I can see those details are things that you may want to add to a client,
but I don't see how you're going to utilize that information?
On 25 February 2016 at 09:55, Thomas Darimont <
thomas.darimont(a)googlemail.com> wrote:
FYI, back to the original question of allowing edit of client
attributes
from admin console...
Some use cases where client attributes would be very handy:
* additional metadata for applications
* display-order for application listing
* icon name in application listing (more flexible than deriving from
client id)
* tagging of clients as internal, public etc.
* application version
* url for checking application status (health check endpoint) - ok,
maintenance, offline
Would be happy to send a PR for editing of client attributes in the admin
console.
Cheers,
Thomas
2016-02-22 13:58 GMT+01:00 Bystrik Horvath <bystrik.horvath(a)gmail.com>:
> Thank you guys for the answers, I think you & Stian directed me to the
> right way, so it should solve my requirements.
>
> Best regards,
> Bystrik
>
>
>
> On Mon, Feb 22, 2016 at 1:48 PM, Thomas Darimont <
> thomas.darimont(a)googlemail.com> wrote:
>
>> You could define the set of secret questions on the authenticator - you
>> could either hardcode them or make them configurable by implementing
>> ConfiguredProvider see [0].
>> Then you could store a reference to the selected secret question and the
>> answer as a custom user-attribute.
>>
>> Cheers,
>>
>> Thomas
>>
>> [0] -
>>
https://github.com/keycloak/keycloak/blob/60f9f73c4ca2ddf4ad49ff53a03a63d...
>>
>> Stian Thorgersen <sthorger(a)redhat.com> schrieb am Mo., 22. Feb. 2016,
>> 13:40:
>>
>>> I thought the example did allow configuring the security question on
>>> the authenticator, but you can create your own that does it. Then the
>>> security questions are configured on the authenticator itself.
>>>
>>> On 22 February 2016 at 13:24, Bystrik Horvath <
>>> bystrik.horvath(a)gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> I went through the example (
>>>>
https://github.com/keycloak/keycloak/tree/master/examples/providers/authe...).
>>>> The security questions are written in secret-question.ftl
>>>> and secret-question-config.ftl files. From my point of view, the
security
>>>> questions are know in advance and they can be "hardcoded" in
ftl files. My
>>>> case is that security questions are defined during the runtime
(preferably
>>>> via admin REST API). The admin REST API does not provide the
functionality
>>>> to store attributes on realm level. I agree that security questions
belongs
>>>> to realm, but how to provision them - *.ftl files are not an option for
me.
>>>>
>>>> Best regards,
>>>> Bystrik
>>>>
>>>> On Mon, Feb 22, 2016 at 12:55 PM, Stian Thorgersen <
>>>> sthorger(a)redhat.com> wrote:
>>>>
>>>>> If you look at our security questions example it stores the
>>>>> configuration on the authenticator itself.
>>>>>
>>>>> On 22 February 2016 at 12:46, Bystrik Horvath <
>>>>> bystrik.horvath(a)gmail.com> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> what would be a recommended way to provision a security question
on
>>>>>> realm base if the question is not known in advance? May be it is
an misuse
>>>>>> of client representation for provisioning that.
>>>>>>
>>>>>> Best regards,
>>>>>> Bystrik
>>>>>>
>>>>>> On Mon, Feb 22, 2016 at 12:28 PM, Stian Thorgersen <
>>>>>> sthorger(a)redhat.com> wrote:
>>>>>>
>>>>>>> I don't understand how you can have security questions
that are
>>>>>>> particular to a client. A user logs-in to a realm, not a
client.
>>>>>>>
>>>>>>> On 22 February 2016 at 10:20, Juraj Janosik <
>>>>>>> juraj.janosik77(a)gmail.com> wrote:
>>>>>>>
>>>>>>>> @ Stian:
>>>>>>>> generally said, I did not find any description, that the
client
>>>>>>>> attributes are for internal use only.
