I thought the example did allow configuring the security question on the authenticator, but you can create your own that does it. Then the security questions are configured on the authenticator itself. On 22 February 2016 at 13:24, Bystrik Horvath <bystrik.horvath(a)gmail.com&gt; wrote: > Hi, > > I went through the example ( > https://github.com/keycloak/keycloak/tree/master/examples/providers/authe...). > The security questions are written in secret-question.ftl > and secret-question-config.ftl files. From my point of view, the security > questions are know in advance and they can be "hardcoded" in ftl files. My > case is that security questions are defined during the runtime (preferably > via admin REST API). The admin REST API does not provide the functionality > to store attributes on realm level. I agree that security questions belongs > to realm, but how to provision them - *.ftl files are not an option for me. > > Best regards, > Bystrik > > On Mon, Feb 22, 2016 at 12:55 PM, Stian Thorgersen <sthorger(a)redhat.com&gt; > wrote: > >> If you look at our security questions example it stores the >> configuration on the authenticator itself. >> >> On 22 February 2016 at 12:46, Bystrik Horvath <bystrik.horvath(a)gmail.com >> > wrote: >> >>> Hi, >>> >>> what would be a recommended way to provision a security question on >>> realm base if the question is not known in advance? May be it is an misuse >>> of client representation for provisioning that. >>> >>> Best regards, >>> Bystrik >>> >>> On Mon, Feb 22, 2016 at 12:28 PM, Stian Thorgersen <sthorger(a)redhat.com >>> > wrote: >>> >>>> I don't understand how you can have security questions that are >>>> particular to a client. A user logs-in to a realm, not a client. >>>> >>>> On 22 February 2016 at 10:20, Juraj Janosik <juraj.janosik77(a)gmail.com >>>> > wrote: >>>> >>>>> @ Stian: >>>>> generally said, I did not find any description, that the client >>>>> attributes are for internal use only. >>>>> Parameter "attributes" is propagated in ClientRepresentation in the >>>>> REST Admin API, >>>>> therefore should be used for CRUD admin operations. >>>>> We plan to attach Security Answers to the user (Security questions >>>>> are common for particular client). >>>>> >>>>> Best Regards, >>>>> Juraj >>>>> >>>>> 2016-02-22 10:18 GMT+01:00 Bystrik Horvath <bystrik.horvath(a)gmail.com >>>>> >: >>>>> >>>>>> Hi, >>>>>> >>>>>> I think the case here is to provision the text of security question >>>>>> to the client attributes when it is not known in advance. >>>>>> >>>>>> Best regards, >>>>>> Bystrik >>>>>> >>>>>> On Mon, Feb 22, 2016 at 10:06 AM, Thomas Darimont < >>>>>> thomas.darimont(a)googlemail.com&gt; wrote: >>>>>> >>>>>>> Interesting - do you need client specific security questions? >>>>>>> >>>>>>> The keycloak examples contain a custom provider for user specific >>>>>>> security questions - perhaps this would suit your needs better. >>>>>>> >>>>>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authe... >>>>>>> >>>>>>> Cheers, >>>>>>> Thomas >>>>>>> >>>>>>> 2016-02-22 10:02 GMT+01:00 Juraj Janosik <juraj.janosik77(a)gmail.com >>>>>>> >: >>>>>>> >>>>>>>> Hi Thomas, >>>>>>>> >>>>>>>> for example security questions.... :-) >>>>>>>> >>>>>>>> Best Regards, >>>>>>>> Juraj >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> 2016-02-22 9:12 GMT+01:00 Thomas Darimont < >>>>>>>> thomas.darimont(a)googlemail.com&gt;: >>>>>>>> >>>>>>>>> Hello Juraj, >>>>>>>>> >>>>>>>>> I wondered about that too a while ago - may I ask what client >>>>>>>>> attributes you are planning to store? >>>>>>>>> >>>>>>>>> Cheers, >>>>>>>>> Thomas >>>>>>>>> >>>>>>>>> 2016-02-22 8:17 GMT+01:00 Juraj Janosik < >>>>>>>>> juraj.janosik77(a)gmail.com&gt;: >>>>>>>>> >>>>>>>>>> The user configuration has the possibility to >>>>>>>>>> Create/Read/Update/Delete of "custom" attributes in the Admin Console. >>>>>>>>>> >>>>>>>>>> (/auth/admin/master/console/#/realms/demo/users/{uid}/user-attributes) >>>>>>>>>> The client does not. I think, the logic and the focus is the >>>>>>>>>> same for both. >>>>>>>>>> >>>>>>>>>> Best regards, >>>>>>>>>> Juraj >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> 2016-02-19 15:40 GMT+01:00 Stian Thorgersen <sthorger(a)redhat.com >>>>>>>>>> >: >>>>>>>>>> >>>>>>>>>>> We don't. Why would we add it though? >>>>>>>>>>> On 18 Feb 2016 12:43, "Juraj Janosik" < >>>>>>>>>>> juraj.janosik77(a)gmail.com&gt; wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi, >>>>>>>>>>>> >>>>>>>>>>>> is there any plan to support for displaying of "attributes" >>>>>>>>>>>> from Client Representation >>>>>>>>>>>> (like users configuration) in Admin Console? >>>>>>>>>>>> >>>>>>>>>>>> Thanks. >>>>>>>>>>>> >>>>>>>>>>>> Best Regards, >>>>>>>>>>>> Juraj >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> keycloak-user mailing list >>>>>>>>>>>> keycloak-user(a)lists.jboss.org >>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> keycloak-user mailing list >>>>>>>>>> keycloak-user(a)lists.jboss.org >>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> keycloak-user mailing list >>>>>>> keycloak-user(a)lists.jboss.org >>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >> >

You could define the set of secret questions on the authenticator - you could either hardcode them or make them configurable by implementing ConfiguredProvider see [0]. Then you could store a reference to the selected secret question and the answer as a custom user-attribute. Cheers, Thomas [0] - https://github.com/keycloak/keycloak/blob/60f9f73c4ca2ddf4ad49ff53a03a63d... Stian Thorgersen <sthorger(a)redhat.com&gt; schrieb am Mo., 22. Feb. 2016, 13:40: > I thought the example did allow configuring the security question on the > authenticator, but you can create your own that does it. Then the security > questions are configured on the authenticator itself. > > On 22 February 2016 at 13:24, Bystrik Horvath <bystrik.horvath(a)gmail.com&gt; > wrote: > >> Hi, >> >> I went through the example ( >> https://github.com/keycloak/keycloak/tree/master/examples/providers/authe...). >> The security questions are written in secret-question.ftl >> and secret-question-config.ftl files. From my point of view, the security >> questions are know in advance and they can be "hardcoded" in ftl files. My >> case is that security questions are defined during the runtime (preferably >> via admin REST API). The admin REST API does not provide the functionality >> to store attributes on realm level. I agree that security questions belongs >> to realm, but how to provision them - *.ftl files are not an option for me. >> >> Best regards, >> Bystrik >> >> On Mon, Feb 22, 2016 at 12:55 PM, Stian Thorgersen <sthorger(a)redhat.com&gt; >> wrote: >> >>> If you look at our security questions example it stores the >>> configuration on the authenticator itself. >>> >>> On 22 February 2016 at 12:46, Bystrik Horvath < >>> bystrik.horvath(a)gmail.com&gt; wrote: >>> >>>> Hi, >>>> >>>> what would be a recommended way to provision a security question on >>>> realm base if the question is not known in advance? May be it is an misuse >>>> of client representation for provisioning that. >>>> >>>> Best regards, >>>> Bystrik >>>> >>>> On Mon, Feb 22, 2016 at 12:28 PM, Stian Thorgersen < >>>> sthorger(a)redhat.com&gt; wrote: >>>> >>>>> I don't understand how you can have security questions that are >>>>> particular to a client. A user logs-in to a realm, not a client. >>>>> >>>>> On 22 February 2016 at 10:20, Juraj Janosik < >>>>> juraj.janosik77(a)gmail.com&gt; wrote: >>>>> >>>>>> @ Stian: >>>>>> generally said, I did not find any description, that