<div dir="ltr">Sorry to keep insisting on this, but since it's being a huge showstopper so far, I just have to ask.<div><br></div><div>If I don't mind trading off SSO and all the other benefits that the Keycloak login page provides me, would there be a way for me to do what I want?</div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">We could add support for login_hint query param so you can have the username/email field on the login form pre-filled for the user, so once a user has to authenticate you redirect to login on KC and all they would have to do is enter their password.<br>
<br>
If you bypass the login forms you'd loose SSO, multi-factor support, required actions, recover password, etc, etc, etc..<br>
<br>
As Bill mentioned we provide very flexible login forms that can be templated using either just css or even FreeMarker templates if you need a lot of customization, so you should be able to make the login form integrate well with your website.<br>
<div><div class="h5"><br>
----- Original Message -----<br>
> From: "Rodrigo Sasaki" <<a href="mailto:rodrigopsasaki@gmail.com">rodrigopsasaki@gmail.com</a>><br>
> To: "Bill Burke" <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>><br>
> Cc: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> Sent: Thursday, 17 July, 2014 6:52:08 PM<br>
> Subject: Re: [keycloak-user] Authenticate user without using login page<br>
><br>
> You think there could be a way to do this within keycloak itself?<br>
><br>
><br>
> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < <a href="mailto:rodrigopsasaki@gmail.com">rodrigopsasaki@gmail.com</a> ><br>
> wrote:<br>
><br>
><br>
><br>
> I'll give you an example:<br>
><br>
> We have a situation in our website where we only ask for the user's e-mail,<br>
> and he can go on with the flow.<br>
><br>
> On a determined step of the flow, if we identify that this is an e-mail that<br>
> we already have in our user database, we ask him for his password,<br>
> authenticate him, and let him go on, if this e-mail is new, we redirect him<br>
> to a page where he can register himself, and after that continue on.<br>
><br>
> On this specific case and others, we wouldn't like to have to redirect him to<br>
> keycloak, because that would interrupt the flow that we designed.<br>
><br>
><br>
> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < <a href="mailto:bburke@redhat.com">bburke@redhat.com</a> > wrote:<br>
><br>
><br>
> <a href="http://docs.jboss.org/" target="_blank">http://docs.jboss.org/</a> keycloak/docs/1.0-beta-3/<br>
> userguide/html/direct-access- grants.html<br>
><br>
> If you have to do it this way, please let us know why. Maybe we can solve the<br>
> issue within keycloak itself.<br>
><br>
><br>
> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote:<br>
><br>
><br>
><br>
> Just for the sake of conversation, if I did want to handle my own login<br>
> page, would there be a way for me to do it?<br>
><br>
><br>
> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki<br>
</div></div><div><div class="h5">> < <a href="mailto:rodrigopsasaki@gmail.com">rodrigopsasaki@gmail.com</a> <mailto: rodrigopsasaki@gmail. com >> wrote:<br>
><br>
> I don't want to miss out on all of that, which is why we're mostly<br>
> migrating everything to use keycloak that way.<br>
><br>
> It's just that we have cases that are so specific, that it would be<br>
> better to authenticate the user in a different manner, create the<br>
> user session and everything, without redirecting.<br>
><br>
> I'll have a look at that code. Thanks!<br>
><br>
><br>
> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < <a href="mailto:bburke@redhat.com">bburke@redhat.com</a><br>
> <mailto: <a href="mailto:bburke@redhat.com">bburke@redhat.com</a> >> wrote:<br>
><br>
> If you want to handle your own login pages, IMO, you are missing<br>
> out on<br>
> a lot of Keycloak features. Specifically:<br>
><br>
> * SSO<br>
> * forgot password<br>
> * admin forced credential reset/setup<br>
><br>
><br>
> Login pages can be styled however you like to look like your<br>
> application.<br>
><br>
> There is a REST api for obtaining an access token. Here is an<br>
> example:<br>
><br>
> <a href="https://github.com/keycloak/" target="_blank">https://github.com/keycloak/</a> keycloak/blob/master/examples/<br>
> demo-template/admin-access- app/src/main/java/org/<br>
> keycloak/example/AdminClient. java<br>
><br>
> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote:<br>
> > Is there a way to authenticate the user without having to<br>
> input username<br>
> > and password on the login page?<br>
> ><br>
> > For example:<br>
> ><br>
> > Say there's a situation in my application where I request the<br>
> user for<br>
> > his username and password, and I wouldn't like to redirect<br>
> that to the<br>
> > keycloak login page to authenticate him, would there be a way<br>
> for me to<br>
> > do that?<br>
> ><br>
> > --<br>
> > Rodrigo Sasaki<br>
> ><br>
> ><br>
> > ______________________________ _________________<br>
> > keycloak-user mailing list<br>
> > <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <mailto: keycloak-user@lists. <a href="http://jboss.org" target="_blank">jboss.org</a> ><br>
><br>
> > <a href="https://lists.jboss.org/" target="_blank">https://lists.jboss.org/</a> mailman/listinfo/keycloak-user<br>
> ><br>
><br>
> --<br>
> Bill Burke<br>
> JBoss, a division of Red Hat<br>
> <a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
> ______________________________ _________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a> <mailto: keycloak-user@lists. <a href="http://jboss.org" target="_blank">jboss.org</a> ><br>
><br>
> <a href="https://lists.jboss.org/" target="_blank">https://lists.jboss.org/</a> mailman/listinfo/keycloak-user<br>
><br>
><br>
><br>
><br>
</div></div><div class="">> --<br>
> Rodrigo Sasaki<br>
><br>
><br>
><br>
><br>
> --<br>
> Rodrigo Sasaki<br>
><br>
> --<br>
> Bill Burke<br>
> JBoss, a division of Red Hat<br>
> <a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
><br>
><br>
><br>
> --<br>
> Rodrigo Sasaki<br>
><br>
><br>
><br>
> --<br>
> Rodrigo Sasaki<br>
><br>
</div><div class="">> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
</div>> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><font face="Times New Roman">Rodrigo Sasaki</font><div></div></div>
</div>