Not really I think, the thing is I wanted to use the *login_hint* feature,
but I don't think it will be possible based on what you said now, is that
correct?
PS: added back the mailing list because I excluded it from the previous
e-mail by mistake
On Fri, Aug 29, 2014 at 9:12 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
You can't create the login url yourself at the moment, this is
because the
adapter sets a cookie to store the state variable so it can check it in the
callback.
You can call HttpServletRequest.authenticate, which will redirect to the
login after setting the state cookie. Does that work for you?
----- Original Message -----
> From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com>
> To: "Stian Thorgersen" <stian(a)redhat.com>
> Sent: Friday, 29 August, 2014 1:07:22 PM
> Subject: Re: [keycloak-user] Authenticate user without using login page
>
> I'm using the JBoss AS7 adapter
> On Aug 29, 2014 3:46 AM, "Stian Thorgersen" <stian(a)redhat.com>
wrote:
>
> > Which adapter are you using?
> >
> > ----- Original Message -----
> > > From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com>
> > > To: "Stian Thorgersen" <stian(a)redhat.com>
> > > Cc: "Bill Burke" <bburke(a)redhat.com>,
keycloak-user(a)lists.jboss.org
> > > Sent: Thursday, 28 August, 2014 3:51:17 PM
> > > Subject: Re: [keycloak-user] Authenticate user without using login
page
> > >
> > > Coming back to this, I have a quick question. What would be the best
way
> > > for me to create a valid login URL dynamically?
> > >
> > > when we try to access a protected resource, the login page comes up,
> > > authenticates the user and it all works fine, but when I try to
> > fabricate a
> > > loginUrl to the redirect_uri that I need it to go after we encounter
some
> > > problems that I think may be related to the state variable, although
I'm
> > > not sure. I get Error 400 sometimes, which isn't very clear.
> > >
> > > Is there a guideline for this?
> > >
> > >
> > > On Wed, Jul 30, 2014 at 10:48 AM, Stian Thorgersen <stian(a)redhat.com
>
> > wrote:
> > >
> > > > Yes, login_hint is one of the optional request parameters
supported by
> > > > OpenID Connect
> > > >
> > > > ----- Original Message -----
> > > > > From: "Bill Burke" <bburke(a)redhat.com>
> > > > > To: "Stian Thorgersen" <stian(a)redhat.com>,
"Rodrigo Sasaki" <
> > > > rodrigopsasaki(a)gmail.com>
> > > > > Cc: keycloak-user(a)lists.jboss.org
> > > > > Sent: Wednesday, 30 July, 2014 2:38:32 PM
> > > > > Subject: Re: [keycloak-user] Authenticate user without using
login
> > page
> > > > >
> > > > > OpenID Connect protocol is used to implement this?
> > > > >
> > > > > On 7/30/2014 9:29 AM, Stian Thorgersen wrote:
> > > > > > Added login_hint query param. It can be used with
keycloak.js
with
> > > > either:
> > > > > >
> > > > > > keycloak.login({ loginHint: 'username' })
> > > > > >
> > > > > > or
> > > > > >
> > > > > > keycloak.createLoginUrl({ loginHint: 'username'
})
> > > > > >
> > > > > > ----- Original Message -----
> > > > > >> From: "Rodrigo Sasaki"
<rodrigopsasaki(a)gmail.com>
> > > > > >> To: "Stian Thorgersen"
<stian(a)redhat.com>
> > > > > >> Cc: "Bill Burke" <bburke(a)redhat.com>,
> > keycloak-user(a)lists.jboss.org
> > > > > >> Sent: Friday, 25 July, 2014 6:11:47 PM
> > > > > >> Subject: Re: [keycloak-user] Authenticate user without
using
login
> > > > page
> > > > > >>
> > > > > >> It all worked great with the iframe, if I style it
properly
and
> > use
> > > > that
> > > > > >> login_hint it should be perfect.
> > > > > >>
> > > > > >> Now how should I go about developing/using this
login_hint?