the client >>>>>> attributes are for internal use only. >>>>>> Parameter "attributes" is propagated in ClientRepresentation in the >>>>>> REST Admin API, >>>>>> therefore should be used for CRUD admin operations. >>>>>> We plan to attach Security Answers to the user (Security questions >>>>>> are common for particular client). >>>>>> >>>>>> Best Regards, >>>>>> Juraj >>>>>> >>>>>> 2016-02-22 10:18 GMT+01:00 Bystrik Horvath < >>>>>> bystrik.horvath(a)gmail.com&gt;: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I think the case here is to provision the text of security question >>>>>>> to the client attributes when it is not known in advance. >>>>>>> >>>>>>> Best regards, >>>>>>> Bystrik >>>>>>> >>>>>>> On Mon, Feb 22, 2016 at 10:06 AM, Thomas Darimont < >>>>>>> thomas.darimont(a)googlemail.com&gt; wrote: >>>>>>> >>>>>>>> Interesting - do you need client specific security questions? >>>>>>>> >>>>>>>> The keycloak examples contain a custom provider for user specific >>>>>>>> security questions - perhaps this would suit your needs better. >>>>>>>> >>>>>>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authe... >>>>>>>> >>>>>>>> Cheers, >>>>>>>> Thomas >>>>>>>> >>>>>>>> 2016-02-22 10:02 GMT+01:00 Juraj Janosik < >>>>>>>> juraj.janosik77(a)gmail.com&gt;: >>>>>>>> >>>>>>>>> Hi Thomas, >>>>>>>>> >>>>>>>>> for example security questions.... :-) >>>>>>>>> >>>>>>>>> Best Regards, >>>>>>>>> Juraj >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> 2016-02-22 9:12 GMT+01:00 Thomas Darimont < >>>>>>>>> thomas.darimont(a)googlemail.com&gt;: >>>>>>>>> >>>>>>>>>> Hello Juraj, >>>>>>>>>> >>>>>>>>>> I wondered about that too a while ago - may I ask what client >>>>>>>>>> attributes you are planning to store? >>>>>>>>>> >>>>>>>>>> Cheers, >>>>>>>>>> Thomas >>>>>>>>>> >>>>>>>>>> 2016-02-22 8:17 GMT+01:00 Juraj Janosik < >>>>>>>>>> juraj.janosik77(a)gmail.com&gt;: >>>>>>>>>> >>>>>>>>>>> The user configuration has the possibility to >>>>>>>>>>> Create/Read/Update/Delete of "custom" attributes in the Admin Console. >>>>>>>>>>> >>>>>>>>>>> (/auth/admin/master/console/#/realms/demo/users/{uid}/user-attributes) >>>>>>>>>>> The client does not. I think, the logic and the focus is the >>>>>>>>>>> same for both. >>>>>>>>>>> >>>>>>>>>>> Best regards, >>>>>>>>>>> Juraj >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> 2016-02-19 15:40 GMT+01:00 Stian Thorgersen < >>>>>>>>>>> sthorger(a)redhat.com&gt;: >>>>>>>>>>> >>>>>>>>>>>> We don't. Why would we add it though? >>>>>>>>>>>> On 18 Feb 2016 12:43, "Juraj Janosik" < >>>>>>>>>>>> juraj.janosik77(a)gmail.com&gt; wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi, >>>>>>>>>>>>> >>>>>>>>>>>>> is there any plan to support for displaying of "attributes" >>>>>>>>>>>>> from Client Representation >>>>>>>>>>>>> (like users configuration) in Admin Console? >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks. >>>>>>>>>>>>> >>>>>>>>>>>>> Best Regards, >>>>>>>>>>>>> Juraj >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> keycloak-user mailing list >>>>>>>>>>>>> keycloak-user(a)lists.jboss.org >>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> keycloak-user mailing list >>>>>>>>>>> keycloak-user(a)lists.jboss.org >>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> keycloak-user mailing list >>>>>>>> keycloak-user(a)lists.jboss.org >>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user

