[keycloak-user] JBoss EAP/WildFly Adapter - JAAS Login Module for OTP

Marek Posolda mposolda at redhat.com
Tue Sep 3 03:21:23 EDT 2019 

I am not sure what exactly you want to achieve? Do you want:
a) SSO login, which means that your application will redirect to 
Keycloak and the login forms will be displayed by Keycloak?
b) Or do you want your application to "display" the login forms?

The Keycloak is SSO, so it is highly recommended to use the use-case 
(a). In that case, you need to change the "auth-method" to KEYCLOAK as 
you pointed (in case that your application is deployed on Wildfly 
server). It is recommended to try some Keycloak quickstarts. Once your 
application redirects to Keycloak, you can just configure OTP 
authenticator on the Keycloak side and you don't need to configure 
anything more on your application side. The used authenticators and 
authentication mechanisms will be completely controlled by Keycloak.

Marek

On 02. 09. 19 16:12, R M wrote:
> Hi
>
> According to the Security APP Documentation , I can provide an adapter
> config file in WAR and change the auth-method to KEYCLOAK within web.xml.
> Alternatively, I don’t have to modify  WAR at all and I can secure it via
> the Keycloak adapter subsystem configuration in the configuration file,
> such as standalone.xml
>
> But my app have a FORM Login Authentication mechanism: in web.xml I have so
>
>    <login-config>
>      <auth-method>FORM</auth-method>
>      <realm-name></realm-name>
>      <form-login-config>
>        <form-login-page>/Login.jsp</form-login-page>
>        <form-error-page>/LoginError.jsp</form-error-page>
>      </form-login-config>
>    </login-config>
>
> and accoding to this the Login.jsp is submitting value to the
> "j_security_check"
>
> I want continue to use this but I want KEYCLOAK take control to check
> credentials (and manage the OTP)
>
> It is not clear (not able to found) if there is some "standard" adapater or
> login module available and the "name" to give to the OTP field in the login
> form
>
> e.g. using PicketBox
> https://developer.jboss.org/wiki/OTPIntegrationWithJBossApplicationServer
>
> but now PicketLink and Keycloak projects are merged and I want to use a
> similar way using OTP and the Keycloak server
>
> So I'm looking for the Keycloak replacement of JBossTimeBasedOTPLoginModule
> (and related setup)
>
>   <login-module
> code="org.jboss.security.auth.spi.otp.JBossTimeBasedOTPLoginModule" />
>
>
> Do you have any idea?
> Thanks
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list