<font face="arial" size="2"><p style="margin:0;padding:0;font-family: arial; font-size: 10pt; word-wrap: break-word;">Thanks again.</p>
<p style="margin:0;padding:0;font-family: arial; font-size: 10pt; word-wrap: break-word;">I need to go thru most documentation to get the hang of it. Will do.</p>
<p style="margin:0;padding:0;font-family: arial; font-size: 10pt; word-wrap: break-word;">I would love to contribute if u can get a php application in place, is it possible for you to direct me to documentation where there are hints regarding the adapter logic?</p>
<p style="margin:0;padding:0;font-family: arial; font-size: 10pt; word-wrap: break-word;"> </p>
<!--WM_COMPOSE_SIGNATURE_START-->
<p style="margin:0;padding:0;">Kalinga</p>
<!--WM_COMPOSE_SIGNATURE_END-->
<p style="margin:0;padding:0;font-family: arial; font-size: 10pt; word-wrap: break-word;"><br /><br />-----Original Message-----<br />From: "Stian Thorgersen" <stian@redhat.com><br />Sent: Tuesday, March 17, 2015 2:25pm<br />To: "Kalinga Dissanayake" <kalinga@leapset.com><br />Cc: "Bill Burke" <bburke@redhat.com>, keycloak-user@lists.jboss.org<br />Subject: Re: [keycloak-user] Customization of authentication mechanism and +<br /><br /></p>
<div id="SafeStyles1426583748"><br /><br />----- Original Message -----<br />> From: "Kalinga Dissanayake" <kalinga@leapset.com><br />> To: "Bill Burke" <bburke@redhat.com><br />> Cc: keycloak-user@lists.jboss.org<br />> Sent: Tuesday, March 17, 2015 8:52:12 AM<br />> Subject: Re: [keycloak-user] Customization of authentication mechanism and +<br />> <br />> <br />> <br />> Thanks again for your quick feedbacks.<br />> <br />> Sorry I have a number of questions so I will be buzzing u guys regularly.<br />> <br />> I went through the document for the adapters;<br />> <br />> http://docs.jboss.org/keycloak/docs/1.1.0.Final/userguide/html/ch08.html<br />> <br />> <br />> <br />> So lets say I need a php application to be deployed using keycloak as my SSO<br />> manager application.<br />> <br />> So my basic requirement is that user should have the ability to signin via<br />> keycloak. I see that there are no dedicated adapters for php (I guess it<br />> must be in the works)<br /><br />We don't have a PHP adapter, and there's no immediate plans to create one. You could use:<br /><br />* JavaScript adapter (http://docs.jboss.org/keycloak/docs/1.1.0.Final/userguide/html/ch08.html#javascript-adapter)<br />* Proxy (http://docs.jboss.org/keycloak/docs/1.1.0.Final/userguide/html/proxy.html)<br /><br />Alternatively have a look on Google for instructions on using OAuth2 and/or OpenID Connect with PHP. Once 1.2.0.Beta1 is released we'll also have a OpenID Connect Discovery endpoint, which should make it easier to use other OpenID Connect client libraries with Keycloak.<br /><br />If you're willing to contribute a PHP adapter then let me know and I can give you more details on what would be required and some hints to get you started.<br /><br />> <br />> <br />> <br />> Is there a guideline that I should follow if I am to do it manually?<br />> Basically what I should to do replicate what an adapter does (if I dont want<br />> to use any adapters or my apps are mobile based or deployed on containers<br />> hat keycloak does not have adapters for). Hope my question is clear.<br />> <br />> <br />> <br />> Kalinga<br />> <br />> <br />> <br />> <br />> -----Original Message-----<br />> From: "Bill Burke" <bburke@redhat.com><br />> Sent: Monday, March 16, 2015 7:46pm<br />> To: keycloak-user@lists.jboss.org<br />> Subject: Re: [keycloak-user] Customization of authentication mechanism and +<br />> <br />> <br />> <br />> Minimally you need to import username. Probably email too if you want<br />> to use any of our email-based features. With UserFederationProvider you<br />> can delegate to the third-party storage for other user attributes/metadata.<br />> <br />> On 3/16/2015 6:01 AM, Stian Thorgersen wrote:<br />> > We don't currently have a way to plugin your own authentication mechanism,<br />> > but this is something we'll be adding.