[keycloak-user] Dynamically branded login?

Dmitry Telegin dt at acutus.pro
Mon Oct 15 18:00:25 EDT 2018 

Craig, Will,

I've published a PoC: https://github.com/dteleguin/keycloak-dynamic-branding

It demonstrates how to push URI info to FTL context and utilize it inside login template. Feel free to ask me any questions on that.

Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

On Fri, 2018-10-12 at 09:46 -0500, Craig Setera wrote:
> The URL you call out is how I'm solving for this.  I'm hopeful to be able to do something similar for the account management pages as well, but I haven't tried that at all to this point.
> 
> I would love to see something more "official", but I understand if that isn't something easily handled in the core.
> 
> =================================
> Craig Setera
> Chief Technology Officer
> 
> 
> 
> 
> > On Fri, Oct 12, 2018 at 8:14 AM Dmitry Telegin <dt at acutus.pro> wrote:
> > Craig, Will,
> > 
> > Indeed, in the out-of-the-box configuration the URI info is not accessible in FTL templates. But I was able to provide it with the help of the custom LoginFormsProvider, which was trivial to implement.
> > Yep this adds another entity, but as long as you're deploying your custom theme as a module or via deployments dir (which is the recommended way), you should be ok with this, as theme+provider could be packaged as a single JAR.
> > 
> > Since it turns out to be kind of popular topic, I think I'll publish the PoC and maybe even write an article on that. In a few words, you extend FreeMarkerLoginFormsProvider and override createCommonAttributes(), where you can push any arbitrary data to the FTL context.
> > 
> > 2 Craig: is your use case similar to that of Will? I mean your URL is like this:
> > http://localhost:8080/auth/realms/default/protocol/openid-connect/auth?...&customvar=1
> > 
> > I'm asking because if you append a query param to your client URL, it won't be propagated to the Keycloak auth URL directly, but rather as a part of redirect_uri param (from where it can be parsed of course).
> > 
> > P.S. if anyone from the dev team reads this: do you think we can have this OOTB?
> > 
> > Cheers,
> > Dmitry Telegin
> > CTO, Acutus s.r.o.
> > Keycloak Consulting and Training
> > 
> > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> > +42 (022) 888-30-71
> > E-mail: info at acutus.pro
> > 
> > On Mon, 2018-10-08 at 10:04 -0500, Craig Setera wrote:
> > > Following up on this conversation.  I was unable to find a way to do this via the Freemarker templates unfortunately.  The templates are not receiving anything useful in determining the full path and query parameters.  The only approach that I've found to do what I need is to add a small Javascript snippet to my theme that is able to look at the query parameters and insert a new stylesheet reference into the code based on a query parameter.  Ugly, but seems effective assuming I can get my query parameter set in all of the URL's that matter.
> > > 
> > > =================================
> > > Craig Setera
> > > Chief Technology Officer
> > > 
> > > 
> > > 
> > > 
> > > > On Wed, Aug 29, 2018 at 9:36 AM Craig Setera <craig at baseventure.com> wrote:
> > > > Dmitry,
> > > > 
> > > > I've put Keycloak on the back burner for the moment.  I do intend to pick it back up toward the end of the year and I expect I will be digging into this heavily.  If I figure anything out, I will be sure to report back.
> > > > 
> > > > Craig
> > > > 
> > > > 
> > > > =================================
> > > > Craig Setera
> > > > Chief Technology Officer
> > > > 415-324-5861
> > > > craig at baseventure.com
> > > > 
> > > > 
> > > > 
> > > > 
> > > > > > On Wed, Aug 1, 2018 at 7:50 PM Dmitry Telegin <dt at acutus.pro> wrote:
> > > > > Craig, Will,
> > > > > 
> > > > > Sorry for having fooled you :-\ turns out that the ${url} object is actually not what it seems.
> > > > > 
> > > > > I'd suggest the following trick. Could someone please try dumping all the available FTL variables using the below approach?
> > > > > https://community.liferay.com/blogs/-/blogs/the-magic-template-variable-dumper-script-for-liferay-7
> > > > > 
> > > > > This is for Liferay, but I hope it works with Keycloak FTLs without any major modifications. So hopefully we can fish something useful out of there.
> > > > > 
> > > > > Cheers,
> > > > > Dmitry Telegin
> > > > > CTO, Acutus s.r.o.
> > > > > Keycloak Consulting and Training
> > > > > 
> > > > > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> > > > > +42 (022) 888-30-71
