3:31 p.m.
Yes, generally there are three ways to do things in Keycloak, namely admin console, REST
API and kcadm.sh tool (that uses REST API under the hood). The latter may be preferable
from the automation PoV since it hides the complexity of the API behind a (relatively)
simple CLI wrapper.
I remember Craig Setera (in CC) was trying to create custom JS authenticator via kcadm.sh,
so I hope he can tell you more.
Cheers,
Dmitry
On Fri, 2019-01-18 at 14:05 -0500, Scott Thibault wrote:
Oh, I did not realize you create these from the admin console. That
should work. I see there is a REST API as well, so I could automate the setup which is
really nice.
Thanks!
--Scott
> On Fri, Jan 18, 2019 at 1:54 PM Dmitry Telegin <dt(a)acutus.pro> wrote:
> Hi Scott,
>
> On Fri, 2019-01-18 at 13:03 -0500, Scott Thibault wrote:
> > That does look like it does what we would want. However, I don't think I
can add custom authenticators. I'm administering an Eclipse Che instance which embeds
Keycloak for it's authentication. Is there any other approach?
>
> Just FYI, Che's embedded Keycloak is fully accessible [1], so it shouldn't
be problematic install a single JS authenticator.
>
> [1] https://www.eclipse.org/che/docs/che-6/user-management.html
>
> Good luck,
> Dmitry
>
> >
> > --Scott
> >
> >
> > > > > On Wed, Jan 16, 2019 at 5:52 PM Dmitry Telegin
<dt(a)acutus.pro> wrote:
> > > Hi Scott,
> > >
> > > I think Geoffrey Cleaves has done this with the help of custom
authenticator, please check out this thread:
http://lists.jboss.org/pipermail/keycloak-user/2018-December/016703.html
> > >
> > > Cheers,
> > > Dmitry Telegin
> > > CTO, Acutus s.r.o.
> > > Keycloak Consulting and Training
> > >
> > > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> > > +42 (022) 888-30-71
> > > E-mail: info(a)acutus.pro
> > >
> > > On Wed, 2019-01-16 at 14:12 -0500, Scott Thibault wrote:
> > > > Out-of-the-box, the First Broker Login flow automatically registers
> > > > non-existing users authenticated by an identity provider. I would
not like
> > > > anyone with a valid Google account to be able to login, but only
those with
> > > > existing accounts. However, any attempt to create a custom flow
without
> > > > the "Create User If Unique" item leads to an
error=invalid_user_credentials.
> > > >
> > > > Is there some solution that would allow me to prevent users without
an
> > > > existing account to login via the Google identity provider?
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user(a)lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
>