Are
> > there
> > > > any
> > > > > >> tips on this, or is it something that you plan on
including
> > > > yourselves?
> > > > > >>
> > > > > >>
> > > > > >> On Fri, Jul 25, 2014 at 1:21 PM, Rodrigo Sasaki <
> > > > rodrigopsasaki(a)gmail.com>
> > > > > >> wrote:
> > > > > >>
> > > > > >>> Just one more thing that wasn't completely
clear to me.
> > > > > >>>
> > > > > >>> if I add a login page on an iframe, the user will
be logged
> > > > normally? Or
> > > > > >>> would I have to get a token and keep managing it?
> > > > > >>>
> > > > > >>>
> > > > > >>> On Fri, Jul 25, 2014 at 10:42 AM, Rodrigo Sasaki
> > > > > >>> <rodrigopsasaki(a)gmail.com
> > > > > >>>> wrote:
> > > > > >>>
> > > > > >>>> That idea actually sounds amazing, I didn't
look into
> > keycloak.js
> > > > yet,
> > > > > >>>> but I'll see if I can get it working before
I think about
> > styling.
> > > > > >>>>
> > > > > >>>> Thank you very much!
> > > > > >>>>
> > > > > >>>>
> > > > > >>>> On Fri, Jul 25, 2014 at 10:38 AM, Stian
Thorgersen <
> > > > stian(a)redhat.com>
> > > > > >>>> wrote:
> > > > > >>>>
> > > > > >>>>> I think we could quite easily add support
for embedding the
> > login
> > > > page
> > > > > >>>>> to keycloak.js. Rough idea:
> > > > > >>>>>
> > > > > >>>>> 1. Set an option on keycloak.js to use
embedded login form.
> > Would
> > > > also
> > > > > >>>>> require setting an id for a div where the
form should be
> > embedded.
> > > > > >>>>> 2. When clicking on login instead of
redirecting it would
> > render an
> > > > > >>>>> iframe element inside the configured div
with the src of
the
> > iframe
> > > > > >>>>> being
> > > > > >>>>> the login page on Keycloak
> > > > > >>>>> 3. The redirect-uri would be a special url
on Keycloak that
> > > > renders a
> > > > > >>>>> similar page to the iframe session page
that allows
posting a
> > > > message
> > > > > >>>>> back
> > > > > >>>>> to keycloak.js containing the code
> > > > > >>>>> 4. Now keycloak.js can swap the code as
usual
> > > > > >>>>>
> > > > > >>>>> One thing is that we'd probably need an
additional styling
of
> > the
> > > > login
> > > > > >>>>> form, as you would want the login page to
display
differently
> > when
> > > > > >>>>> embedded
> > > > > >>>>> compared to when you redirect to it.
> > > > > >>>>>
> > > > > >>>>> ----- Original Message -----
> > > > > >>>>>> From: "Stian Thorgersen"
<stian(a)redhat.com>
> > > > > >>>>>> To: "Bill Burke"
<bburke(a)redhat.com>
> > > > > >>>>>> Cc: keycloak-user(a)lists.jboss.org
> > > > > >>>>>> Sent: Friday, 25 July, 2014 2:30:44 PM
> > > > > >>>>>> Subject: Re: [keycloak-user]
Authenticate user without
using
> > login
> > > > > >>>>>> page
> > > > > >>>>>>
> > > > > >>>>>> The cookies should be set fine, as the
iframe would
contain
> > the
> > > > login
> > > > > >>>>> page
> > > > > >>>>>> directly from Keycloak.
> > > > > >>>>>>
> > > > > >>>>>> It would redirect to a special page on
the app that after
> > > > extracting
> > > > > >>>>> the code
> > > > > >>>>>> would close the popup.
