Is there a builtin authenticator that can provide a default user account based upon some criteria? For example, could we provide a default user if the client is connecting to localhost? _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Well, this be insecurity by design. :) Basically we would like to turn off security completely in some cases for local installations, but this brings a lot of deployment related considerations (multiple descriptors, conditional logic around the logged in user, etc). An authenticator that is essentially just a bypass would accomplish the same thing without the additional complexity. It would be similar to a default "unauthenticatedIdentity", except with a default role as well. On 09/13/2016 05:01 AM, Stian Thorgersen wrote: No there isn't anything like that. Sounds like a potential hackers heaven as well. Assuming you've got the idea from WildFly. WildFly can do that by writing to a local file to make sure the user is indeed on the local machine. That doens't work in a web based flow unless you can find a way to "share" a file between the Keycloak server and the browser. On 12 September 2016 at 17:17, Jess Sightler <jsightle(a)redhat.com&gt; wrote: > Is there a builtin authenticator that can provide a default user account > based upon some criteria? For example, could we provide a default user > if the client is connecting to localhost? > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >