible?  

Well, builtin Keycloak themes are the best example IMO :) you can find
the default login theme under
themes/src/main/resources/theme/base/login in the source tree.

> Would Keycloak carry
> through query parameters if they were provided when launching the login
> flow?

It's best to create a custom theme and see :)

Good luck!
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

> 
> Thanks,
> Craig
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list