[keycloak-user] JBoss EAP/WildFly Adapter - JAAS Login Module for OTP
Marek Posolda
mposolda at redhat.com
Tue Sep 3 03:21:23 EDT 2019
I am not sure what exactly you want to achieve? Do you want:
a) SSO login, which means that your application will redirect to
Keycloak and the login forms will be displayed by Keycloak?
b) Or do you want your application to "display" the login forms?
The Keycloak is SSO, so it is highly recommended to use the use-case
(a). In that case, you need to change the "auth-method" to KEYCLOAK as
you pointed (in case that your application is deployed on Wildfly
server). It is recommended to try some Keycloak quickstarts. Once your
application redirects to Keycloak, you can just configure OTP
authenticator on the Keycloak side and you don't need to configure
anything more on your application side. The used authenticators and
authentication mechanisms will be completely controlled by Keycloak.
Marek
On 02. 09. 19 16:12, R M wrote:
> Hi
>
> According to the Security APP Documentation , I can provide an adapter
> config file in WAR and change the auth-method to KEYCLOAK within web.xml.
> Alternatively, I don’t have to modify WAR at all and I can secure it via
> the Keycloak adapter subsystem configuration in the configuration file,
> such as standalone.xml
>
> But my app have a FORM Login Authentication mechanism: in web.xml I have so
>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name></realm-name>
> <form-login-config>
> <form-login-page>/Login.jsp</form-login-page>
> <form-error-page>/LoginError.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> and accoding to this the Login.jsp is submitting value to the
> "j_security_check"
>
> I want continue to use this but I want KEYCLOAK take control to check
> credentials (and manage the OTP)
>
> It is not clear (not able to found) if there is some "standard" adapater or
> login module available and the "name" to give to the OTP field in the login
> form
>
> e.g. using PicketBox
> https://developer.jboss.org/wiki/OTPIntegrationWithJBossApplicationServer
>
> but now PicketLink and Keycloak projects are merged and I want to use a
> similar way using OTP and the Keycloak server
>
> So I'm looking for the Keycloak replacement of JBossTimeBasedOTPLoginModule
> (and related setup)
>
> <login-module
> code="org.jboss.security.auth.spi.otp.JBossTimeBasedOTPLoginModule" />
>
>
> Do you have any idea?
> Thanks
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list