> > > > > >>>>>>
> > > > > >>>>>> ----- Original Message -----
> > > > > >>>>>>> From: "Bill Burke"
<bburke(a)redhat.com>
> > > > > >>>>>>> To: "Stian Thorgersen"
<stian(a)redhat.com>, "Rodrigo
Sasaki"
> > > > > >>>>>>> <rodrigopsasaki(a)gmail.com>
> > > > > >>>>>>> Cc: keycloak-user(a)lists.jboss.org
> > > > > >>>>>>> Sent: Friday, 25 July, 2014 2:23:14
PM
> > > > > >>>>>>> Subject: Re: [keycloak-user]
Authenticate user without
using
> > > > login
> > > > > >>>>> page
> > > > > >>>>>>>
> > > > > >>>>>>> not sure this will work with SSO.
I'm not sure CORS
> > requests can
> > > > > >>>>> deal
> > > > > >>>>>>> with cookies.
> > > > > >>>>>>>
> > > > > >>>>>>> On 7/25/2014 9:21 AM, Stian
Thorgersen wrote:
> > > > > >>>>>>>> What about using an iframe in
the popup to include the
login
> > > > form
> > > > > >>>>> from
> > > > > >>>>>>>> Keycloak?
> > > > > >>>>>>>>
> > > > > >>>>>>>> You can send a HTTP POST to
> > > > > >>>>>
/auth-server/<realm>/tokens/grants/access
> > > > > >>>>>>>> with
> > > > > >>>>>>>> client id/secret and
username/password and get a token
back.
> > > > With
> > > > > >>>>>>>> keycloak.js you can give it
this token, not sure how/if
this
> > > > flow
> > > > > >>>>> works
> > > > > >>>>>>>> with the server-side (Undertow)
adapter.
> > > > > >>>>>>>>
> > > > > >>>>>>>> ----- Original Message -----
> > > > > >>>>>>>>> From: "Rodrigo
Sasaki" <rodrigopsasaki(a)gmail.com>
> > > > > >>>>>>>>> To: "Stian
Thorgersen" <stian(a)redhat.com>
> > > > > >>>>>>>>> Cc: "Bill Burke"
<bburke(a)redhat.com>,
> > > > > >>>>> keycloak-user(a)lists.jboss.org
> > > > > >>>>>>>>> Sent: Friday, 25 July, 2014
2:08:43 PM
> > > > > >>>>>>>>> Subject: Re:
[keycloak-user] Authenticate user without
> > using
> > > > > >>>>> login page
> > > > > >>>>>>>>>
> > > > > >>>>>>>>> Actually, the main problem
is one of the flows where
the
> > > > password
> > > > > >>>>>>>>> request
> > > > > >>>>>>>>> appears in a popup,
there's no redirect at all, and
one of
> > the
> > > > > >>>>> things
> > > > > >>>>>>>>> that
> > > > > >>>>>>>>> were agreed upon when
decided to change the
authentication
> > > > > >>>>> provider, was
> > > > > >>>>>>>>> that nothing would be
altered in the user experience.
> > > > > >>>>>>>>>
> > > > > >>>>>>>>> So I really have to try and
make keycloak "fit in" in
these
> > > > > >>>>> particular
> > > > > >>>>>>>>> scenarios, they are not
used as much as the ones where
> > we'll
> > > > use
> > > > > >>>>> the
> > > > > >>>>>>>>> keycloak login page with
our own style, but I do have
to
> > make
> > > > > >>>>> them work.
