Thank you guys for the answers, I think you & Stian directed me to the
right way, so it should solve my requirements.
Best regards,
Bystrik
On Mon, Feb 22, 2016 at 1:48 PM, Thomas Darimont <
thomas.darimont(a)googlemail.com> wrote:
You could define the set of secret questions on the authenticator -
you
could either hardcode them or make them configurable by implementing
ConfiguredProvider see [0].
Then you could store a reference to the selected secret question and the
answer as a custom user-attribute.
Cheers,
Thomas
[0] -
https://github.com/keycloak/keycloak/blob/60f9f73c4ca2ddf4ad49ff53a03a63d...
Stian Thorgersen <sthorger(a)redhat.com> schrieb am Mo., 22. Feb. 2016,
13:40:
> I thought the example did allow configuring the security question on the
> authenticator, but you can create your own that does it. Then the security
> questions are configured on the authenticator itself.
>
> On 22 February 2016 at 13:24, Bystrik Horvath <bystrik.horvath(a)gmail.com>
> wrote:
>
>> Hi,
>>
>> I went through the example (
>>
https://github.com/keycloak/keycloak/tree/master/examples/providers/authe...).
>> The security questions are written in secret-question.ftl
>> and secret-question-config.ftl files. From my point of view, the security
>> questions are know in advance and they can be "hardcoded" in ftl files.
My
>> case is that security questions are defined during the runtime (preferably
>> via admin REST API). The admin REST API does not provide the functionality
>> to store attributes on realm level. I agree that security questions belongs
>> to realm, but how to provision them - *.ftl files are not an option for me.
>>
>> Best regards,
>> Bystrik
>>
>> On Mon, Feb 22, 2016 at 12:55 PM, Stian Thorgersen <sthorger(a)redhat.com>
>> wrote:
>>
>>> If you look at our security questions example it stores the
>>> configuration on the authenticator itself.
>>>
>>> On 22 February 2016 at 12:46, Bystrik Horvath <
>>> bystrik.horvath(a)gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> what would be a recommended way to provision a security question on
>>>> realm base if the question is not known in advance? May be it is an
misuse
>>>> of client representation for provisioning that.
>>>>
>>>> Best regards,
>>>> Bystrik
>>>>
>>>> On Mon, Feb 22, 2016 at 12:28 PM, Stian Thorgersen <
>>>> sthorger(a)redhat.com> wrote:
>>>>
>>>>> I don't understand how you can have security questions that are
>>>>> particular to a client. A user logs-in to a realm, not a client.
>>>>>
>>>>> On 22 February 2016 at 10:20, Juraj Janosik <
>>>>> juraj.janosik77(a)gmail.com> wrote:
>>>>>
>>>>>> @ Stian:
>>>>>> generally said, I did not find any description, that the client
>>>>>> attributes are for internal use only.
>>>>>> Parameter "attributes" is propagated in
ClientRepresentation in the
>>>>>> REST Admin API,
>>>>>> therefore should be used for CRUD admin operations.
>>>>>> We plan to attach Security Answers to the user (Security
questions
>>>>>> are common for particular client).
>>>>>>
>>>>>> Best Regards,
>>>>>> Juraj
>>>>>>
>>>>>> 2016-02-22 10:18 GMT+01:00 Bystrik Horvath <
>>>>>> bystrik.horvath(a)gmail.com>:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I think the case here is to provision the text of security
question
>>>>>>> to the client attributes when it is not known in advance.
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Bystrik
>>>>>>>
>>>>>>> On Mon, Feb 22, 2016 at 10:06 AM, Thomas Darimont <
>>>>>>> thomas.darimont(a)googlemail.com> wrote:
>>>>>>>
>>>>>>>> Interesting - do you need client specific security
questions?
>>>>>>>>
>>>>>>>> The keycloak examples contain a custom provider for user
specific
>>>>>>>> security questions - perhaps this would suit your needs
better.
>>>>>>>>
>>>>>>>>
https://github.com/keycloak/keycloak/tree/master/examples/providers/authe...
>>>>>>>>
>>>>>>>> Cheers,
>>>>>>>> Thomas
>>>>>>>>
>>>>>>>> 2016-02-22 10:02 GMT+01:00 Juraj Janosik <
>>>>>>>> juraj.janosik77(a)gmail.com>:
>>>>>>>>
>>>>>>>>> Hi Thomas,
>>>>>>>>>
>>>>>>>>> for example security questions.... :-)
>>>>>>>>>
>>>>>>>>> Best Regards,
>>>>>>>>> Juraj
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 2016-02-22 9:12 GMT+01:00 Thomas Darimont <
>>>>>>>>> thomas.darimont(a)googlemail.com>:
>>>>>>>>>
>>>>>>>>>> Hello Juraj,
>>>>>>>>>>
>>>>>>>>>> I wondered about that too a while ago - may I ask
what client
>>>>>>>>>> attributes you are planning to store?
>>>>>>>>>>
>>>>>>>>>> Cheers,
>>>>>>>>>> Thomas
>>>>>>>>>>
>>>>>>>>>> 2016-02-22 8:17 GMT+01:00 Juraj Janosik <
>>>>>>>>>> juraj.janosik77(a)gmail.com>:
>>>>>>>>>>
>>>>>>>>>>> The user configuration has the possibility
to
>>>>>>>>>>> Create/Read/Update/Delete of
"custom" attributes in the Admin Console.
>>>>>>>>>>>
>>>>>>>>>>>
(/auth/admin/master/console/#/realms/demo/users/{uid}/user-attributes)
>>>>>>>>>>> The client does not. I think, the logic and
the focus is the
>>>>>>>>>>> same for both.
>>>>>>>>>>>
>>>>>>>>>>> Best regards,
>>>>>>>>>>> Juraj
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> 2016-02-19 15:40 GMT+01:00 Stian Thorgersen
<
>>>>>>>>>>> sthorger(a)redhat.com>:
>>>>>>>>>>>
>>>>>>>>>>>> We don't. Why would we add it
though?
>>>>>>>>>>>> On 18 Feb 2016 12:43, "Juraj
Janosik" <
>>>>>>>>>>>> juraj.janosik77(a)gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>
>>>>>>>>>>>>> is there any plan to support for
displaying of "attributes"
>>>>>>>>>>>>> from Client Representation
>>>>>>>>>>>>> (like users configuration) in Admin
Console?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>> Juraj
>>>>>>>>>>>>>
>>>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-user mailing list
>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user