> > > > > E-mail: info at acutus.pro
> > > > > 
> > > > > On Tue, 2018-07-31 at 14:13 -0700, Will Lopez wrote:
> > > > > > Hi Dmitry,
> > > > > > 
> > > > > > I have a use case for this same need: conditionally rendering a block of HTML in in the login.ftl based on the value of a query string param.
> > > > > > 
> > > > > > I have an a question with more details here: https://stackoverflow.com/questions/51619158/keycloak-make-query-string-param-available-in-marker-freemarker-template?noredirect=1#comment90204334_51619158
> > > > > > 
> > > > > > I attempted to use ${ur} as you suggested, however it does not have a public method that provides the request url :( 
> > > > > > 
> > > > > > https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/forms/login/freemarker/model/UrlBean.java
> > > > > > 
> > > > > > I am missing something? Or is there any other way to access the login request url in login.ftl? 
> > > > > > 
> > > > > > Thanks, Will 
> > > > > > 
> > > > > > > > > On Jul 30, 2018, at 9:25 PM, Dmitry Telegin <dt at acutus.pro> wrote:
> > > > > > > 
> > > > > > > Hi Craig, sorry for late response,
> > > > > > > 
> > > > > > > On Thu, 2018-07-12 at 06:08 -0500, Craig Setera wrote:
> > > > > > > > We build and host a multitenant application that is currently using
> > > > > > > > homegrown authentication and authorization (using Picketlink).  We are
> > > > > > > > considering a move to Keycloak.  My preference would be to use the login
> > > > > > > > flows that are built in to Keycloak rather than building our own, however
> > > > > > > > that is dependent on whether we can properly brand those login flows on a
> > > > > > > > per-customer basis in some dynamic way.
> > > > > > > 
> > > > > > > In Keycloak parlance, the term "login flow" has a very particular
> > > > > > > meaning. Basically, it's what you see in the Authentication section in
> > > > > > > the Admin Console. It defines how authentication *works* rather than
> > > > > > > how it *looks like* (i.e. logic rather than appearance).
> > > > > > > 
> > > > > > > Do you really mean "login flows"? From the second part of your message
> > > > > > > I can deduce you're mainly interested in customizing the GUI.
> > > > > > > 
> > > > > > > > In looking at the theme SPI support, it appears to be mostly targeted to
> > > > > > > > supporting mulitple "static" themes.  Is it possible to make a theme that
> > > > > > > > is dynamic based on, for example, a query parameter?
> > > > > > > 
> > > > > > > By default, Keycloak uses FreeMarker templates for login screens. In
> > > > > > > the templates, the URL object is exposed as ${url}, so you can analyze
> > > > > > > it and add conditional statements. If you're ok with that, probably you
> > > > > > > won't need to implement any SPIs.
> > > > > > > 
> > > > > > > Otherwise, you can either implement custom theme selection logic based
> > > > > > > on request parameters (Theme Selector SPI), or completely redefine
> > > > > > > theming mechanism (Theme SPI).
> > > > > > > 
> > > > > > > >    Are there any
> > > > > > > > examples anywhere on how that might be possible?  
> > > > > > > 
> > > > > > > Well, builtin Keycloak themes are the best example IMO :) you can find
> > > > > > > the default login theme under
> > > > > > > themes/src/main/resources/theme/base/login in the source tree.
> > > > > > > 
> > > > > > > > Would Keycloak carry
> > > > > > > > through query parameters if they were provided when launching the login
> > > > > > > > flow?
> > > > > > > 
> > > > > > > It's best to create a custom theme and see :)
> > > > > > > 
> > > > > > > Good luck!
> > > > > > > Dmitry Telegin
> > > > > > > CTO, Acutus s.r.o.
> > > > > > > Keycloak Consulting and Training
> > > > > > > 
> > > > > > > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> > > > > > > +42 (022) 888-30-71
> > > > > > > E-mail: info at acutus.pro
> > > > > > > 
> > > > > > > > Thanks,
> > > > > > > > Craig
> > > > > > > > _______________________________________________
> > > > > > > > keycloak-user mailing list
> > > > > > > > keycloak-user at lists.jboss.org
> > > > > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > > > > _______________________________________________
> > > > > > > keycloak-user mailing list
> > > > > > > keycloak-user at lists.jboss.org
> > > > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > > > 
> > > > > > 
> > > > > 
> >

More information about the keycloak-user mailing list