> > > > > >>>>>>>>>
> > > > > >>>>>>>>> When you say I could use
direct grant to get a token,
would
> > > > that
> > > > > >>>>> count
> > > > > >>>>>>>>> as
> > > > > >>>>>>>>> the same as an user logging
in? It's not really clear
to me
> > > > right
> > > > > >>>>> now
> > > > > >>>>>>>>>
> > > > > >>>>>>>>>
> > > > > >>>>>>>>> On Fri, Jul 25, 2014 at
9:56 AM, Stian Thorgersen <
> > > > > >>>>> stian(a)redhat.com>
> > > > > >>>>>>>>> wrote:
> > > > > >>>>>>>>>
> > > > > >>>>>>>>>> Yes, but I'm
wondering why the following won't work:
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>> 1. Ask for users email
(in your app, not KC)
> > > > > >>>>>>>>>> 2. Once you get to the
flow where a user has to login:
> > > > > >>>>>>>>>> a) If user
doesn't exist in KC (you can use admin
> > > > endpoints
> > > > > >>>>> to
> > > > > >>>>>>>>>> check
> > > > > >>>>>>>>>> this) redirect to
registration page on KC with email
> > already
> > > > > >>>>> entered
> > > > > >>>>>>>>>> b) If user does
exist in KC redirect to login
page
> > again
> > > > > >>>>> with email
> > > > > >>>>>>>>>> already entered
> > > > > >>>>>>>>>> 3. Redirect back to
app
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>> ----- Original Message
-----
> > > > > >>>>>>>>>>> From: "Bill
Burke" <bburke(a)redhat.com>
> > > > > >>>>>>>>>>> To: "Stian
Thorgersen" <stian(a)redhat.com>, "Rodrigo
> > Sasaki"
> > > > <
> > > > > >>>>>>>>>>
rodrigopsasaki(a)gmail.com>
> > > > > >>>>>>>>>>> Cc:
keycloak-user(a)lists.jboss.org
> > > > > >>>>>>>>>>> Sent: Friday, 25
July, 2014 1:48:45 PM
> > > > > >>>>>>>>>>> Subject: Re:
[keycloak-user] Authenticate user
without
> > using
> > > > > >>>>> login
> > > > > >>>>>>>>>>> page
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>> It is because their
first login screen is just
something
> > > > asking
> > > > > >>>>> for an
> > > > > >>>>>>>>>>> email. If the
email doesn't exist as a user, they
want a
> > > > > >>>>> redirect to
> > > > > >>>>>>>>>>> the register page.
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>> On 7/25/2014 5:08
AM, Stian Thorgersen wrote:
> > > > > >>>>>>>>>>>> Yes, you can
use the direct grant to retrieve a
token.
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> I'd like to
know why redirecting to the login form,
when
> > > > > >>>>> styled to
> > > > > >>>>>>>>>> match
> > > > > >>>>>>>>>>>> your website,
and using login_hint to pre-fill
> > > > username/email
> > > > > >>>>> doesn't
> > > > > >>>>>>>>>>>> work. Maybe
there's something we can do so that you
can
> > > > still
> > > > > >>>>> use the
> > > > > >>>>>>>>>>>>
"proper" flow?
> > > > > >>>>>>>>>>>>
> > > > > >>>>>>>>>>>> ----- Original
Message -----
> > > > > >>>>>>>>>>>>> From:
"Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com>
> > > > > >>>>>>>>>>>>> To:
"Stian Thorgersen" <stian(a)redhat.com>
> > > > > >>>>>>>>>>>>> Cc:
"Bill Burke" <bburke(a)redhat.com>,
> > > > > >>>>> keycloak-user(a)lists.jboss.org
> > > > > >>>>>>>>>>>>> Sent:
Thursday, 24 July, 2014 6:13:17 PM
> > > > > >>>>>>>>>>>>> Subject:
Re: [keycloak-user] Authenticate user
without
> > > > using
> > > > > >>>>> login
> > > > > >>>>>>>>>> page
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> Sorry to
keep insisting on this, but since it's
being a
> > > > huge
> > > > > >>>>>>>>>> showstopper
> > > > > >>>>>>>>>>>>> so
> > > > > >>>>>>>>>>>>> far, I just
have to ask.
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> If I
don't mind trading off SSO and all the other
> > benefits
> > > > > >>>>> that the
> > > > > >>>>>>>>>>>>> Keycloak
login page provides me, would there be a
way
> > for
> > > > me
> > > > > >>>>> to do
> > > > > >>>>>>>>>> what I
> > > > > >>>>>>>>>>>>> want?