FYI, back to the original question of allowing edit of client attributes from admin console... Some use cases where client attributes would be very handy: * additional metadata for applications * display-order for application listing * icon name in application listing (more flexible than deriving from client id) * tagging of clients as internal, public etc. * application version * url for checking application status (health check endpoint) - ok, maintenance, offline Would be happy to send a PR for editing of client attributes in the admin console. Cheers, Thomas 2016-02-22 13:58 GMT+01:00 Bystrik Horvath <bystrik.horvath(a)gmail.com&gt;: > Thank you guys for the answers, I think you & Stian directed me to the > right way, so it should solve my requirements. > > Best regards, > Bystrik > > > > On Mon, Feb 22, 2016 at 1:48 PM, Thomas Darimont < > thomas.darimont(a)googlemail.com&gt; wrote: > >> You could define the set of secret questions on the authenticator - you >> could either hardcode them or make them configurable by implementing >> ConfiguredProvider see [0]. >> Then you could store a reference to the selected secret question and the >> answer as a custom user-attribute. >> >> Cheers, >> >> Thomas >> >> [0] - >> https://github.com/keycloak/keycloak/blob/60f9f73c4ca2ddf4ad49ff53a03a63d... >> >> Stian Thorgersen <sthorger(a)redhat.com&gt; schrieb am Mo., 22. Feb. 2016, >> 13:40: >> >>> I thought the example did allow configuring the security question on >>> the authenticator, but you can create your own that does it. Then the >>> security questions are configured on the authenticator itself. >>> >>> On 22 February 2016 at 13:24, Bystrik Horvath < >>> bystrik.horvath(a)gmail.com&gt; wrote: >>> >>>> Hi, >>>> >>>> I went through the example ( >>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authe...). >>>> The security questions are written in secret-question.ftl >>>> and secret-question-config.ftl files. From my point of view, the security >>>> questions are know in advance and they can be "hardcoded" in ftl files. My >>>> case is that security questions are defined during the runtime (preferably >>>> via admin REST API). The admin REST API does not provide the functionality >>>> to store attributes on realm level. I agree that security questions belongs >>>> to realm, but how to provision them - *.ftl files are not an option for me. >>>> >>>> Best regards, >>>> Bystrik >>>> >>>> On Mon, Feb 22, 2016 at 12:55 PM, Stian Thorgersen < >>>> sthorger(a)redhat.com&gt; wrote: >>>> >>>>> If you look at our security questions example it stores the >>>>> configuration on the authenticator itself. >>>>> >>>>> On 22 February 2016 at 12:46, Bystrik Horvath < >>>>> bystrik.horvath(a)gmail.com&gt; wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> what would be a recommended way to provision a security question on >>>>>> realm base if the question is not known in advance? May be it is an misuse >>>>>> of client representation for provisioning that. >>>>>> >>>>>> Best regards, >>>>>> Bystrik >>>>>> >>>>>> On Mon, Feb 22, 2016 at 12:28 PM, Stian Thorgersen < >>>>>> sthorger(a)redhat.com&gt; wrote: >>>>>> >>>>>>> I don't understand how you can have security questions that are >>>>>>> particular to a client. A user logs-in to a realm, not a client. >>>>>>> >>>>>>> On 22 February 2016 at 10:20, Juraj Janosik < >>>>>>> juraj.janosik77(a)gmail.com&gt; wrote: >>>>>>> >>>>>>>> @ Stian: >>>>>>>> generally said, I did not find any description, that the client >>>>>>>> attributes are for internal use only. >>>>>>>> Parameter "attributes" is propagated in ClientRepresentation in >>>>>>>> the REST Admin API, >>>>>>>> therefore should be used for CRUD admin operations. >>>>>>>> We plan to attach Security Answers to the user (Security questions >>>>>>>> are common for particular client). >>>>>>>> >>>>>>>> Best Regards, >>>>>>>> Juraj >>>>>>>> >>>>>>>> 2016-02-22 10:18 GMT+01:00 Bystrik Horvath < >>>>>>>> bystrik.horvath(a)gmail.com&gt;: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> I think the case here is to provision the text of security >>>>>>>>> question to the client attributes when it is not known in advance. >>>>>>>>> >>>>>>>>> Best regards, >>>>>>>>> Bystrik >>>>>>>>> >>>>>>>>> On Mon, Feb 22, 2016 at 10:06 AM, Thomas Darimont < >>>>>>>>> thomas.darimont(a)googlemail.com&gt; wrote: >>>>>>>>> >>>>>>>>>> Interesting - do you need client specific security questions? >>>>>>>>>> >>>>>>>>>> The keycloak examples contain a custom provider for user >>>>>>>>>> specific security questions - perhaps this would suit your needs better. >>>>>>>>>> >>>>>>>>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authe... >>>>>>>>>> >>>>>>>>>> Cheers, >>>>>>>>>> Thomas >>>>>>>>>> >>>>>>>>>> 2016-02-22 10:02 GMT+01:00 Juraj Janosik < >>>>>>>>>> juraj.janosik77(a)gmail.com&gt;: >>>>>>>>>> >>>>>>>>>>> Hi Thomas, >>>>>>>>>>> >>>>>>>>>>> for example security questions.... :-) >>>>>>>>>>> >>>>>>>>>>> Best Regards, >>>>>>>>>>> Juraj >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> 2016-02-22 9:12 GMT+01:00 Thomas Darimont < >>>>>>>>>>> thomas.darimont(a)googlemail.com&gt;: >>>>>>>>>>> >>>>>>>>>>>> Hello Juraj, >>>>>>>>>>>> >>>>>>>>>>>> I wondered about that too a while ago - may I ask what client >>>>>>>>>>>> attributes you are planning to store? >>>>>>>>>>>> >>>>>>>>>>>> Cheers, >>>>>>>>>>>> Thomas >>>>>>>>>>>> >>>>>>>>>>>> 2016-02-22 8:17 GMT+01:00 Juraj Janosik < >>>>>>>>>>>> juraj.janosik77(a)gmail.com&gt;: >>>>>>>>>>>> >>>>>>>>>>>>> The user configuration has the possibility to >>>>>>>>>>>>> Create/Read/Update/Delete of "custom" attributes in the Admin Console. >>>>>>>>>>>>> >>>>>>>>>>>>> (/auth/admin/master/console/#/realms/demo/users/{uid}/user-attributes) >>>>>>>>>>>>> The client does not. I think, the logic and the focus is the >>>>>>>>>>>>> same for both. >>>>>>>>>>>>> >>>>>>>>>>>>> Best regards, >>>>>>>>>>>>> Juraj >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> 2016-02-19 15:40 GMT+01:00 Stian Thorgersen < >>>>>>>>>>>>> sthorger(a)redhat.com&gt;: >>>>>>>>>>>>> >>>>>>>>>>>>>> We don't. Why would we add it though? >>>>>>>>>>>>>> On 18 Feb 2016 12:43, "Juraj Janosik" < >>>>>>>>>>>>>> juraj.janosik77(a)gmail.com&gt; wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> is there any plan to support for displaying of "attributes" >>>>>>>>>>>>>>> from Client Representation >>>>>>>>>>>>>>> (like users configuration) in Admin Console? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Thanks. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Best Regards, >>>>>>>>>>>>>>> Juraj >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> keycloak-user mailing list >>>>>>>>>>>>>>> keycloak-user(a)lists.jboss.org >>>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> keycloak-user mailing list >>>>>>>>>>>>> keycloak-user(a)lists.jboss.org >>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> keycloak-user mailing list >>>>>>>>>> keycloak-user(a)lists.jboss.org >>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-user >> >> >

Thanks for the quick response :) Well, one example would be the applications listing in the self-service account UI: * I want to control the order of application items in the list * I want to show whether the application can be currently accessed or not (at least I want to give a hint) * I want to group certain applications (HR, Finance, Customers) etc. based on tags Other areas would be a mobile app that presents the "service-portfolio" with the apps currently available for a user. (this would be provided by a intermediate service though but the data would be read from client attributes). Cheers, Thomas 2016-02-25 10:26 GMT+01:00 Stian Thorgersen <sthorger(a)redhat.com&gt;: > I can see those details are things that you may want to add to a client, > but I don't see how you're going to utilize that information? > > On 25 February 2016 at 09:55, Thomas Darimont < > thomas.darimont(a)googlemail.com&gt; wrote: > >> FYI, back to the original question of allowing edit of client