Hi all,
Can anyone to help with this issue?
Is it possible to support flows described below ?
Is it possible to configure authenticators via generated REST API (or we need to create
REST API for each authenticator)?
Also, what I missed in the implementation of my authenticator?
https://issues.jboss.org/browse/KEYCLOAK-3867
Best regards,
Michael
________________________________
From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org>
on behalf of Michael Furman <michael_furman(a)hotmail.com>
Sent: Sunday, November 6, 2016 6:14 PM
To: Bill Burke; keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Creation UI for new authentication schema configuration.
Hi Bill,
Please note that RADIUS can provide the authentication service only and can not provide
the user details (first name, last name, email).
Please remind that I want to configure the authentication flow as the following:
Cookie - ALTERNATIVE
Radius - ALTERNATIVE
Forms Subflow - ALTERNATIVE
Regarding your question I can see the following use cases.
1) User does not exists in the Keycloak's DB but exists in the RADIUS server. In
this case the authentication against the RADIUS server will success and the user will be
authenticated.
The user information will contain only the user name.
2) User exists in the Keycloak's DB and exists in the RADIUS server. In this case
the authentication against the RADIUS server will success and the user will populate the
user information from the Keycloak's DB.
The user information will contain the user name, first name, last name, email and
other information
3) User exists in the Keycloak's DB but does not exist in the RADIUS server. In
this case the authentication against the Keycloak's DB will success and the user will
populate the user information from the Keycloak's DB.
The user information will contain the user name, first name, last name, email and
other information.
4) User does not exist in the Keycloak's DB and does not exist in the RADIUS
server. In this case the authentication will fail.
Is it possible to support it?
________________________________
From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org>
on behalf of Bill Burke <bburke(a)redhat.com>
Sent: Sunday, November 6, 2016 5:33 PM
To: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Creation UI for new authentication schema configuration.
Where is the user going to live? In Keycloak's DB? Or does Radius
store and provide info about the user?
On 11/6/16 8:38 AM, Michael Furman wrote:
I still need a help.
The example for the secret question is good but I need other example.
I am in the middle of POC that will help us to understand if we can use Keycloak in our
production.
It contains a lot of aspects (creating of other authenticators, creating of our own UI
over Keycloak etc.).
In this thread I just want to create the authenticator that will take a user name and a
user password and will authenticate against a Radius server.
If it will fails, the default UsernamePasswordForm authenticator should handle the
authentication.
I will really appreciate if somebody will help me with the following questions.
1. Do you have the example that shows how to create simple user name and password
authenticator?
2. How can I configure the authentication provider via REST API?
Will be generated configuration Rest API automatically?
3. I have created the simple authenticator that overrides UsernamePasswordForm.
It appears in UI.
Unfortunately the request does not come to my implementation.
What I have missed?
I have opened bug and attached sources:
https://issues.jboss.org/browse/KEYCLOAK-3867
Best regards,
Michael
________________________________
From: Thomas Darimont <thomas.darimont(a)googlemail.com>
Sent: Sunday, November 6, 2016 11:42 AM
To: Michael Furman
Cc: Stian Thorgersen; keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Creation UI for new authentication schema configuration.
Hello Michael,
if you want to create a custom browser flow by copying the original browser flow you need
to bind your custom browser flow
on the "Authentication -> Bindings" tab where you link your custom browser
flow to be used as "the" browser flow.
Cheers,
Thomas
2016-11-06 10:33 GMT+01:00 Michael Furman
<michael_furman@hotmail.com<mailto:michael_furman@hotmail.com>>:
Hi Stian,
I was able to add the authentication provider in 2.3.0 but only to the copied flow.
1. Why I can not add the execution to the Browser flow?
If I copy the browser flow (and call it Browser2 flow) what flow will be default for the
browser authentication?
How can I configure the new Browser2 flow will be default for the browser
authentications?
2. Will be generated Rest API for the configuration of the authentication provider?
How can I configure via REST API.
Best regards,
Michael
________________________________
From: Stian Thorgersen <sthorger@redhat.com<mailto:sthorger@redhat.com>>
Sent: Friday, November 4, 2016 7:52 AM
To: Stian Thorgersen
Cc: Michael Furman;
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
Subject: Re: [keycloak-user] Creation UI for new authentication schema configuration.
FIY we did check this example for 2.3.0.CR1 release so I doubt it's broken
On 4 November 2016 at 06:51, Stian Thorgersen
<sthorger@redhat.com<mailto:sthorger@redhat.com><mailto:sthorger@redhat.com<mailto:sthorger@redhat.com>>>
wrote:
I don't know what you mean by it is not recognized by Keycloak. Did you follow the
steps in the example to register it? See
https://github.com/keycloak/keycloak/blob/master/examples/providers/authe...