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> On Fri, Jul
18, 2014 at 5:44 AM, Stian Thorgersen <
> > > > > >>>>> stian(a)redhat.com>
> > > > > >>>>>>>>>>>>> wrote:
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> We
could add support for login_hint query param so
> > you can
> > > > > >>>>> have the
> > > > > >>>>>>>>>>>>>>
username/email field on the login form pre-filled
for
> > the
> > > > > >>>>> user, so
> > > > > >>>>>>>>>> once a
> > > > > >>>>>>>>>>>>>> user
has to authenticate you redirect to login on
KC
> > and
> > > > all
> > > > > >>>>> they
> > > > > >>>>>>>>>> would
> > > > > >>>>>>>>>>>>>> have to
do is enter their password.
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> If you
bypass the login forms you'd loose SSO,
> > > > multi-factor
> > > > > >>>>>>>>>>>>>>
support,
> > > > > >>>>>>>>>>>>>>
required actions, recover password, etc, etc,
etc..
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> As Bill
mentioned we provide very flexible login
forms
> > > > that
> > > > > >>>>> can be
> > > > > >>>>>>>>>>>>>>
templated using either just css or even FreeMarker
> > > > templates
> > > > > >>>>> if you
> > > > > >>>>>>>>>> need
> > > > > >>>>>>>>>>>>>> a
> > > > > >>>>>>>>>>>>>> lot of
customization, so you should be able to
make
> > the
> > > > > >>>>> login form
> > > > > >>>>>>>>>>>>>>
integrate well with your website.
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>> -----
Original Message -----
> > > > > >>>>>>>>>>>>>>>
From: "Rodrigo Sasaki" <rodrigopsasaki(a)gmail.com
>
> > > > > >>>>>>>>>>>>>>> To:
"Bill Burke" <bburke(a)redhat.com>
> > > > > >>>>>>>>>>>>>>> Cc:
keycloak-user(a)lists.jboss.org
> > > > > >>>>>>>>>>>>>>>
Sent: Thursday, 17 July, 2014 6:52:08 PM
> > > > > >>>>>>>>>>>>>>>
Subject: Re: [keycloak-user] Authenticate user
> > without
> > > > > >>>>> using login
> > > > > >>>>>>>>>> page
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> You
think there could be a way to do this within
> > keycloak
> > > > > >>>>> itself?
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> On
Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki <
> > > > > >>>>>>>>>>>>>>
rodrigopsasaki(a)gmail.com >
> > > > > >>>>>>>>>>>>>>>
wrote:
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
I'll give you an example:
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> We
have a situation in our website where we only
ask
> > for
> > > > the
> > > > > >>>>>>>>>>>>>>>
user's
> > > > > >>>>>>>>>>>>>>
e-mail,
> > > > > >>>>>>>>>>>>>>> and
he can go on with the flow.
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> On
a determined step of the flow, if we identify
that
> > > > this
> > > > > >>>>> is an
> > > > > >>>>>>>>>> e-mail
> > > > > >>>>>>>>>>>>>> that
> > > > > >>>>>>>>>>>>>>> we
already have in our user database, we ask him
for
> > his
> > > > > >>>>> password,
> > > > > >>>>>>>>>>>>>>>
authenticate him, and let him go on, if this
e-mail
> > is
> > > > new,
> > > > > >>>>> we
> > > > > >>>>>>>>>> redirect
> > > > > >>>>>>>>>>>>>> him
> > > > > >>>>>>>>>>>>>>> to
a page where he can register himself, and
after
> > that
> > > > > >>>>> continue
> > > > > >>>>>>>>>>>>>>>
on.
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> On
this specific case and others, we wouldn't
like to
> > > > have
> > > > > >>>>> to
> > > > > >>>>>>>>>> redirect
> > > > > >>>>>>>>>>>>>> him to
> > > > > >>>>>>>>>>>>>>>
keycloak, because that would interrupt the flow
that
> > we
> > > > > >>>>> designed.
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> On
Wed, Jul 16, 2014 at 4:39 PM, Bill Burke <
> > > > > >>>>> bburke(a)redhat.com >
> > > > > >>>>>>>>>> wrote:
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
http://docs.jboss.org/ keycloak/docs/1.0-beta-3/
> > > > > >>>>>>>>>>>>>>>
userguide/html/direct-access- grants.html
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> If
you have to do it this way, please let us know
> > why.
