----- Original Message -----
From: "Lakshmi Narayana VADALI (lvadali)"
<lvadali(a)cisco.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Tuesday, 3 February, 2015 10:58:09 AM
Subject: RE: [keycloak-dev] Do we have Login SPI with Keycloak_1.1.0_Final?
By LogIn SPI we mean any SPI for Customizing authentication.
We need to authenticate devices which will come for authentication with
their certificate.
As per keycloak-dev suggestion currently (Integrated with
Keycloak_1.0.4_Final) we are following below procedure
1. Create a new jaxrs class with two methods, one that returns the nounce
and another that authenticates the client, look at TokenService as a
reference for this, specifically at TokenService.grantAccessToken.
2. Extend KeycloakApplication to add your new class
3. Create your own auth-server war - see 'project-integrations/aerogear-ups'
as a reference for this
Also we were told that keycloak will come up with hooks whereby we can plug
in our authentication mechanism. We want to know whether hooks(LogIn SPI)
are provided with Latest Keycloak 1.1.0_Final Release.
No this is not available yet, and you will have to modify the above a fair bit to make it
work.
For reference attaching previous discussion with Keycloak-dev.
Our Requirement:
Instead of Existing one step authentication(user/pass), We need custom
certificate based authentication which is 2-step Authentication as below:
1. Bypass Login screen , instead generate nonce(UUID) and provide
intermediate Endpoint URL for Certificate based authentication.
2. Client will come to Certificate based authentication with its
certificate and encrypted UUID. After Validating Encrypted UUID
and Client certificate server should generate “Access code”.
Assuming this is to authenticate clients, not users, you should use direct grant, not
regular login.
Thanks,
Lakshmi Narayana V
-----Original Message-----
From: Stian Thorgersen [mailto:stian@redhat.com]
Sent: Tuesday, February 03, 2015 1:40 PM
To: Lakshmi Narayana VADALI (lvadali)
Cc: keycloak-dev(a)lists.jboss.org
Subject: Re: [keycloak-dev] Do we have Login SPI with Keycloak_1.1.0_Final?
----- Original Message -----
> From: "Lakshmi Narayana VADALI (lvadali)" <lvadali(a)cisco.com>
> To: keycloak-dev(a)lists.jboss.org
> Sent: Tuesday, 3 February, 2015 8:03:56 AM
> Subject: [keycloak-dev] Do we have Login SPI with Keycloak_1.1.0_Final?
>
>
>
>
>
> Congrats Team for Keycloak 1.1.0.Final Release loaded with features.
>
>
>
> We are planning to integrate our code with Latest Keycloak. So Can you
> please confirm do we have full support for Below features in
> Keycloak_1.1.0_Final Release.
>
>
>
> 1. Login SPI
Not sure what you're referring to
>
> 2. HA Support
Yes
>
> 3. Clustering Support
Yes, it's one of the top new features in 1.1, so yes of course
>
>
>
> Thanks,
>
> Lakshmi Narayana V
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev