I've attached a subset of my (Bash) setup script. This is the part that
handles the script authenticator setup. Hope it helps.
Craig
=================================
*Craig Setera*
*Chief Technology Officer*
On Fri, Jan 18, 2019 at 3:31 PM Dmitry Telegin <dt(a)acutus.pro> wrote:
Yes, generally there are three ways to do things in Keycloak, namely
admin
console, REST API and kcadm.sh tool (that uses REST API under the hood).
The latter may be preferable from the automation PoV since it hides
the complexity of the API behind a (relatively) simple CLI wrapper.
I remember Craig Setera (in CC) was trying to create custom JS
authenticator via kcadm.sh, so I hope he can tell you more.
Cheers,
Dmitry
On Fri, 2019-01-18 at 14:05 -0500, Scott Thibault wrote:
> Oh, I did not realize you create these from the admin console. That
should work. I see there is a REST API as well, so I could automate the
setup which is really nice.
>
> Thanks!
> --Scott
>
> > On Fri, Jan 18, 2019 at 1:54 PM Dmitry Telegin <dt(a)acutus.pro> wrote:
> > Hi Scott,
> >
> > On Fri, 2019-01-18 at 13:03 -0500, Scott Thibault wrote:
> > > That does look like it does what we would want. However, I don't
think I can add custom authenticators. I'm administering an Eclipse Che
instance which embeds Keycloak for it's authentication. Is there any other
approach?
> >
> > Just FYI, Che's embedded Keycloak is fully accessible [1], so
it shouldn't be problematic install a single JS authenticator.
> >
> > [1]
https://www.eclipse.org/che/docs/che-6/user-management.html
> >
> > Good luck,
> > Dmitry
> >
> > >
> > > --Scott
> > >
> > >
> > > > > > On Wed, Jan 16, 2019 at 5:52 PM Dmitry Telegin
<dt(a)acutus.pro>
wrote:
> > > > Hi Scott,
> > > >
> > > > I think Geoffrey Cleaves has done this with the help of custom
authenticator, please check out this thread:
http://lists.jboss.org/pipermail/keycloak-user/2018-December/016703.html
> > > >
> > > > Cheers,
> > > > Dmitry Telegin
> > > > CTO, Acutus s.r.o.
> > > > Keycloak Consulting and Training
> > > >
> > > > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> > > > +42 (022) 888-30-71
> > > > E-mail: info(a)acutus.pro
> > > >
> > > > On Wed, 2019-01-16 at 14:12 -0500, Scott Thibault wrote:
> > > > > Out-of-the-box, the First Broker Login flow automatically
registers
> > > > > non-existing users authenticated by an identity provider. I
would not like
> > > > > anyone with a valid Google account to be able to login, but
only
those with
> > > > > existing accounts. However, any attempt to create a custom
flow
without
> > > > > the "Create User If Unique" item leads to an
error=invalid_user_credentials.
> > > > >
> > > > > Is there some solution that would allow me to prevent users
without an
> > > > > existing account to login via the Google identity provider?
> > > > > _______________________________________________
> > > > > keycloak-user mailing list
> > > > > keycloak-user(a)lists.jboss.org
> > > > >
https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > >
> >