<br />> > <br />> > You have two choices when it comes to users, you can either use our user<br />> > federation provider mechanism to sync between Keycloak and your current<br />> > db. Or you can migrate the users fully to the Keycloak db. In either case<br />> > you have an option on overriding how passwords are verified (either<br />> > UserFederationProvider or by extending an existing UserProvider). With the<br />> > above authentication mechanism we'll most likely also make the<br />> > verification of passwords pluggable which would support different hash<br />> > algorithms.<br />> > <br />> > ----- Original Message -----<br />> >> From: "Kalinga Dissanayake" <kalinga@leapset.com><br />> >> To: keycloak-user@lists.jboss.org<br />> >> Sent: Monday, March 16, 2015 10:48:55 AM<br />> >> Subject: [keycloak-user] Customization of authentication mechanism and +<br />> >> <br />> >> <br />> >> <br />> >> Guys,<br />> >> <br />> >> I need to understand the capability of keycloak with my requirement and to<br />> >> ensure that keycloak is scalable to meet my needs. My main requirement is<br />> >> to<br />> >> integrate keycloak to our system to support SSO hence I need to migrate my<br />> >> existing users. My main concerns;<br />> >> <br />> >> <br />> >> <br />> >> 1/ Customize authentication method.<br />> >> <br />> >> I need to authenticate users similar to what we currently use in our<br />> >> production system. In our system, users are identified by username,<br />> >> password<br />> >> and the pin.<br />> >> <br />> >> For instance;<br />> >> <br />> >> User -> jack, password -> pwd, pin -> 50000<br />> >> <br />> >> User should enter all three to login to the system.<br />> >> <br />> >> I went through the codebase and I saw that the Authentication Manager<br />> >> (which<br />> >> is a concrete class) does all the work inside keycloak. I managed to<br />> >> customize the frontend with ease, however, in order to support the pin in<br />> >> the backend seems like I have to customize the AuthenticationManager class<br />> >> (no direct SPIs).<br />> >> <br />> >> Although there is a link here;<br />> >> <br />> >> http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/authentication-spi.html<br />> >> <br />> >> I cant seem to find anything here which matches the current code base (to<br />> >> via<br />> >> a new authentication method via spis) and the example has been removed.<br />> >> <br />> >> <br />> >> <br />> >> 2/ Customize password hashes.<br />> >> <br />> >> We have our own algorithm used to store password hashes. What should I do<br />> >> to<br />> >> add this to keycloak?<br />> >> <br />> >> I do not know the current passwords of the users already in our system, so<br />> >> when doing the migration i need keyclock to support the current algorithm<br />> >> we<br />> >> use. Can we plugin new hashing algorithms to meet my needs?<br />> >> <br />> >> <br />> >> <br />> >> Any other issues I might face?<br />> >> <br />> >> I feel key cloak is the right choice if the above two questions are<br />> >> answered.<br />> >> Please let me know.<br />> >> <br />> >> _______________________________________________<br />> >> keycloak-user mailing list<br />> >> keycloak-user@lists.jboss.org<br />> >> https://lists.jboss.org/mailman/listinfo/keycloak-user<br />> > _______________________________________________<br />> > keycloak-user mailing list<br />> > keycloak-user@lists.jboss.org<br />> > https://lists.jboss.org/mailman/listinfo/keycloak-user<br />> > <br />> <br />> --<br />> Bill Burke<br />> JBoss, a division of Red Hat<br />> http://bill.burkecentral.com<br />> _______________________________________________<br />> keycloak-user mailing list<br />> keycloak-user@lists.jboss.org<br />> https://lists.jboss.org/mailman/listinfo/keycloak-user<br />> <br />> _______________________________________________<br />> keycloak-user mailing list<br />> keycloak-user@lists.jboss.org<br />> https://lists.jboss.org/mailman/listinfo/keycloak-user</div></font>