>>>>>>>> Parameter "attributes" is propagated in
ClientRepresentation in
>>>>>>>> the REST Admin API,
>>>>>>>> therefore should be used for CRUD admin operations.
>>>>>>>> We plan to attach Security Answers to the user (Security
questions
>>>>>>>> are common for particular client).
>>>>>>>>
>>>>>>>> Best Regards,
>>>>>>>> Juraj
>>>>>>>>
>>>>>>>> 2016-02-22 10:18 GMT+01:00 Bystrik Horvath <
>>>>>>>> bystrik.horvath(a)gmail.com>:
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> I think the case here is to provision the text of
security
>>>>>>>>> question to the client attributes when it is not
known in advance.
>>>>>>>>>
>>>>>>>>> Best regards,
>>>>>>>>> Bystrik
>>>>>>>>>
>>>>>>>>> On Mon, Feb 22, 2016 at 10:06 AM, Thomas Darimont
<
>>>>>>>>> thomas.darimont(a)googlemail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Interesting - do you need client specific
security questions?
>>>>>>>>>>
>>>>>>>>>> The keycloak examples contain a custom provider
for user
>>>>>>>>>> specific security questions - perhaps this would
suit your needs better.
>>>>>>>>>>
>>>>>>>>>>
https://github.com/keycloak/keycloak/tree/master/examples/providers/authe...
>>>>>>>>>>
>>>>>>>>>> Cheers,
>>>>>>>>>> Thomas
>>>>>>>>>>
>>>>>>>>>> 2016-02-22 10:02 GMT+01:00 Juraj Janosik <
>>>>>>>>>> juraj.janosik77(a)gmail.com>:
>>>>>>>>>>
>>>>>>>>>>> Hi Thomas,
>>>>>>>>>>>
>>>>>>>>>>> for example security questions.... :-)
>>>>>>>>>>>
>>>>>>>>>>> Best Regards,
>>>>>>>>>>> Juraj
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> 2016-02-22 9:12 GMT+01:00 Thomas Darimont
<
>>>>>>>>>>> thomas.darimont(a)googlemail.com>:
>>>>>>>>>>>
>>>>>>>>>>>> Hello Juraj,
>>>>>>>>>>>>
>>>>>>>>>>>> I wondered about that too a while ago -
may I ask what client
>>>>>>>>>>>> attributes you are planning to store?
>>>>>>>>>>>>
>>>>>>>>>>>> Cheers,
>>>>>>>>>>>> Thomas
>>>>>>>>>>>>
>>>>>>>>>>>> 2016-02-22 8:17 GMT+01:00 Juraj Janosik
<
>>>>>>>>>>>> juraj.janosik77(a)gmail.com>:
>>>>>>>>>>>>
>>>>>>>>>>>>> The user configuration has the
possibility to
>>>>>>>>>>>>> Create/Read/Update/Delete of
"custom" attributes in the Admin Console.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
(/auth/admin/master/console/#/realms/demo/users/{uid}/user-attributes)
>>>>>>>>>>>>> The client does not. I think, the
logic and the focus is the
>>>>>>>>>>>>> same for both.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Best regards,
>>>>>>>>>>>>> Juraj
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> 2016-02-19 15:40 GMT+01:00 Stian
Thorgersen <
>>>>>>>>>>>>> sthorger(a)redhat.com>:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> We don't. Why would we add it
though?
>>>>>>>>>>>>>> On 18 Feb 2016 12:43, "Juraj
Janosik" <
>>>>>>>>>>>>>> juraj.janosik77(a)gmail.com>
wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> is there any plan to support
for displaying of "attributes"
>>>>>>>>>>>>>>> from Client Representation
>>>>>>>>>>>>>>> (like users configuration) in
Admin Console?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>>>> Juraj
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>>>>
keycloak-user(a)lists.jboss.org
>>>>>>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>