[
https://avatars0.githubusercontent.com/u/4921466?v=3&s=400]<https:...
keycloak/keycloak<https://github.com/keycloak/keycloak/blob/master/exa...
github.com
keycloak - Open Source Identity and Access Management For Modern Applications and
Services
[
https://avatars0.githubusercontent.com/u/4921466?v=3&s=400]<https:...
keycloak/keycloak<https://github.com/keycloak/keycloak/blob/master/exa...
[
https://avatars0.githubusercontent.com/u/4921466?v=3&s=400]<https:...
keycloak/keycloak<https://github.com/keycloak/keycloak/blob/master/exa...
github.com
keycloak - Open Source Identity and Access Management For Modern Applications and
Services
github.com
keycloak - Open Source Identity and Access Management For Modern Applications and
Services
On 3 November 2016 at 20:14, Michael Furman
<michael_furman@hotmail.com<mailto:michael_furman@hotmail.com><mailto:michael_furman@hotmail.com<mailto:michael_furman@hotmail.com>>>
wrote:
Hi,
Unfortunately I can not deploy the example authentication provider to Keycloak
Who can help?
I have compiled authenticator-required-action-example from the examples.
I copied the provider jar into the “standalone/configuration/providers” directory
according to the document:
https://keycloak.gitbooks.io/server-developer-guide/content/v/2.2/topics/...
Unfortunately Keycloak does not recognize the provider.
Than I have copied it to the “providers” folder under the root Keycloak folder.
Also without success .
I have opened an issue
https://issues.jboss.org/browse/KEYCLOAK-3856
Best regards,
Michael
________________________________
From: Stian Thorgersen
<sthorger@redhat.com<mailto:sthorger@redhat.com><mailto:sthorger@redhat.com<mailto:sthorger@redhat.com>>>
Sent: Tuesday, November 1, 2016 11:08 AM
To: Michael Furman
Cc:
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org><mailto:keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>>
Subject: Re: [keycloak-user] Creation UI for new authentication schema configuration.
On the config for the authenticator. Please look at the docs and also the example it
explains this pretty well.
On 31 October 2016 at 13:47, Michael Furman
<michael_furman@hotmail.com<mailto:michael_furman@hotmail.com><mailto:michael_furman@hotmail.com<mailto:michael_furman@hotmail.com>>>
wrote:
Thanks,
Where I will see the generated UI?
On the authentication page?
http://localhost:8080/auth/admin/master/console/#/realms/master/authentic...
Also, can I add / update the authenticator configuration via REST API?
http://www.keycloak.org/docs/rest-api/#_update_authenticator_configuration
Thank you in advance for your help.
Best regards,
Michael
________________________________
From: Stian Thorgersen
<sthorger@redhat.com<mailto:sthorger@redhat.com><mailto:sthorger@redhat.com<mailto:sthorger@redhat.com>>>
Sent: Monday, October 31, 2016 8:00 AM
To: Michael Furman
Cc:
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org><mailto:keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>>
Subject: Re: [keycloak-user] Creation UI for new authentication schema configuration.
Configuration UI is generated based on what's returned by the getConfigProperties
method
On 30 October 2016 at 12:28, Michael Furman
<michael_furman@hotmail.com<mailto:michael_furman@hotmail.com><mailto:michael_furman@hotmail.com<mailto:michael_furman@hotmail.com>>>
wrote:
Thanks Stian,
I will happy for the additional clarifications.
I have looked in
https://keycloak.gitbooks.io/server-developer-guide/content/topics/auth-s... but was
not able to find a lot.
Authentication SPI | Server Developer
Guide<https://keycloak.gitbooks.io/server-developer-guide/content/topics/auth-spi.html>
keycloak.gitbooks.io
Authentication Flow. A flow is a container for all authentications that must happen during
login or registration. If you go to the admin console authentication page ...
Authentication SPI | Server Developer
Guide<https://keycloak.gitbooks.io/server-developer-guide/content/topics/auth-spi.html>
Authentication SPI | Server Developer
Guide<https://keycloak.gitbooks.io/server-developer-guide/content/topics/auth-spi.html>
keycloak.gitbooks.io
Authentication Flow. A flow is a container for all authentications that must happen during
login or registration. If you go to the admin console authentication page ...
keycloak.gitbooks.io
Authentication Flow. A flow is a container for all authentications that must happen during
login or registration. If you go to the admin console authentication page ...
I think that the following is relevant:
The next few methods define how the Authenticator can be configured.
…
The getConfigProperties() method returns a list of ProviderConfigProperty objects. These
objects define a specific configuration attribute.
But according to my understanding the configuration should appear in the Authenticator
configuration UI.
Therefore, how should I create the UI?
Additional question: will the new Authenticator appear in Authentication Flows:
https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/au...
Authentication Flows | Server Administration
Guide<https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/authentication/flows.html>
keycloak.gitbooks.io
An authentication flow is a container for all authentications, screens, and actions that
must happen during login, registration, and other Keycloak workflows.
Authentication Flows | Server Administration
Guide<https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/authentication/flows.html>
Authentication Flows | Server Administration
Guide<https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/authentication/flows.html>
keycloak.gitbooks.io
An authentication flow is a container for all authentications, screens, and actions that
must happen during login, registration, and other Keycloak workflows.
keycloak.gitbooks.io
An authentication flow is a container for all authentications, screens, and actions that
must happen during login, registration, and other Keycloak workflows.
Will I be able to configure Required / Optional / Disabled for the
new the new Authenticator?
Thank you in advance for your help.
Best regards,
Michael
________________________________
From: Stian Thorgersen
<sthorger@redhat.com<mailto:sthorger@redhat.com><mailto:sthorger@redhat.com<mailto:sthorger@redhat.com>>>
Sent: Thursday, October 27, 2016 9:57 AM
To: Michael Furman
Cc:
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org><mailto:keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>>
Subject: Re: [keycloak-user] Creation UI for new authentication schema configuration.
We don't support that directly so you would have to develop your own custom
authenticator for it. The doc you linked describes how to do that.
On 26 October 2016 at 17:08, Michael Furman
<michael_furman@hotmail.com<mailto:michael_furman@hotmail.com><mailto:michael_furman@hotmail.com<mailto:michael_furman@hotmail.com>>>
wrote:
Hi all,
I want to add support for the new authentication schema.
How can I add UI for new authentication schema configuration?
For example, I want to add the TACACS authentication schema.
Therefore I need to configure the TACACS server IP and the secret.
May be I have missed but I can not find it here:
https://keycloak.gitbooks.io/server-developer-guide/content/topics/auth-s...
Authentication SPI | Server Developer
Guide<https://keycloak.gitbooks.io/server-developer-guide/content/topics/auth-spi.html>
keycloak.gitbooks.io
Authentication Flow. A flow is a container for all authentications that must happen during
login or registration. If you go to the admin console authentication page ...
Authentication SPI | Server Developer
Guide<https://keycloak.gitbooks.io/server-developer-guide/content/topics/auth-spi.html>
Authentication SPI | Server Developer
Guide<https://keycloak.gitbooks.io/server-developer-guide/content/topics/auth-spi.html>
keycloak.gitbooks.io
Authentication Flow. A flow is a container for all authentications that must happen during
login or registration. If you go to the admin console authentication page ...
keycloak.gitbooks.io
Authentication Flow. A flow is a container for all authentications that must happen during
login or registration. If you go to the admin console authentication page ...
Thank you in advance for your help.
Best regards,
Michael
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org><mailto:keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>>
https://lists.jboss.org/mailman/listinfo/keycloak-user keycloak-user Info Page -
JBoss
Developer<https://lists.jboss.org/mailman/listinfo/keycloak-user>
lists.jboss.org
To see the collection of prior postings to the list, visit the keycloak-user Archives.
Using keycloak-user: To post a message to all the list members ...
keycloak-user Info Page - JBoss
Developer<https://lists.jboss.org/mailman/listinfo/keycloak-user>
keycloak-user Info Page - JBoss
Developer<https://lists.jboss.org/mailman/listinfo/keycloak-user>
lists.jboss.org
To see the collection of prior postings to the list, visit the keycloak-user Archives.
Using keycloak-user: To post a message to all the list members ...
lists.jboss.org
To see the collection of prior postings to the list, visit the keycloak-user Archives.
Using keycloak-user: To post a message to all the list members ...
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user keycloak-user Info Page -
JBoss
Developer<https://lists.jboss.org/mailman/listinfo/keycloak-user>
lists.jboss.org
To see the collection of prior postings to the list, visit the keycloak-user Archives.
Using keycloak-user: To post a message to all the list members ...
keycloak-user Info Page - JBoss
Developer<https://lists.jboss.org/mailman/listinfo/keycloak-user>
keycloak-user Info Page - JBoss
Developer<https://lists.jboss.org/mailman/listinfo/keycloak-user>
lists.jboss.org
To see the collection of prior postings to the list, visit the keycloak-user Archives.
Using keycloak-user: To post a message to all the list members ...
lists.jboss.org
To see the collection of prior postings to the list, visit the keycloak-user Archives.
Using keycloak-user: To post a message to all the list members ...
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user keycloak-user Info Page -
JBoss
Developer<https://lists.jboss.org/mailman/listinfo/keycloak-user>
lists.jboss.org
To see the collection of prior postings to the list, visit the keycloak-user Archives.
Using keycloak-user: To post a message to all the list members ...
keycloak-user Info Page - JBoss
Developer<https://lists.jboss.org/mailman/listinfo/keycloak-user>
lists.jboss.org
To see the collection of prior postings to the list, visit the keycloak-user Archives.
Using keycloak-user: To post a message to all the list members ...
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
keycloak-user Info Page - JBoss
Developer<https://lists.jboss.org/mailman/listinfo/keycloak-user>
lists.jboss.org
To see the collection of prior postings to the list, visit the keycloak-user Archives.
Using keycloak-user: To post a message to all the list members ...
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user