FYI, back to the original question of allowing edit of client attributes
from admin console...
Some use cases where client attributes would be very handy:
* additional metadata for applications
* display-order for application listing
* icon name in application listing (more flexible than deriving from client
id)
* tagging of clients as internal, public etc.
* application version
* url for checking application status (health check endpoint) - ok,
maintenance, offline
Would be happy to send a PR for editing of client attributes in the admin
console.
Cheers,
Thomas
2016-02-22 13:58 GMT+01:00 Bystrik Horvath <bystrik.horvath(a)gmail.com>:
Thank you guys for the answers, I think you & Stian directed me
to the
right way, so it should solve my requirements.
Best regards,
Bystrik
On Mon, Feb 22, 2016 at 1:48 PM, Thomas Darimont <
thomas.darimont(a)googlemail.com> wrote:
> You could define the set of secret questions on the authenticator - you
> could either hardcode them or make them configurable by implementing
> ConfiguredProvider see [0].
> Then you could store a reference to the selected secret question and the
> answer as a custom user-attribute.
>
> Cheers,
>
> Thomas
>
> [0] -
>
https://github.com/keycloak/keycloak/blob/60f9f73c4ca2ddf4ad49ff53a03a63d...
>
> Stian Thorgersen <sthorger(a)redhat.com> schrieb am Mo., 22. Feb. 2016,
> 13:40:
>
>> I thought the example did allow configuring the security question on the
>> authenticator, but you can create your own that does it. Then the security
>> questions are configured on the authenticator itself.
>>
>> On 22 February 2016 at 13:24, Bystrik Horvath <bystrik.horvath(a)gmail.com
>> > wrote:
>>
>>> Hi,
>>>
>>> I went through the example (
>>>
https://github.com/keycloak/keycloak/tree/master/examples/providers/authe...).
>>> The security questions are written in secret-question.ftl
>>> and secret-question-config.ftl files. From my point of view, the security
>>> questions are know in advance and they can be "hardcoded" in ftl
files. My
>>> case is that security questions are defined during the runtime (preferably
>>> via admin REST API). The admin REST API does not provide the functionality
>>> to store attributes on realm level. I agree that security questions belongs
>>> to realm, but how to provision them - *.ftl files are not an option for me.
>>>
>>> Best regards,
>>> Bystrik
>>>
>>> On Mon, Feb 22, 2016 at 12:55 PM, Stian Thorgersen <sthorger(a)redhat.com
>>> > wrote:
>>>
>>>> If you look at our security questions example it stores the
>>>> configuration on the authenticator itself.
>>>>
>>>> On 22 February 2016 at 12:46, Bystrik Horvath <
>>>> bystrik.horvath(a)gmail.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> what would be a recommended way to provision a security question on
>>>>> realm base if the question is not known in advance? May be it is an
misuse
>>>>> of client representation for provisioning that.
>>>>>
>>>>> Best regards,
>>>>> Bystrik
>>>>>
>>>>> On Mon, Feb 22, 2016 at 12:28 PM, Stian Thorgersen <
>>>>> sthorger(a)redhat.com> wrote:
>>>>>
>>>>>> I don't understand how you can have security questions that
are
>>>>>> particular to a client. A user logs-in to a realm, not a client.
>>>>>>
>>>>>> On 22 February 2016 at 10:20, Juraj Janosik <
>>>>>> juraj.janosik77(a)gmail.com> wrote:
>>>>>>
>>>>>>> @ Stian:
>>>>>>> generally said, I did not find any description, that the
client
>>>>>>> attributes are for internal use only.
>>>>>>> Parameter "attributes" is propagated in
ClientRepresentation in the
>>>>>>> REST Admin API,
>>>>>>> therefore should be used for CRUD admin operations.
>>>>>>> We plan to attach Security Answers to the user (Security
questions
>>>>>>> are common for particular client).
>>>>>>>
>>>>>>> Best Regards,
>>>>>>> Juraj
>>>>>>>
>>>>>>> 2016-02-22 10:18 GMT+01:00 Bystrik Horvath <
>>>>>>> bystrik.horvath(a)gmail.com>:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I think the case here is to provision the text of
security
>>>>>>>> question to the client attributes when it is not known in
advance.
>>>>>>>>
>>>>>>>> Best regards,
>>>>>>>> Bystrik
>>>>>>>>
>>>>>>>> On Mon, Feb 22, 2016 at 10:06 AM, Thomas Darimont <
>>>>>>>> thomas.darimont(a)googlemail.com> wrote:
>>>>>>>>
>>>>>>>>> Interesting - do you need client specific security
questions?
>>>>>>>>>
>>>>>>>>> The keycloak examples contain a custom provider for
user specific
>>>>>>>>> security questions - perhaps this would suit your
needs better.
>>>>>>>>>
>>>>>>>>>
https://github.com/keycloak/keycloak/tree/master/examples/providers/authe...
>>>>>>>>>
>>>>>>>>> Cheers,
>>>>>>>>> Thomas
>>>>>>>>>
>>>>>>>>> 2016-02-22 10:02 GMT+01:00 Juraj Janosik <
>>>>>>>>> juraj.janosik77(a)gmail.com>:
>>>>>>>>>
>>>>>>>>>> Hi Thomas,
>>>>>>>>>>
>>>>>>>>>> for example security questions.... :-)
>>>>>>>>>>
>>>>>>>>>> Best Regards,
>>>>>>>>>> Juraj
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2016-02-22 9:12 GMT+01:00 Thomas Darimont <
>>>>>>>>>> thomas.darimont(a)googlemail.com>:
>>>>>>>>>>
>>>>>>>>>>> Hello Juraj,
>>>>>>>>>>>
>>>>>>>>>>> I wondered about that too a while ago - may I
ask what client
>>>>>>>>>>> attributes you are planning to store?
>>>>>>>>>>>
>>>>>>>>>>> Cheers,
>>>>>>>>>>> Thomas
>>>>>>>>>>>
>>>>>>>>>>> 2016-02-22 8:17 GMT+01:00 Juraj Janosik <
>>>>>>>>>>> juraj.janosik77(a)gmail.com>:
>>>>>>>>>>>
>>>>>>>>>>>> The user configuration has the
possibility to
>>>>>>>>>>>> Create/Read/Update/Delete of
"custom" attributes in the Admin Console.
>>>>>>>>>>>>
>>>>>>>>>>>>
(/auth/admin/master/console/#/realms/demo/users/{uid}/user-attributes)
>>>>>>>>>>>> The client does not. I think, the logic
and the focus is the
>>>>>>>>>>>> same for both.
>>>>>>>>>>>>
>>>>>>>>>>>> Best regards,
>>>>>>>>>>>> Juraj
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> 2016-02-19 15:40 GMT+01:00 Stian
Thorgersen <
>>>>>>>>>>>> sthorger(a)redhat.com>:
>>>>>>>>>>>>
>>>>>>>>>>>>> We don't. Why would we add it
though?
>>>>>>>>>>>>> On 18 Feb 2016 12:43, "Juraj
Janosik" <
>>>>>>>>>>>>> juraj.janosik77(a)gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> is there any plan to support for
displaying of "attributes"
>>>>>>>>>>>>>> from Client Representation
>>>>>>>>>>>>>> (like users configuration) in
Admin Console?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>>> Juraj
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> keycloak-user mailing list
>>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>