From: "Kalinga Dissanayake" <kalinga(a)leapset.com>
To: "Bill Burke" <bburke(a)redhat.com>
Cc: keycloak-user(a)lists.jboss.org
Sent: Tuesday, March 17, 2015 8:52:12 AM
Subject: Re: [keycloak-user] Customization of authentication mechanism and +
Thanks again for your quick feedbacks.
Sorry I have a number of questions so I will be buzzing u guys regularly.
I went through the document for the adapters;
http://docs.jboss.org/keycloak/docs/1.1.0.Final/userguide/html/ch08.html
So lets say I need a php application to be deployed using keycloak as my SSO
manager application.
So my basic requirement is that user should have the ability to signin via
keycloak. I see that there are no dedicated adapters for php (I guess it
must be in the works)
We don't have a PHP adapter, and there's no immediate plans to create one. You
could use:
* JavaScript adapter
(
)
Alternatively have a look on Google for instructions on using OAuth2 and/or OpenID Connect
with PHP. Once 1.2.0.Beta1 is released we'll also have a OpenID Connect Discovery
endpoint, which should make it easier to use other OpenID Connect client libraries with
Keycloak.
If you're willing to contribute a PHP adapter then let me know and I can give you more
details on what would be required and some hints to get you started.
Is there a guideline that I should follow if I am to do it manually?
Basically what I should to do replicate what an adapter does (if I dont want
to use any adapters or my apps are mobile based or deployed on containers
hat keycloak does not have adapters for). Hope my question is clear.
Kalinga
-----Original Message-----
From: "Bill Burke" <bburke(a)redhat.com>
Sent: Monday, March 16, 2015 7:46pm
To: keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Customization of authentication mechanism and +
Minimally you need to import username. Probably email too if you want
to use any of our email-based features. With UserFederationProvider you
can delegate to the third-party storage for other user attributes/metadata.
On 3/16/2015 6:01 AM, Stian Thorgersen wrote:
> We don't currently have a way to plugin your own authentication mechanism,
> but this is something we'll be adding.
>
> You have two choices when it comes to users, you can either use our user
> federation provider mechanism to sync between Keycloak and your current
> db. Or you can migrate the users fully to the Keycloak db. In either case
> you have an option on overriding how passwords are verified (either
> UserFederationProvider or by extending an existing UserProvider). With the
> above authentication mechanism we'll most likely also make the
> verification of passwords pluggable which would support different hash
> algorithms.
>
> ----- Original Message -----
>> From: "Kalinga Dissanayake" <kalinga(a)leapset.com>
>> To: keycloak-user(a)lists.jboss.org
>> Sent: Monday, March 16, 2015 10:48:55 AM
>> Subject: [keycloak-user] Customization of authentication mechanism and +
>>
>>
>>
>> Guys,
>>
>> I need to understand the capability of keycloak with my requirement and to
>> ensure that keycloak is scalable to meet my needs. My main requirement is
>> to
>> integrate keycloak to our system to support SSO hence I need to migrate my
>> existing users. My main concerns;
>>
>>
>>
>> 1/ Customize authentication method.
>>
>> I need to authenticate users similar to what we currently use in our
>> production system. In our system, users are identified by username,
>> password
>> and the pin.
>>
>> For instance;
>>
>> User -> jack, password -> pwd, pin -> 50000
>>
>> User should enter all three to login to the system.
>>
>> I went through the codebase and I saw that the Authentication Manager
>> (which
>> is a concrete class) does all the work inside keycloak. I managed to
>> customize the frontend with ease, however, in order to support the pin in
>> the backend seems like I have to customize the AuthenticationManager class
>> (no direct SPIs).
>>
>> Although there is a link here;
>>
>>
http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/authenticat...
>>
>> I cant seem to find anything here which matches the current code base (to
>> via
>> a new authentication method via spis) and the example has been removed.
>>
>>
>>
>> 2/ Customize password hashes.
>>
>> We have our own algorithm used to store password hashes. What should I do
>> to
>> add this to keycloak?
>>
>> I do not know the current passwords of the users already in our system, so
>> when doing the migration i need keyclock to support the current algorithm
>> we
>> use. Can we plugin new hashing algorithms to meet my needs?
>>
>>
>>
>> Any other issues I might face?
>>
>> I feel key cloak is the right choice if the above two questions are
>> answered.
>> Please let me know.
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user