The endpoint that is used by the federation provider is only called from Keycloak, so you
can run it on localhost on the keycloak machine if that is going to work for you.
OTOH, if you need to run it on a different machine, you can lock down the endpoint to only
be accessible from the Keycloak server.
End users never call the endpoint I documented.
Reed
From: <darkness.renann@gmail.com<mailto:darkness.renann@gmail.com>> on behalf
of Renann Prado <prado.renann@gmail.com<mailto:prado.renann@gmail.com>>
Date: Thursday, February 11, 2016 at 8:17 AM
To: Reed Lewis <RLewis@carbonite.com<mailto:RLewis@carbonite.com>>
Cc: "keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>"
<keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>>, Stuart
Jacobs
<stuart.jacobs@symbiotics.co.za<mailto:stuart.jacobs@symbiotics.co.za>>
Subject: Re: [keycloak-user] User-Federation
Everyone*
On Feb 11, 2016 11:16, "Renann Prado"
<prado.renann@gmail.com<mailto:prado.renann@gmail.com>> wrote:
Is there any recommended way to make sure these endpoints won't be spammed by an
attacker? Looks like these endpoints need to be open to anyone.
Thanks
On Feb 3, 2016 11:18, "Reed Lewis"
<RLewis@carbonite.com<mailto:RLewis@carbonite.com>> wrote:
If you use the federation provider listed here:
[0]:
http://tech.smartling.com/migrate-to-keycloak-with-zero-downtime/
[1]:
https://github.com/Smartling/keycloak-user-migration-provider
You can specify a URL that will be called when a user needs to be validated.
There are three requests that need to be implemented in your sever.
GET <baseURL>/api/users/<username>/
If the user exists, it should return a 200 with a json object with the return type
“application/json” with the following fields:
username
email
emailVerified
firstName
lastName
roles [“user”]
If the user does not exist, return a 404
HEAD <baseURL>/api/users/<username>/
Always return 200
POST <baseURL>/api/users/<username>/
The password is posted to you in a json object.
Return 200 if the password is OK, 401 if not. In both cases return no data.
I wrote a small python module which implements these methods which works quite well.
Reed
From:
<keycloak-user-bounces@lists.jboss.org<mailto:keycloak-user-bounces@lists.jboss.org>>
on behalf of Stuart Jacobs
<stuart.jacobs@symbiotics.co.za<mailto:stuart.jacobs@symbiotics.co.za>>
Date: Wednesday, February 3, 2016 at 2:40 AM
To: "keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>"
<keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>>
Subject: [keycloak-user] User-Federation
Hi Everyone,
I have an application that runs on a postgresql database, keycloak has been configured and
has created all the required tables/columns in my schema using liquibase on start up of
the keycloak server.
I need to authenticate users using the projects existing user table obtaining the username
and password from this table.
I have had a look at the federation provider project under the example projects but this
still eludes me as to how I change the keycloak mapping to use my own tables in
postgress?
Can someone please point me in the right direction or if someone has implemented such a
solution please share how you have done it?
Thanks everyone.
Regards,
Stuart Jacobs
[
http://symbiotics.co.za/website/image/ir.attachment/1578_e14aa73/datas]
www.symbiotics.co.za<http://www.symbiotics.co.za>
********************************************************************************
This email and any accompanying attachments may contain confidential and proprietary
information. This information is private and protected by law and, accordingly, if you are
not the intended recipient, you are requested to delete this entire communication
immediately and are notified that any disclosure, copying or distribution of or taking any
action based on this information is prohibited.
Emails cannot be guaranteed to be secure or free of errors or viruses. The sender does not
accept any liability or responsibility for any interception, corruption, destruction,
loss, late arrival or incompleteness of or tampering or interference with any of the
information contained in this email or for its incorrect delivery or non-delivery for
whatsoever reason or for its effect on any electronic device of the recipient.
********************************************************************************
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user