On Mon, May 21, 2018 at 9:00 AM, gambol <gambol99(a)gmail.com> wrote:
Hiya
Apologizes for the wide range questions .. but figured a number for be
useful for the user base.
- Using the current scripted authentication in Authentication Flows would
it possible to use script to say if clientid == x and user have role x,
permitted else not. Also do you have a repo with some examples of scripts?
similar to
https://github.com/auth0/rules
Yes, you could do that. No repo, sorry. This was a community
contribution and we don't have much more than basic docs.
- Will the scripting always be global level, or is there any plan to
make
it per client? or perhaps a better question would be will authentication
flow always be at the realm level.
You can assign a specific authentiction flow to a specific client, but
we do not have anything like "step up" authentication yet.
- Assuming a realm with multiple identity providers, is there any
means by
which a client and enforce that a use came in via a specific identity
provider? or if i come in via provider x they need to use MFA (would this
be done with a Post Login Flow on the provider perhaps?).
That might work, but post login flow was implemented mainly to resolve
import from external provider.
- Is the any plans to make Groups per client and under the client ui?
as
for realms which have many disassociated applications but common user bases
it makes it easier for them to manage.
You are the first to ask, but we should do something similar to what
was done for roles.
- Are the any plans to expose metrics (or perhaps they are already
exposed)? via jmx, stats, prometheus etc .. around logins, successful,
failed etc, any latency measures on identity providers, infinispan /
database operations etc
Something that should be scheduled. We have audit logs for all
different types of events, but I'm pretty sure we don't tabulate any
of it. We have basic generic metrics that any "application server"
would provide through Wildfly.
- Is there any way to turn off the internal passwords and force via
identity provider? .. i guess this is where scripting becomes useful .. i.e
if client = y get the provider name and deny if not y etc
Elaborate? Not sure what you mean.Not understanding this one.
--
Bill Burke
Red Hat