12:28 p.m.
Hi,
We are building an SSO framework for our company products using Keycloak and want to use
our existing UI and flow for login.
Is there a way to deploy Keycloak without using any of its UI components (Login Screen and
Admin Console) and still use all the core services such as authentication, authorization,
managing user storage etc.
Also, we want to authenticate the Unix local users via Keycloak. Is there any way to do
this? Or is there any workaround that you can suggest for the same?
Regards,
Aditya Bhole
2:32 p.m.
Aditya,
I am not sure about the Unix local users, although it sounds like a cool
idea. As for the GUI elements an option, rather than abandoning the
keycloak pages is you could theme the login and admin screens to look like
your site. Below is a link that might help you get started with theming
keycloak:
https://github.com/keycloak/keycloak/tree/master/examples/themes
Thanks - Nick
On Wed, Jul 17, 2019 at 1:11 PM Aditya Bhole <Aditya.Bhole(a)veritas.com>
wrote:
Hi,
We are building an SSO framework for our company products using Keycloak
and want to use our existing UI and flow for login.
Is there a way to deploy Keycloak without using any of its UI components
(Login Screen and Admin Console) and still use all the core services such
as authentication, authorization, managing user storage etc.
Also, we want to authenticate the Unix local users via Keycloak. Is there
any way to do this? Or is there any workaround that you can suggest for the
same?
Regards,
Aditya Bhole
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2:08 p.m.
New subject: [EXTERNAL] Re: Core Services Without UI & Local Unix Users
Hi Nick,
To authenticate the Unix local users, can we do something like-
- Take the user credentials on login screen, along with a flag/indicator that this user is
a local Unix user
- Write a java API/library which takes these credentials and authenticate the user at its
OS level
- If we get success as response from the API/library, create a Keycloak access token and
let the user in to access the protected resources/clients
Thanks,
Aditya
On 7/17/19, 3:02 PM, "keycloak-user-bounces(a)lists.jboss.org on behalf of Nick
Powers" <keycloak-user-bounces(a)lists.jboss.org on behalf of sshscp(a)gmail.com>
wrote:
Aditya,
I am not sure about the Unix local users, although it sounds like a cool
idea. As for the GUI elements an option, rather than abandoning the
keycloak pages is you could theme the login and admin screens to look like
your site. Below is a link that might help you get started with theming
keycloak:
https://github.com/keycloak/keycloak/tree/master/examples/themes
Thanks - Nick
On Wed, Jul 17, 2019 at 1:11 PM Aditya Bhole <Aditya.Bhole(a)veritas.com>
wrote:
Hi,
We are building an SSO framework for our company products using Keycloak
and want to use our existing UI and flow for login.
Is there a way to deploy Keycloak without using any of its UI components
(Login Screen and Admin Console) and still use all the core services such
as authentication, authorization, managing user storage etc.
Also, we want to authenticate the Unix local users via Keycloak. Is there
any way to do this? Or is there any workaround that you can suggest for the
same?
Regards,
Aditya Bhole
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
6:37 p.m.
New subject: [EXTERNAL] Re: Core Services Without UI & Local Unix Users
Aditya,
This is only a guess, as I have never attempted what you are suggesting.
But, if I were trying to do what you are I would start off by implementing
PAM (Pluggable Authentication Modules) with LDAP (database) to authenticate
your Unix users and then use Keycloak User Federation to keep your LDAP and
Keycloak user DB in sync. This assumes that your Unix system supports
PAM. PAM is currently supported in the AIX operating system, DragonFly
BSD, FreeBSD, HP-UX, Linux, macOS, NetBSD and Solaris.
- Nick
On Thu, Jul 18, 2019 at 5:00 PM Aditya Bhole <Aditya.Bhole(a)veritas.com>
wrote:
Hi Nick,
To authenticate the Unix local users, can we do something like-
- Take the user credentials on login screen, along with a flag/indicator
that this user is a local Unix user
- Write a java API/library which takes these credentials and authenticate
the user at its OS level
- If we get success as response from the API/library, create a Keycloak
access token and let the user in to access the protected resources/clients
Thanks,
Aditya
On 7/17/19, 3:02 PM, "keycloak-user-bounces(a)lists.jboss.org on behalf of
Nick Powers" <keycloak-user-bounces(a)lists.jboss.org on behalf of
sshscp(a)gmail.com> wrote:
Aditya,
I am not sure about the Unix local users, although it sounds like a
cool
idea. As for the GUI elements an option, rather than abandoning the
keycloak pages is you could theme the login and admin screens to look
like
your site. Below is a link that might help you get started with
theming
keycloak:
https://github.com/keycloak/keycloak/tree/master/examples/themes
Thanks - Nick
On Wed, Jul 17, 2019 at 1:11 PM Aditya Bhole <Aditya.Bhole(a)veritas.com
>
wrote:
> Hi,
>
> We are building an SSO framework for our company products using
Keycloak
> and want to use our existing UI and flow for login.
> Is there a way to deploy Keycloak without using any of its UI
components
> (Login Screen and Admin Console) and still use all the core services
such
> as authentication, authorization, managing user storage etc.
>
> Also, we want to authenticate the Unix local users via Keycloak. Is
there
> any way to do this? Or is there any workaround that you can suggest
for the
> same?
>
> Regards,
> Aditya Bhole
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
1989
days inactive
1990
days old
3 comments
2 participants
participants (2)
-
Aditya Bhole -
Nick Powers