attributes >> from admin console... >> >> Some use cases where client attributes would be very handy: >> * additional metadata for applications >> * display-order for application listing >> * icon name in application listing (more flexible than deriving from >> client id) >> * tagging of clients as internal, public etc. >> * application version >> * url for checking application status (health check endpoint) - ok, >> maintenance, offline >> >> Would be happy to send a PR for editing of client attributes in the >> admin console. >> >> Cheers, >> Thomas >> >> 2016-02-22 13:58 GMT+01:00 Bystrik Horvath <bystrik.horvath(a)gmail.com&gt;: >> >>> Thank you guys for the answers, I think you & Stian directed me to the >>> right way, so it should solve my requirements. >>> >>> Best regards, >>> Bystrik >>> >>> >>> >>> On Mon, Feb 22, 2016 at 1:48 PM, Thomas Darimont < >>> thomas.darimont(a)googlemail.com&gt; wrote: >>> >>>> You could define the set of secret questions on the authenticator - >>>> you could either hardcode them or make them configurable by implementing >>>> ConfiguredProvider see [0]. >>>> Then you could store a reference to the selected secret question and >>>> the answer as a custom user-attribute. >>>> >>>> Cheers, >>>> >>>> Thomas >>>> >>>> [0] - >>>> https://github.com/keycloak/keycloak/blob/60f9f73c4ca2ddf4ad49ff53a03a63d... >>>> >>>> Stian Thorgersen <sthorger(a)redhat.com&gt; schrieb am Mo., 22. Feb. 2016, >>>> 13:40: >>>> >>>>> I thought the example did allow configuring the security question on >>>>> the authenticator, but you can create your own that does it. Then the >>>>> security questions are configured on the authenticator itself. >>>>> >>>>> On 22 February 2016 at 13:24, Bystrik Horvath < >>>>> bystrik.horvath(a)gmail.com&gt; wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> I went through the example ( >>>>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authe...). >>>>>> The security questions are written in secret-question.ftl >>>>>> and secret-question-config.ftl files. From my point of view, the security >>>>>> questions are know in advance and they can be "hardcoded" in ftl files. My >>>>>> case is that security questions are defined during the runtime (preferably >>>>>> via admin REST API). The admin REST API does not provide the functionality >>>>>> to store attributes on realm level. I agree that security questions belongs >>>>>> to realm, but how to provision them - *.ftl files are not an option for me. >>>>>> >>>>>> Best regards, >>>>>> Bystrik >>>>>> >>>>>> On Mon, Feb 22, 2016 at 12:55 PM, Stian Thorgersen < >>>>>> sthorger(a)redhat.com&gt; wrote: >>>>>> >>>>>>> If you look at our security questions example it stores the >>>>>>> configuration on the authenticator itself. >>>>>>> >>>>>>> On 22 February 2016 at 12:46, Bystrik Horvath < >>>>>>> bystrik.horvath(a)gmail.com&gt; wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> what would be a recommended way to provision a security question >>>>>>>> on realm base if the question is not known in advance? May be it is an >>>>>>>> misuse of client representation for provisioning that. >>>>>>>> >>>>>>>> Best regards, >>>>>>>> Bystrik >>>>>>>> >>>>>>>> On Mon, Feb 22, 2016 at 12:28 PM, Stian Thorgersen < >>>>>>>> sthorger(a)redhat.com&gt; wrote: >>>>>>>> >>>>>>>>> I don't understand how you can have security questions that are >>>>>>>>> particular to a client. A user logs-in to a realm, not a client. >>>>>>>>> >>>>>>>>> On 22 February 2016 at 10:20, Juraj Janosik < >>>>>>>>> juraj.janosik77(a)gmail.com&gt; wrote: >>>>>>>>> >>>>>>>>>> @ Stian: >>>>>>>>>> generally said, I did not find any description, that the client >>>>>>>>>> attributes are for internal use only. >>>>>>>>>> Parameter "attributes" is propagated in ClientRepresentation in >>>>>>>>>> the