User session creation
by Erlend Hamnaberg
Hello all.
This is a bit hard to explain.
I have created a IDP which uses CAS ( Central Authentication Service) as
its backend.
Our KC instance is again used by a clients KC instance. They have chosen to
disable their persistent cookie handling, and thereby our by passing
"prompt=login" to the login request.
We are passing on the prompt=login by passing on renew=true to CAS.
We get a token back, and verify that. However; Since the user session is
not refreshed by the cookie handling, it seems like we are then timing out
intermittently.
Is there a problem with creating/refreshing the user session in the
authenticationFinished Method in the gist below?
https://gist.github.com/hamnis/547c550a532be7e8235aa653725b2ba2
Thanks.
/Erlend
6 years
Device authentication - IOT use case
by SUDHIR SHETTY
Hi, I would like to find the right approach for device authentication in my usecase.My project has a 3 actors
- Users
- Devices
- Apps (think of these as ,mobile Apps)
We currently use KeyCloak for user authentication (Federated LDAp/OpenID Connect) and we have a backend of micro-services that are registered as clients in KeyCloak and users/devices/mobile apps can access those backend services via OAuth2 (JWT tokens).
I would like to leverage KeyCloak for Device & Mobile App authentication , Device/App will authenticate via private/public key pair via signed JWT token.
I know I can implement the mobile APP as a client in Keycloak.
My question is around Devices , should I register the Device as a client or as User in KeyCloak?
Any guidance/sample project/example would be highly appreciated.
regards,Sudhir
| | Virus-free. www.avast.com |
6 years
Send welcome mail after successful registration
by Andreas Lau
Hey,
i'd like keycloak to send a welcome mail after the user has successfully registered and verified his email. Currently I don't know how to do it. I found jira [1] feature request proposing a extension to support welcome email by configuration (I think). In the comments someone suggested to use SMTP provider and EventListener. The next comment has a Link [3] to a EventListener sample but I can not figure out what I have to do.
I think they suggested the follwing workflow:
1. registration finished
2. listener invokes - how to tell Listener to listen on the registration event (how is the event named)
3. SMTP provider sends a email
Hope someone is able to help me out.
Andreas
[1] https://issues.jboss.org/browse/KEYCLOAK-1835
[2] https://github.com/keycloak/keycloak/tree/master/examples/providers/event...
6 years
Re: [keycloak-user] keycloak on tomcat
by Vinaya Thimmappa
Hello All,
I am trying to run key-cloak on tomcat server instead of default jboss
server. but I haven't been successful. I was reading
https://dzone.com/articles/deploying-keycloak-in-tomcat and this document
is very old and i also need to do clustering .
So would like to know
1. can keycloak application itself be run on tomcat
2. if yes, can this application be run in clustered containerized mode
Thanks
On Sun, Dec 2, 2018 at 7:35 PM Vinaya Thimmappa <vinaya.thimmappa(a)gmail.com>
wrote:
> Hello All,
>
> I am trying to run key-cloak on tomcat server instead of default jboss
> server. but I haven't been successful. I was reading
> https://dzone.com/articles/deploying-keycloak-in-tomcat and but this one
> very old one and i also need to do clustering .
>
> So would like to know
> can keycloak application itself be run on tomcat
> if yes, can this application be run in clustered containerized mode
>
>
> Thanks
> Vinaya
>
>
6 years
Don't see custom protocol mapper claim in identity.getAttributes()
by Geoffrey Cleaves
Hi. I am using a client scope script mapper with:
token.setOtherClaims("cn", cn);
I expected to see this attribute in my Javascript Authorization Policy when
doing:
identity.getAttributes().toMap()
However, my "cn" claim/attribute is not there. Am I misunderstanding the
docs or doing something wrong? The docs say:
The Identity is built based on the OAuth2 Access Token that was sent along
with the authorization request, and this construct has access to all claims
extracted from the original token. For example, if you are using a *Protocol
Mapper* to include a custom claim in an OAuth2 Access Token you can also
access this claim from a policy and use it to build your conditions.
Regards,
Geoffrey Cleaves
6 years