> > > > > >>>>> Maybe we
> > > > > >>>>>>>>>>>>>>>
can
> > > > > >>>>>>>>>>>>>> solve
the
> > > > > >>>>>>>>>>>>>>>
issue within keycloak itself.
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> On
7/16/2014 3:35 PM, Rodrigo Sasaki wrote:
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
Just for the sake of conversation, if I did want
to
> > > > handle
> > > > > >>>>> my own
> > > > > >>>>>>>>>> login
> > > > > >>>>>>>>>>>>>>>
page, would there be a way for me to do it?
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> On
Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki
> > > > > >>>>>>>>>>>>>>>
< rodrigopsasaki(a)gmail.com <mailto:
> > > > rodrigopsasaki@gmail.
> > > > > >>>>> com >>
> > > > > >>>>>>>>>> wrote:
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> I
don't want to miss out on all of that, which
is why
> > > > we're
> > > > > >>>>> mostly
> > > > > >>>>>>>>>>>>>>>
migrating everything to use keycloak that way.
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
It's just that we have cases that are so
specific,
> > that
> > > > it
> > > > > >>>>> would
> > > > > >>>>>>>>>>>>>>> be
> > > > > >>>>>>>>>>>>>>>
better to authenticate the user in a different
> > manner,
> > > > > >>>>> create the
> > > > > >>>>>>>>>>>>>>>
user session and everything, without redirecting.
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
I'll have a look at that code. Thanks!
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> On
Tue, Jul 15, 2014 at 2:19 PM, Bill Burke <
> > > > > >>>>> bburke(a)redhat.com
> > > > > >>>>>>>>>>>>>>>
<mailto: bburke(a)redhat.com >> wrote:
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> If
you want to handle your own login pages, IMO,
you
> > are
> > > > > >>>>> missing
> > > > > >>>>>>>>>>>>>>> out
on
> > > > > >>>>>>>>>>>>>>> a
lot of Keycloak features. Specifically:
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> *
SSO
> > > > > >>>>>>>>>>>>>>> *
forgot password
> > > > > >>>>>>>>>>>>>>> *
admin forced credential reset/setup
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
Login pages can be styled however you like to
look
> > like
> > > > your
> > > > > >>>>>>>>>>>>>>>
application.
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
There is a REST api for obtaining an access
token.
> > Here
> > > > is
> > > > > >>>>> an
> > > > > >>>>>>>>>>>>>>>
example:
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
https://github.com/keycloak/
> > > > keycloak/blob/master/examples/
> > > > > >>>>>>>>>>>>>>>
demo-template/admin-access-
app/src/main/java/org/
> > > > > >>>>>>>>>>>>>>>
keycloak/example/AdminClient. java
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> On
7/15/2014 12:36 PM, Rodrigo Sasaki wrote:
> > > > > >>>>>>>>>>>>>>>>
Is there a way to authenticate the user without
> > having
> > > > to
> > > > > >>>>>>>>>>>>>>>
input username
> > > > > >>>>>>>>>>>>>>>>
and password on the login page?
> > > > >
>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>
For example:
> > > > >
>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>
Say there's a situation in my application where
I
> > > > request
> > > > > >>>>> the
> > > > > >>>>>>>>>>>>>>>
user for
> > > > > >>>>>>>>>>>>>>>>
his username and password, and I wouldn't like
to
> > > > redirect
> > > > > >>>>>>>>>>>>>>>
that to the
> > > > > >>>>>>>>>>>>>>>>
keycloak login page to authenticate him, would
> > there be
> > > > a
> > > > > >>>>> way
> > > > > >>>>>>>>>>>>>>> for
me to
> > > > > >>>>>>>>>>>>>>>>
do that?