REST Admin API, >>>>>>>>>> therefore should be used for CRUD admin operations. >>>>>>>>>> We plan to attach Security Answers to the user (Security >>>>>>>>>> questions are common for particular client). >>>>>>>>>> >>>>>>>>>> Best Regards, >>>>>>>>>> Juraj >>>>>>>>>> >>>>>>>>>> 2016-02-22 10:18 GMT+01:00 Bystrik Horvath < >>>>>>>>>> bystrik.horvath(a)gmail.com&gt;: >>>>>>>>>> >>>>>>>>>>> Hi, >>>>>>>>>>> >>>>>>>>>>> I think the case here is to provision the text of security >>>>>>>>>>> question to the client attributes when it is not known in advance. >>>>>>>>>>> >>>>>>>>>>> Best regards, >>>>>>>>>>> Bystrik >>>>>>>>>>> >>>>>>>>>>> On Mon, Feb 22, 2016 at 10:06 AM, Thomas Darimont < >>>>>>>>>>> thomas.darimont(a)googlemail.com&gt; wrote: >>>>>>>>>>> >>>>>>>>>>>> Interesting - do you need client specific security questions? >>>>>>>>>>>> >>>>>>>>>>>> The keycloak examples contain a custom provider for user >>>>>>>>>>>> specific security questions - perhaps this would suit your needs better. >>>>>>>>>>>> >>>>>>>>>>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authe... >>>>>>>>>>>> >>>>>>>>>>>> Cheers, >>>>>>>>>>>> Thomas >>>>>>>>>>>> >>>>>>>>>>>> 2016-02-22 10:02 GMT+01:00 Juraj Janosik < >>>>>>>>>>>> juraj.janosik77(a)gmail.com&gt;: >>>>>>>>>>>> >>>>>>>>>>>>> Hi Thomas, >>>>>>>>>>>>> >>>>>>>>>>>>> for example security questions.... :-) >>>>>>>>>>>>> >>>>>>>>>>>>> Best Regards, >>>>>>>>>>>>> Juraj >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> 2016-02-22 9:12 GMT+01:00 Thomas Darimont < >>>>>>>>>>>>> thomas.darimont(a)googlemail.com&gt;: >>>>>>>>>>>>> >>>>>>>>>>>>>> Hello Juraj, >>>>>>>>>>>>>> >>>>>>>>>>>>>> I wondered about that too a while ago - may I ask what >>>>>>>>>>>>>> client attributes you are planning to store? >>>>>>>>>>>>>> >>>>>>>>>>>>>> Cheers, >>>>>>>>>>>>>> Thomas >>>>>>>>>>>>>> >>>>>>>>>>>>>> 2016-02-22 8:17 GMT+01:00 Juraj Janosik < >>>>>>>>>>>>>> juraj.janosik77(a)gmail.com&gt;: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> The user configuration has the possibility to >>>>>>>>>>>>>>> Create/Read/Update/Delete of "custom" attributes in the Admin Console. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> (/auth/admin/master/console/#/realms/demo/users/{uid}/user-attributes) >>>>>>>>>>>>>>> The client does not. I think, the logic and the focus is >>>>>>>>>>>>>>> the same for both. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Best regards, >>>>>>>>>>>>>>> Juraj >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> 2016-02-19 15:40 GMT+01:00 Stian Thorgersen < >>>>>>>>>>>>>>> sthorger(a)redhat.com&gt;: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> We don't. Why would we add it though? >>>>>>>>>>>>>>>> On 18 Feb 2016 12:43, "Juraj Janosik" < >>>>>>>>>>>>>>>> juraj.janosik77(a)gmail.com&gt; wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> is there any plan to support for displaying of >>>>>>>>>>>>>>>>> "attributes" from Client Representation >>>>>>>>>>>>>>>>> (like users configuration) in Admin Console? >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Thanks. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Best Regards, >>>>>>>>>>>>>>>>> Juraj >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>>>> keycloak-user mailing list >>>>>>>>>>>>>>>>> keycloak-user(a)lists.jboss.org >>>>>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> keycloak-user mailing list >>>>>>>>>>>>>>> keycloak-user(a)lists.jboss.org >>>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> keycloak-user mailing list >>>>>>>>>>>> keycloak-user(a)lists.jboss.org >>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> _______________________________________________ >>>>> keycloak-user mailing list >>>>> keycloak-user(a)lists.jboss.org >>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>> >>>> >>> >> >