2:55 p.m.
Hi all,
I have configured a realm in which I have allowed user registration and Kerberos
authentication. For user registration I have activated email address verification. Now my
issue is that when I do the first login through Kerberos I also need to validate the email
address.
I configured it in the same realm because I configured a SAML client application which
both self-registered and Kerberos authenticated users need to access.
What I want is having self-registered users validating their email address and
authenticating themselves with username/password and accessing all trusted applications
with SSO. I want to have “corporate” users authenticate with Kerberos and access all
trusted applications (same applications as self-registered users).
Is there another/ a right way to configure keycloak to do what I would like to do? Or
should it be implemented as an option in ldap/Kerberos User federation provider such as
“Trust email address” which will bypass the required action “verify email”?
Thank you in advance for your help,
Regards,
Greg
2:11 p.m.
It's not available OOTB.
There are few extension points, which you can use to achieve that. For
example:
- Create requiredAction (maybe subclass of existing VerifyEmail
requiredAction), which will automatically "Approve" in case that user
was imported from LDAP (or Kerberos) provider
- Create registration form action, which will add the requiredAction to
the user in case they were registered through the registration form.
This assumes that "Verify Email" option on realm level is off
- Create LDAP mapper, which will automatically set emailVerified to
users imported from LDAP (assuming that you use LDAP provider with
KErberos support. Not plain Kerberos provider)
Marek
On 27/02/18 21:55, Ruch Grégory wrote:
Hi all,
I have configured a realm in which I have allowed user registration and Kerberos
authentication. For user registration I have activated email address verification. Now my
issue is that when I do the first login through Kerberos I also need to validate the email
address.
I configured it in the same realm because I configured a SAML client application which
both self-registered and Kerberos authenticated users need to access.
What I want is having self-registered users validating their email address and
authenticating themselves with username/password and accessing all trusted applications
with SSO. I want to have “corporate” users authenticate with Kerberos and access all
trusted applications (same applications as self-registered users).
Is there another/ a right way to configure keycloak to do what I would like to do? Or
should it be implemented as an option in ldap/Kerberos User federation provider such as
“Trust email address” which will bypass the required action “verify email”?
Thank you in advance for your help,
Regards,
Greg
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3:44 p.m.
Thank you for your answers!
I used your second idea. It works fine.
Greg
On 28.02.18, 21:11, "Marek Posolda" <mposolda(a)redhat.com> wrote:
It's not available OOTB.
There are few extension points, which you can use to achieve that. For
example:
- Create requiredAction (maybe subclass of existing VerifyEmail
requiredAction), which will automatically "Approve" in case that user
was imported from LDAP (or Kerberos) provider
- Create registration form action, which will add the requiredAction to
the user in case they were registered through the registration form.
This assumes that "Verify Email" option on realm level is off
- Create LDAP mapper, which will automatically set emailVerified to
users imported from LDAP (assuming that you use LDAP provider with
KErberos support. Not plain Kerberos provider)
Marek
On 27/02/18 21:55, Ruch Grégory wrote:
Hi all,
I have configured a realm in which I have allowed user registration and Kerberos
authentication. For user registration I have activated email address verification. Now my
issue is that when I do the first login through Kerberos I also need to validate the email
address.
I configured it in the same realm because I configured a SAML client application which
both self-registered and Kerberos authenticated users need to access.
What I want is having self-registered users validating their email address and
authenticating themselves with username/password and accessing all trusted applications
with SSO. I want to have “corporate” users authenticate with Kerberos and access all
trusted applications (same applications as self-registered users).
Is there another/ a right way to configure keycloak to do what I would like to do? Or
should it be implemented as an option in ldap/Kerberos User federation provider such as
“Trust email address” which will bypass the required action “verify email”?
Thank you in advance for your help,
Regards,
Greg
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2506
days inactive
2507
days old
2 comments
2 participants
participants (2)
-
Marek Posolda -
Ruch Grégory