Re: [keycloak-user] Admin Console: Clients Configuration: Displaying of "attributes" from Client Representation

I can see those details are things that you may want to add to a client, but I don't see how you're going to utilize that information? On 25 February 2016 at 09:55, Thomas Darimont < thomas.darimont(a)googlemail.com&gt; wrote: > FYI, back to the original question of allowing edit of client attributes > from admin console... > > Some use cases where client attributes would be very handy: > * additional metadata for applications > * display-order for application listing > * icon name in application listing (more flexible than deriving from > client id) > * tagging of clients as internal, public etc. > * application version > * url for checking application status (health check endpoint) - ok, > maintenance, offline > > Would be happy to send a PR for editing of client attributes in the admin > console. > > Cheers, > Thomas > > 2016-02-22 13:58 GMT+01:00 Bystrik Horvath <bystrik.horvath(a)gmail.com&gt;: > >> Thank you guys for the answers, I think you & Stian directed me to the >> right way, so it should solve my requirements. >> >> Best regards, >> Bystrik >> >> >> >> On Mon, Feb 22, 2016 at 1:48 PM, Thomas Darimont < >> thomas.darimont(a)googlemail.com&gt; wrote: >> >>> You could define the set of secret questions on the authenticator - you >>> could either hardcode them or make them configurable by implementing >>> ConfiguredProvider see [0]. >>> Then you could store a reference to the selected secret question and >>> the answer as a custom user-attribute. >>> >>> Cheers, >>> >>> Thomas >>> >>> [0] - >>> https://github.com/keycloak/keycloak/blob/60f9f73c4ca2ddf4ad49ff53a03a63d... >>> >>> Stian Thorgersen <sthorger(a)redhat.com&gt; schrieb am Mo., 22. Feb. 2016, >>> 13:40: >>> >>>> I thought the example did allow configuring the security question on >>>> the authenticator, but you can create your own that does it. Then the >>>> security questions are configured on the authenticator itself. >>>> >>>> On 22 February 2016 at 13:24, Bystrik Horvath < >>>> bystrik.horvath(a)gmail.com&gt; wrote: >>>> >>>>> Hi, >>>>> >>>>> I went through the example ( >>>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authe...). >>>>> The security questions are written in secret-question.ftl >>>>> and secret-question-config.ftl files. From my point of view, the security >>>>> questions are know in advance and they can be "hardcoded" in ftl files. My >>>>> case is that security questions are defined during the runtime (preferably >>>>> via admin REST API). The admin REST API does not provide the functionality >>>>> to store attributes on realm level. I agree that security questions belongs >>>>> to realm, but how to provision them - *.ftl files are not an option for me. >>>>> >>>>> Best regards, >>>>> Bystrik >>>>> >>>>> On Mon, Feb 22, 2016 at 12:55 PM, Stian Thorgersen < >>>>> sthorger(a)redhat.com&gt; wrote: >>>>> >>>>>> If you look at our security questions example it stores the >>>>>> configuration on the authenticator itself. >>>>>> >>>>>> On 22 February 2016 at 12:46, Bystrik Horvath < >>>>>> bystrik.horvath(a)gmail.com&gt; wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> what would be a recommended way to provision a security question on >>>>>>> realm base if the question is not known in advance? May be it is an misuse >>>>>>> of client representation for provisioning that. >>>>>>> >>>>>>> Best regards, >>>>>>> Bystrik >>>>>>> >>>>>>> On Mon, Feb 22, 2016 at 12:28 PM, Stian Thorgersen < >>>>>>> sthorger(a)redhat.com&gt; wrote: >>>>>>> >>>>>>>> I don't understand how you can have security questions that are >>>>>>>> particular to a client. A user logs-in to a realm, not a client. >>>>>>>> >>>>>>>> On 22 February 2016 at 10:20, Juraj Janosik < >>>>>>>> juraj.janosik77(a)gmail.com&gt; wrote: >>>>>>>> >>>>>>>>> @ Stian: >>>>>>>>> generally said, I did not find any description, that the client >>>>>>>>> attributes are for internal use only. >>>>>>>>> Parameter "attributes" is propagated in ClientRepresentation in >>>>>>>>> the REST Admin API, >>>>>>>>> therefore should be used for CRUD admin operations. >>>>>>>>> We plan to attach Security Answers to the user (Security >>>>>>>>> questions are common for particular client). >>>>>>>>> >>>>>>>>> Best Regards, >>>>>>>>> Juraj >>>>>>>>> >>>>>>>>> 2016-02-22 10:18 GMT+01:00 Bystrik Horvath < >>>>>>>>> bystrik.horvath(a)gmail.com&gt;: >>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> I think the case here is to provision the text of security >>>>>>>>>> question to the client attributes when it is not known in advance. >>>>>>>>>> >>>>>>>>>> Best regards, >>>>>>>>>> Bystrik >>>>>>>>>> >>>>>>>>>> On Mon, Feb 22, 2016 at 10:06 AM, Thomas Darimont < >>>>>>>>>> thomas.darimont(a)googlemail.com&gt; wrote: >>>>>>>>>> >>>>>>>>>>> Interesting - do you need client specific security questions? >>>>>>>>>>> >>>>>>>>>>> The keycloak examples contain a custom provider for user >>>>>>>>>>> specific security questions - perhaps this would suit your needs better. >>>>>>>>>>> >>>>>>>>>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authe... >>>>>>>>>>> >>>>>>>>>>> Cheers, >>>>>>>>>>> Thomas >>>>>>>>>>> >>>>>>>>>>> 2016-02-22 10:02 GMT+01:00 Juraj Janosik < >>>>>>>>>>> juraj.janosik77(a)gmail.com&gt;: >>>>>>>>>>> >>>>>>>>>>>> Hi Thomas, >>>>>>>>>>>> >>>>>>>>>>>> for example security questions.... :-) >>>>>>>>>>>> >>>>>>>>>>>> Best Regards, >>>>>>>>>>>> Juraj >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> 2016-02-22 9:12 GMT+01:00 Thomas Darimont < >>>>>>>>>>>> thomas.darimont(a)googlemail.com&gt;: >>>>>>>>>>>> >>>>>>>>>>>>> Hello Juraj, >>>>>>>>>>>>> >>>>>>>>>>>>> I wondered about that too a while ago - may I ask what client >>>>>>>>>>>>> attributes you are planning to store? >>>>>>>>>>>>> >>>>>>>>>>>>> Cheers, >>>>>>>>>>>>> Thomas >>>>>>>>>>>>> >>>>>>>>>>>>> 2016-02-22 8:17 GMT+01:00 Juraj Janosik < >>>>>>>>>>>>> juraj.janosik77(a)gmail.com&gt;: >>>>>>>>>>>>> >>>>>>>>>>>>>> The user configuration has the possibility to >>>>>>>>>>>>>> Create/Read/Update/Delete of "custom" attributes in the Admin Console. >>>>>>>>>>>>>> >>>>>>>>>>>>>> (/auth/admin/master/console/#/realms/demo/users/{uid}/user-attributes) >>>>>>>>>>>>>> The client does not. I think, the logic and the focus is the >>>>>>>>>>>>>> same for both. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Best regards, >>>>>>>>>>>>>> Juraj >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> 2016-02-19 15:40 GMT+01:00 Stian Thorgersen < >>>>>>>>>>>>>> sthorger(a)redhat.com&gt;: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> We don't. Why would we add it though? >>>>>>>>>>>>>>> On 18 Feb 2016 12:43, "Juraj Janosik" < >>>>>>>>>>>>>>> juraj.janosik77(a)gmail.com&gt; wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> is there any plan to support for displaying of >>>>>>>>>>>>>>>> "attributes" from Client Representation >>>>>>>>>>>>>>>> (like users configuration) in Admin Console? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Thanks. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Best Regards, >>>>>>>>>>>>>>>> Juraj >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>> keycloak-user mailing list >>>>>>>>>>>>>>>> keycloak-user(a)lists.jboss.org >>>>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> keycloak-user mailing list >>>>>>>>>>>>>> keycloak-user(a)lists.jboss.org >>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> keycloak-user mailing list >>>>>>>>>>> keycloak-user(a)lists.jboss.org >>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> _______________________________________________ >>>> keycloak-user mailing list >>>> keycloak-user(a)lists.jboss.org >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> >>> >> >