You can't use direct grant as the CLI won't know what credential input
is required. i.e. pw only, pw + otp, pw + sms, etc.... Right now the CLI
tool I wrote uses the KeycloakInstalled stuff you did Stian and stores
tokens in a hidden directory.
I would eventually like to make it RSH friendly and define a flow that
was text based and displayable to the console. All with kerberos and
client cert support too. Maybe this is something we can do with a
text-based browser (Lynx)? Not sure how KeycloakInstalled would detect
this and be able to run it though. Also configuratoin for kerveros and
client cert would be problematic.
On 8/14/17 7:08 AM, Stian Thorgersen wrote:
For this exact reason it can't use the browser based flow rather
it
should the direct grant (or some other flow?!?).
On 4 August 2017 at 10:09, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
I wonder if it's possible to have CLI utility, which is able to read
HTML with the form and challenge user based on that? For example
once it
receives the HTML like this:
<form>
Username: <input name="username" />
Password: <input name="password" type="password" />
</form>
Then in command line, user will be challenged for username and
password.
I am not sure if it's doable in practice and how much work it is.
Sounds
like re-implementing browser in command line. But maybe something like
this exists already?
BTV. Some things will never work in CLI in my opinion. For example:
- Registration with captcha
- TOTP setup
- Broker login (but hopefully some brokers offer alternatives)
Marek
On 28/07/17 22:36, Bill Burke wrote:
> I've developed a small command line utility around Keycloak
Installed.
> The idea is that this utility performs a login with keycloak to
obtain
> an access token. This utility saves the access and refresh
token in a
> file (similar to how ssh does in .ssh). Then bash scripts can be
used to
> export the access token as an environment variable so it can be
used by
> other command line utilities.
>
>
>
https://github.com/patriot1burke/keycloak/blob/master/adapters/oidc/insta...
<
https://github.com/patriot1burke/keycloak/blob/master/adapters/oidc/insta...
>
>
https://github.com/patriot1burke/keycloak/tree/master/adapters/oidc/cli-sso
<
https://github.com/patriot1burke/keycloak/tree/master/adapters/oidc/cli-s...
>
>
> Eventually I'm thinking of creating a text/plain protocol with
Keycloak
> server so that launching a browser or cutting/pasting between the
> command line window and browser isn't a requirement. It woudl be
a plain
> text challenge response protocol. This would require a bit more
work as
> it would require reworking all of our built in authenticators and
> required action plugins.
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
<
https://lists.jboss.org/mailman/listinfo/keycloak-dev>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
<
https://lists.jboss.org/mailman/listinfo/keycloak-dev>