9:43 a.m.
Hello group,
this is my first post on this mailinglist and I want to say thank you for
this awesome project!
I had a look at many IDM / SSO solutions before and Keycloak provided the
best out-of-the box
experience so far!
I posted the following in the JIRA initially but Stian Thorgersen asked me
to post this
on the mailing list as well.
Scenario:
Support for conditional AuthenticationFlowExecution.
Often some authentication flow steps should only be executed under certain
conditions,
e.g. somtimes a TOTP based auth step is only required of requests come with
a
certain request header value.
It would be cool if one could configure a condition on the
AuthenticationFlowExecution
(if I'm not mistaken) that if evaluated to true would execute or skip a
particular authentication step.
This could perhaps be configured via the admin console in the
Authentication -> Flows tab.
Conditions could perhaps be simple JavaScript expressions that could be
evaluated via the built-in JavaScript ScriptEngine.
For this it would be useful to provide a set of "standard" functions that
can be called from the expressions (perhaps based on a whitelist).
Admins should also be able to define their custom functions.
The context could provide access to the current http request, current user,
the requested client application and perhaps the keycloak configuration.
The issue: https://issues.jboss.org/browse/KEYCLOAK-2108
9:49 a.m.
"Alternative" flows/authenticators should allow you to do this. It
might look/be a little awkward, but it should allow you to do
conditionals. Notice that Username/Password is "Alternative". This
means its not executed if Cookie is successful. You can nest this stuff
too.
Its not the greatest, but I wanted to avoid anything too complex that
required a lot of UI work and/or some kind of scripting engine.
On 11/23/2015 10:43 AM, Thomas Darimont wrote:
Hello group,
this is my first post on this mailinglist and I want to say thank you
for this awesome project!
I had a look at many IDM / SSO solutions before and Keycloak provided
the best out-of-the box
experience so far!
I posted the following in the JIRA initially but Stian Thorgersen asked
me to post this
on the mailing list as well.
Scenario:
Support for conditional AuthenticationFlowExecution.
Often some authentication flow steps should only be executed under
certain conditions,
e.g. somtimes a TOTP based auth step is only required of requests come
with a
certain request header value.
It would be cool if one could configure a condition on the
AuthenticationFlowExecution
(if I'm not mistaken) that if evaluated to true would execute or skip a
particular authentication step.
This could perhaps be configured via the admin console in the
Authentication -> Flows tab.
Conditions could perhaps be simple JavaScript expressions that could be
evaluated via the built-in JavaScript ScriptEngine.
For this it would be useful to provide a set of "standard" functions
that can be called from the expressions (perhaps based on a whitelist).
Admins should also be able to define their custom functions.
The context could provide access to the current http request, current
user, the requested client application and perhaps the keycloak
configuration.
The issue: https://issues.jboss.org/browse/KEYCLOAK-2108
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
3086
days inactive
3086
days old
1 comments
2 participants
participants (2)
-
Bill Burke -
Thomas Darimont