> > > > >
>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>
--
> > > > > >>>>>>>>>>>>>>>>
Rodrigo Sasaki
> > > > >
>>>>>>>>>>>>>>>>
> > > > >
>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>
______________________________ _________________
> > > > > >>>>>>>>>>>>>>>>
keycloak-user mailing list
> > > > > >>>>>>>>>>>>>>>>
keycloak-user(a)lists.jboss.org
> > > > > >>>>>>>>>>>>>>>
<mailto: keycloak-user@lists.
jboss.org >
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>>
https://lists.jboss.org/
> > mailman/listinfo/keycloak-user
> > > > >
>>>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> --
> > > > > >>>>>>>>>>>>>>>
Bill Burke
> > > > > >>>>>>>>>>>>>>>
JBoss, a division of Red Hat
> > > > > >>>>>>>>>>>>>>>
http://bill.burkecentral.com
> > > > > >>>>>>>>>>>>>>>
______________________________ _________________
> > > > > >>>>>>>>>>>>>>>
keycloak-user mailing list
> > > > > >>>>>>>>>>>>>>>
keycloak-user(a)lists.jboss.org <mailto:
> > > > keycloak-user@lists.
> > > > > >>>>>>>>>>
jboss.org >
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
https://lists.jboss.org/
> > mailman/listinfo/keycloak-user
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> --
> > > > > >>>>>>>>>>>>>>>
Rodrigo Sasaki
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> --
> > > > > >>>>>>>>>>>>>>>
Rodrigo Sasaki
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> --
> > > > > >>>>>>>>>>>>>>>
Bill Burke
> > > > > >>>>>>>>>>>>>>>
JBoss, a division of Red Hat
> > > > > >>>>>>>>>>>>>>>
http://bill.burkecentral.com
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> --
> > > > > >>>>>>>>>>>>>>>
Rodrigo Sasaki
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>> --
> > > > > >>>>>>>>>>>>>>>
Rodrigo Sasaki
> > > > > >>>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>>>
_______________________________________________
> > > > > >>>>>>>>>>>>>>>
keycloak-user mailing list
> > > > > >>>>>>>>>>>>>>>
keycloak-user(a)lists.jboss.org
> > > > > >>>>>>>>>>>>>>>
> >
https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > > >>>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>>> --
> > > > > >>>>>>>>>>>>> Rodrigo
Sasaki
> > > > > >>>>>>>>>>>>>
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>> --
> > > > > >>>>>>>>>>> Bill Burke
> > > > > >>>>>>>>>>> JBoss, a division
of Red Hat
> > > > > >>>>>>>>>>>
http://bill.burkecentral.com
> > > > > >>>>>>>>>>>
> > > > > >>>>>>>>>>
> > > > > >>>>>>>>>
> > > > > >>>>>>>>>
> > > > > >>>>>>>>>
> > > > > >>>>>>>>> --
> > > > > >>>>>>>>> Rodrigo Sasaki
> > > > > >>>>>>>>>
> > > > > >>>>>>>
> > > > > >>>>>>> --
> > > > > >>>>>>> Bill Burke
> > > > > >>>>>>> JBoss, a division of Red Hat
> > > > > >>>>>>>
http://bill.burkecentral.com
> > > > > >>>>>>>
> > > > > >>>>>>
_______________________________________________
> > > > > >>>>>> keycloak-user mailing list
> > > > > >>>>>> keycloak-user(a)lists.jboss.org
> > > > > >>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > > >>>>>>
> > > > > >>>>>
_______________________________________________
> > > > > >>>>> keycloak-user mailing list
> > > > > >>>>> keycloak-user(a)lists.jboss.org
> > > > > >>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > > >>>>>
> > > > > >>>>
> > > > > >>>>
> > > > > >>>>
> > > > > >>>> --
> > > > > >>>> Rodrigo Sasaki
> > > > > >>>>
> > > > > >>>
> > > > > >>>
> > > > > >>>
> > > > > >>> --
> > > > > >>> Rodrigo Sasaki
> > > > > >>>
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >> --
> > > > > >> Rodrigo Sasaki
> > > > > >>
> > > > >
> > > > > --
> > > > > Bill Burke
> > > > > JBoss, a division of Red Hat
> > > > >
http://bill.burkecentral.com
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Rodrigo Sasaki
> > >
> >
>