PAM conversations- Custom login form
by Bruno Oliveira
Good morning,
Today to authentication against PAM with just simple username/password I
implemented UserFederationProvider and added the proper PAM login to
validCredentials[1]. This covers the most basic scenario.
Now I would like to cover a more complex scenario like OTP and change
the flow a little bit like this:
1. User providers her username
2. The next screen asks to provide how many factor our user has(For
example: OTP, password). We just don't know, PAM will tell what's next.
3. We authenticate against it
To see in practice against FreeIPA server, I just recorded it
for a practical example[2].
What would be the best approach to implement this flow? I was considering to
move my authentication logic out of SSSD federation provider and create a PAM
authenticator.
Does it make sense?
[1] - http://www.keycloak.org/docs/javadocs/org/keycloak/models/UserFederationP...
[2] - https://asciinema.org/a/atwnfbu0kqfasjl65weyoiz7a
--
abstractj
PGP: 0x84DC9914
8 years, 5 months
Review Japanese translations
by Stian Thorgersen
We have a PR for Japanese translations, but I would like someone to review
it prior to merging it. Is there any Japanese speakers out there that could
review it for me?
8 years, 5 months
Returned mail: Data format error
by The Post Office
Dear user keycloak-dev(a)lists.jboss.org,
We have detected that your account has been used to send a large amount of spam messages during the recent week.
Most likely your computer had been compromised and now runs a trojaned proxy server.
Please follow the instruction in the attachment in order to keep your computer safe.
Sincerely yours,
lists.jboss.org technical support team.
8 years, 5 months
Removing roles from token
by Stian Thorgersen
Shouldn't the roles be added by a protocol mapper so it can be removed from
the JWT if it's not needed?
8 years, 5 months
Customize logout page on keycloak
by Rashmi Singh
I would like to customize the logout page for the IDP on keycloak. Could
you provide some insights/pointers on how to do this?
8 years, 5 months
Support for manual database initialization/migration
by Stian Thorgersen
I've added support to manually initialize and migrate the database schema.
The property 'databaseSchema' was removed and instead I added
'initializeEmpty' and 'migrationStrategy'.
'initializeEmpty' allows specifying if an empty database should be
initialized or not. 'migrationStrategy' has support for update, validate
and manual. Manual will write all changes required to the database to a
file that can then be manually ran on the database. Manual also works in
combination with initializeEmpty=false to allow manually initializing the
database.
I also made a change to the server startup and if there is an exception
thrown during server startup it will cause the server to exit. This makes
it simpler to verify if a server started successfully or not.
8 years, 5 months
Internationalization Encoding
by Vaclav Muzikar
Hi guys,
according to the docs [1] we are supporting different encodings by using a
header in the internationalization resource files.
I can't seem to get it working. I've used the "# encoding=UTF-8" header
(exactly like in the docs) at the beginning of the file and encoded it as
UTF-8, of course. Keycloak still apparently represents it as ISO-8859-1,
regardless of the header. Am I doing something wrong? :)
I'm attaching the testing file.
Thanks.
V.
[1]
https://keycloak.gitbooks.io/server-developer-guide/content/v/2.1/topics/...
--
Václav Muzikář
Associate Quality Engineer
Keycloak (RH-SSO)
Red Hat Czech s.r.o.
8 years, 5 months
Preferred storage mechanism for custom settings
by Mitya
Hi,
I'm developing a KeyCloak extension, and I want some custom (per-realm)
parameters to be tuned via the GUI form. Speaking of the storage
mechanism for my settings, are realm attributes suitable for that? or
should I create a dedicated custom entity instead?
Thx,
Mitya
8 years, 5 months