1:34 p.m.
We're using KeycloakConfigResolver to resolve the realm based on the request URI. But
if we are unable to resolve to a specific realm we want forward the user to a page where
she can enter the email address from which we can figure out the user's realm.
Since KeycloakConfigResolver cannot be used to redirect the request, any suggestions are
how to forward to the page to manual resolution? We are using the Keycloak wildfly
adapter.
Thanks,
8:24 a.m.
There might be possibility to address this with Servlet filter, which
will redirect you to the page where you can ask for the email. Only
thing is, that servlet filters are triggered later than the
authentication code on adapter side, so the filter itself would likely
need to be mapped to unsecured URI.
Other possibility is that we will improve the KeycloakConfigResolver, so
it has access to the response (not just request like it's now) and have
possibility to redirect response. But in that case, we need to do some
refactoring on the adapter side, so all the code to resolve
KeycloakDeployment will need to check if response is redirected and
finish the request processing in that case. Not sure if it's the way to
go TBH... But you can create JIRA and we can try to take a look (or you
can try to propose PR)
Marek
On 24.6.2015 20:34, Bellan Saravanan wrote:
We're using KeycloakConfigResolver to resolve the realm based on
the
request URI. But if we are unable to resolve to a specific realm we
want forward the user to a page where she can enter the email address
from which we can figure out the user's realm.
Since KeycloakConfigResolver cannot be used to redirect the request,
any suggestions are how to forward to the page to manual resolution?
We are using the Keycloak wildfly adapter.
Thanks,
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
9:22 a.m.
An alternative would be to use identity brokering. You'd have a main realm that had
identity brokers for the other realms.
We plan to add an option where the user only has to enter username first. Then you can
auto-redirect to a identity broker based on email domain.
----- Original Message -----
From: "Marek Posolda" <mposolda(a)redhat.com>
To: "Bellan Saravanan" <sarbx(a)hotmail.com>,
keycloak-user(a)lists.jboss.org
Sent: Thursday, 25 June, 2015 9:24:17 AM
Subject: Re: [keycloak-user] Realm resolver
There might be possibility to address this with Servlet filter, which will
redirect you to the page where you can ask for the email. Only thing is,
that servlet filters are triggered later than the authentication code on
adapter side, so the filter itself would likely need to be mapped to
unsecured URI.
Other possibility is that we will improve the KeycloakConfigResolver, so it
has access to the response (not just request like it's now) and have
possibility to redirect response. But in that case, we need to do some
refactoring on the adapter side, so all the code to resolve
KeycloakDeployment will need to check if response is redirected and finish
the request processing in that case. Not sure if it's the way to go TBH...
But you can create JIRA and we can try to take a look (or you can try to
propose PR)
Marek
On 24.6.2015 20:34, Bellan Saravanan wrote:
We're using KeycloakConfigResolver to resolve the realm based on the request
URI. But if we are unable to resolve to a specific realm we want forward the
user to a page where she can enter the email address from which we can
figure out the user's realm.
Since KeycloakConfigResolver cannot be used to redirect the request, any
suggestions are how to forward to the page to manual resolution? We are
using the Keycloak wildfly adapter.
Thanks,
_______________________________________________
keycloak-user mailing list keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3457
days inactive
3458
days old
2 comments
3 participants
participants (3)
-
Bellan Saravanan -
Marek Posolda -
Stian Thorgersen