Re: [keycloak-user] Customization of authentication mechanism and +

From: "Kalinga Dissanayake" <kalinga(a)leapset.com&gt; To: "Bill Burke" <bburke(a)redhat.com&gt; Cc: keycloak-user(a)lists.jboss.org Sent: Tuesday, March 17, 2015 8:52:12 AM Subject: Re: [keycloak-user] Customization of authentication mechanism and + Thanks again for your quick feedbacks. Sorry I have a number of questions so I will be buzzing u guys regularly. I went through the document for the adapters; http://docs.jboss.org/keycloak/docs/1.1.0.Final/userguide/html/ch08.html So lets say I need a php application to be deployed using keycloak as my SSO manager application. So my basic requirement is that user should have the ability to signin via keycloak. I see that there are no dedicated adapters for php (I guess it must be in the works)

Is there a guideline that I should follow if I am to do it manually? Basically what I should to do replicate what an adapter does (if I dont want to use any adapters or my apps are mobile based or deployed on containers hat keycloak does not have adapters for). Hope my question is clear. Kalinga -----Original Message----- From: "Bill Burke" <bburke(a)redhat.com&gt; Sent: Monday, March 16, 2015 7:46pm To: keycloak-user(a)lists.jboss.org Subject: Re: [keycloak-user] Customization of authentication mechanism and + Minimally you need to import username. Probably email too if you want to use any of our email-based features. With UserFederationProvider you can delegate to the third-party storage for other user attributes/metadata. On 3/16/2015 6:01 AM, Stian Thorgersen wrote: > We don't currently have a way to plugin your own authentication mechanism, > but this is something we'll be adding. > > You have two choices when it comes to users, you can either use our user > federation provider mechanism to sync between Keycloak and your current > db. Or you can migrate the users fully to the Keycloak db. In either case > you have an option on overriding how passwords are verified (either > UserFederationProvider or by extending an existing UserProvider). With the > above authentication mechanism we'll most likely also make the > verification of passwords pluggable which would support different hash > algorithms. > > ----- Original Message ----- >> From: "Kalinga Dissanayake" <kalinga(a)leapset.com&gt; >> To: keycloak-user(a)lists.jboss.org >> Sent: Monday, March 16, 2015 10:48:55 AM >> Subject: [keycloak-user] Customization of authentication mechanism and + >> >> >> >> Guys, >> >> I need to understand the capability of keycloak with my requirement and to >> ensure that keycloak is scalable to meet my needs. My main requirement is >> to >> integrate keycloak to our system to support SSO hence I need to migrate my >> existing users. My main concerns; >> >> >> >> 1/ Customize authentication method. >> >> I need to authenticate users similar to what we currently use in our >> production system. In our system, users are identified by username, >> password >> and the pin. >> >> For instance; >> >> User -> jack, password -> pwd, pin -> 50000 >> >> User should enter all three to login to the system. >> >> I went through the codebase and I saw that the Authentication Manager >> (which >> is a concrete class) does all the work inside keycloak. I managed to >> customize the frontend with ease, however, in order to support the pin in >> the backend seems like I have to customize the AuthenticationManager class >> (no direct SPIs). >> >> Although there is a link here; >> >> http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/authenticat... >> >> I cant seem to find anything here which matches the current code base (to >> via >> a new authentication method via spis) and the example has been removed. >> >> >> >> 2/ Customize password hashes. >> >> We have our own algorithm used to store password hashes. What should I do >> to >> add this to keycloak? >> >> I do not know the current passwords of the users already in our system, so >> when doing the migration i need keyclock to support the current algorithm >> we >> use. Can we plugin new hashing algorithms to meet my needs? >> >> >> >> Any other issues I might face? >> >> I feel key cloak is the right choice if the above two questions are >> answered. >> Please let me know. >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user