<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">On 11.12.2014 18:07, Ruben Lopez wrote:<br>
    </div>
    <blockquote
cite="mid:CA+L_nNh_C3c_fw_+jP8vhyVsMVt50AEYWDUVfdW2XZoytDXg_w@mail.gmail.com"
      type="cite">
      <div dir="ltr">I have a couple more questions.
        <div><br>
          <div>
            <div>1) Will you implement the features requested in
              KEYCLOAK-402 and KEYCLOAK-405? If so, when?</div>
          </div>
        </div>
      </div>
    </blockquote>
    Hard to say exactly, but looks that it will be quite soon as it is
    requirement from more people and potential customers . Hopefully in
    terms of weeks/months, but hard to promise exact date... I think it
    would require enhance our existing password policies, but those
    would be a bit harder to add than current simple policies as it will
    also require to store some info in database (like password
    expiration time and older passwords)<br>
    <blockquote
cite="mid:CA+L_nNh_C3c_fw_+jP8vhyVsMVt50AEYWDUVfdW2XZoytDXg_w@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>
          <div>
            <div>2) Are there any plans to support Integrated Windows
              Authentication?</div>
          </div>
        </div>
      </div>
    </blockquote>
    You mean login to KC when user is already logged in windows domain?
    Yes, we have plan for add Kerberos/spnego soon and I think that it
    should solve windows domain authentication too. Hopefully around
    January.<br>
    <br>
    Marek<br>
    <blockquote
cite="mid:CA+L_nNh_C3c_fw_+jP8vhyVsMVt50AEYWDUVfdW2XZoytDXg_w@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>
          <div>
            <div><br>
            </div>
            <div>Thanks :)</div>
            <div class="gmail_extra"><br>
              <div class="gmail_quote">2014-11-28 5:04 GMT-03:00 Stian
                Thorgersen <span dir="ltr">&lt;<a
                    moz-do-not-send="true"
                    href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>&gt;</span>:<br>
                <blockquote class="gmail_quote" style="margin:0px 0px
                  0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span
                    class=""><br>
                    <br>
                    ----- Original Message -----<br>
                    &gt; From: "Ruben Lopez" &lt;<a
                      moz-do-not-send="true"
                      href="mailto:rubenlop88@gmail.com">rubenlop88@gmail.com</a>&gt;<br>
                    &gt; To: "Marek Posolda" &lt;<a
                      moz-do-not-send="true"
                      href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>&gt;<br>
                    &gt; Cc: <a moz-do-not-send="true"
                      href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
                    &gt; Sent: Thursday, 27 November, 2014 5:37:45 PM<br>
                    &gt; Subject: Re: [keycloak-user] Questions about
                    keycloak<br>
                    &gt;<br>
                    &gt; Hi Marek,<br>
                    &gt;<br>
                    &gt; 2014-11-27 12:38 GMT-03:00 Marek Posolda &lt; <a
                      moz-do-not-send="true"
                      href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>
                    &gt; :<br>
                    &gt;<br>
                    &gt;<br>
                    &gt;<br>
                    &gt;<br>
                    &gt;<br>
                    &gt; 1 - Is there any way to obtain an access token
                    for an OAuth Client via Client<br>
                    &gt; Credentials[1]?<br>
                    &gt; You mean something like Service account like
                    this from OAuth2 specs<br>
                    &gt; <a moz-do-not-send="true"
                      href="http://tools.ietf.org/html/rfc6749#page-40"
                      target="_blank">http://tools.ietf.org/html/rfc6749#page-40</a>
                    ? We don't have that yet, but<br>
                    &gt; there are plans to support it afaik.<br>
                    &gt;<br>
                    &gt;<br>
                    &gt;<br>
                    &gt;<br>
                    &gt; Yes, I was talking about secction 4.4 Client
                    Credentials Grant. Any idea<br>
                    &gt; about when it will be implemented?<br>
                    <br>
                  </span>I can't give you and exact date, but it's
                  becoming more and more of a priority so should be
                  within a few months. We also plan to add cert based
                  authentication for clients.<br>
                  <br>
                  In the mean-time you can work-around this issue by
                  creating a user on behalf of the client and use
                  Resource Owner Password Credentials Grant (section
                  #4.3). Look at
                  'examples/preconfigured-demo/admin-access' in the
                  download for an example.<br>
                  <div class="">
                    <div class="h5"><br>
                      &gt;<br>
                      &gt;<br>
                      &gt;<br>
                      &gt;<br>
                      &gt;<br>
                      &gt;<br>
                      &gt; 2 - If we make a request to an Application
                      (Resource Server) with an access<br>
                      &gt; token and this Application needs to talk to
                      another protected Application to<br>
                      &gt; form the response to the client, how does the
                      first Application<br>
                      &gt; authenticates to the second Application? Does
                      Keycloak implements something<br>
                      &gt; like Chain Grant Type Profile[2]?<br>
                      &gt; yes, that is doable. We have an example where
                      we have frontend application<br>
                      &gt; like 'customer-portal', which is able to
                      retrieve accessToken from keycloak<br>
                      &gt; like here:<br>
                      &gt; <a moz-do-not-send="true"
href="https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L48"
                        target="_blank">https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L48</a><br>
                      &gt; and then use this accessToken to send request
                      to backend application<br>
                      &gt; 'database-service' in Authorization header<br>
                      &gt; <a moz-do-not-send="true"
href="https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L54"
                        target="_blank">https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L54</a><br>
                      &gt; . Database-service is then able to
                      authenticate the token.<br>
                      &gt;<br>
                      &gt; Currently our database-service is directly
                      serving requests and send back<br>
                      &gt; data, but it shouldn't be a problem to add
                      another application to the chain,<br>
                      &gt; so that database-service will send the token
                      again to another app like<br>
                      &gt; 'real-database-service', which will return
                      data and those data will be sent<br>
                      &gt; back to the original frontent requestor
                      (customer-portal). Is it something<br>
                      &gt; what you meant?<br>
                      &gt;<br>
                      &gt; Thats exactly what I meant. I will take a
                      look at the example.<br>
                      &gt;<br>
                      &gt; Thank you very much.<br>
                      &gt;<br>
                      &gt;<br>
                      &gt;<br>
                      &gt;<br>
                      &gt;<br>
                      &gt; Marek<br>
                      &gt;<br>
                      &gt;<br>
                      &gt;<br>
                      &gt;<br>
                      &gt; Thanks in advance.<br>
                      &gt;<br>
                      &gt;<br>
                      &gt;
                      _______________________________________________<br>
                      &gt; keycloak-user mailing list <a
                        moz-do-not-send="true"
                        href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
                      &gt; <a moz-do-not-send="true"
                        href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
                        target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
                      &gt;<br>
                      &gt;<br>
                      &gt;<br>
                      &gt;
                      _______________________________________________<br>
                      &gt; keycloak-user mailing list<br>
                      &gt; <a moz-do-not-send="true"
                        href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
                      &gt; <a moz-do-not-send="true"
                        href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
                        target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
                    </div>
                  </div>
                </blockquote>
              </div>
              <br>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
  </body>
</html>