9:17 a.m.
Hello Folks,
anyone knows how to verify an OTP (TOTP) token against the Keycloak Openid REST API for
clients with direct access grants enabled? I cannot seem to find any hints on the correct
API endpoints.
I’m trying to get a working freeradius setup for 802.1X/VPN authentication with 2FA
enabled. The basic username/password authentication already works.
Best,
Stefan.
--
Stefan Schlesinger
sts(a)ono.at
7:31 a.m.
Hello Stefan,
have a look at this example from the mailing list:
http://lists.jboss.org/pipermail/keycloak-dev/2016-November/008419.html
Cheers,
Thomas
2017-01-06 16:17 GMT+01:00 Stefan Schlesinger <sts(a)ono.at>:
Hello Folks,
anyone knows how to verify an OTP (TOTP) token against the Keycloak Openid
REST API for clients with direct access grants enabled? I cannot seem to
find any hints on the correct API endpoints.
I’m trying to get a working freeradius setup for 802.1X/VPN authentication
with 2FA enabled. The basic username/password authentication already works.
Best,
Stefan.
--
Stefan Schlesinger
sts(a)ono.at
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
4:48 a.m.
Hi Thomas,
I’m trying to use the examples provided in the thread you pointed me at,
but the last call to the validation endpoint gives me a 404.
I also tried to find documentation, but apart from the admin REST API
and the Authorization API[1] (which covers basic usage) I couldn’t find
anything.
My test script:
https://gist.github.com/sts/4c6f8fa759cec88197ca6dfcf306c391
Best,
Stefan.
[1] Authorization API -
https://keycloak.gitbooks.io/authorization-services-guide/content/v/2.5/t...
On 07 Jan 2017, at 14:31, Thomas Darimont
<thomas.darimont(a)googlemail.com> wrote:
have a look at this example from the mailing list:
http://lists.jboss.org/pipermail/keycloak-dev/2016-November/008419.html
2017-01-06 16:17 GMT+01:00 Stefan Schlesinger <sts(a)ono.at>:
> Anyone knows how to verify an OTP (TOTP) token against the Keycloak Openid REST API
for clients with direct access grants enabled?
4:54 a.m.
New subject: 2FA via REST API -> server-spi-private?
A colleague of mine pointed me to the following commit, which looks like it moved some
things to a "server-spi-private”.
Could this be related?
https://issues.jboss.org/browse/KEYCLOAK-3958
https://github.com/keycloak/keycloak/commit/7e33f4a7d1cbf2b37aa2a6d5b87df...
Best, Stefan.
On 08 Jan 2017, at 11:48, Stefan Schlesinger <sts(a)ono.at>
wrote:
Hi Thomas,
I’m trying to use the examples provided in the thread you pointed me at,
but the last call to the validation endpoint gives me a 404.
I also tried to find documentation, but apart from the admin REST API
and the Authorization API[1] (which covers basic usage) I couldn’t find
anything.
My test script:
https://gist.github.com/sts/4c6f8fa759cec88197ca6dfcf306c391
Best,
Stefan.
[1] Authorization API -
https://keycloak.gitbooks.io/authorization-services-guide/content/v/2.5/t...
> On 07 Jan 2017, at 14:31, Thomas Darimont <thomas.darimont(a)googlemail.com>
wrote:
>
> have a look at this example from the mailing list:
> http://lists.jboss.org/pipermail/keycloak-dev/2016-November/008419.html
>
> 2017-01-06 16:17 GMT+01:00 Stefan Schlesinger <sts(a)ono.at>:
>> Anyone knows how to verify an OTP (TOTP) token against the Keycloak Openid REST
API for clients with direct access grants enabled?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
5:47 a.m.
New subject: 2FA via REST API -> server-spi-private?
Neither server-private-spi or authorization api hasn't anything to do with
what you are trying to achieve.
You need to use the direct grant api and include otp code has "totp" in the
form data.
On 9 January 2017 at 11:54, Stefan Schlesinger <sts(a)ono.at> wrote:
A colleague of mine pointed me to the following commit, which looks
like
it moved some things to a "server-spi-private”.
Could this be related?
https://issues.jboss.org/browse/KEYCLOAK-3958
https://github.com/keycloak/keycloak/commit/7e33f4a7d1cbf2b37aa2a6d5b87dfe
70d57d0252
Best, Stefan.
> On 08 Jan 2017, at 11:48, Stefan Schlesinger <sts(a)ono.at> wrote:
>
> Hi Thomas,
>
> I’m trying to use the examples provided in the thread you pointed me at,
> but the last call to the validation endpoint gives me a 404.
>
> I also tried to find documentation, but apart from the admin REST API
> and the Authorization API[1] (which covers basic usage) I couldn’t find
> anything.
>
> My test script:
>
> https://gist.github.com/sts/4c6f8fa759cec88197ca6dfcf306c391
>
> Best,
>
> Stefan.
>
> [1] Authorization API - https://keycloak.gitbooks.io/
authorization-services-guide/content/v/2.5/topics/service/
authorization/authorization-api.html
>
>> On 07 Jan 2017, at 14:31, Thomas Darimont <thomas.darimont@googlemail.
com> wrote:
>>
>> have a look at this example from the mailing list:
>> http://lists.jboss.org/pipermail/keycloak-dev/2016-November/008419.html
>>
>> 2017-01-06 16:17 GMT+01:00 Stefan Schlesinger <sts(a)ono.at>:
>>> Anyone knows how to verify an OTP (TOTP) token against the Keycloak
Openid REST API for clients with direct access grants enabled?
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
5:54 a.m.
New subject: 2FA via REST API -> server-spi-private?
Can you give an example where to post the mentioned data? The curl call I’m trying to do,
gives me a 404:
curl -v \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d
"[{"\""type"\"":"\""totp"\"","\""value"\"":"\""$OTP_CODE"\""}]"
\
$BASE_URL/realms/$REALM/credential-validation
Best, Stefan
On 09 Jan 2017, at 12:47, Stian Thorgersen
<sthorger(a)redhat.com> wrote:
Neither server-private-spi or authorization api hasn't anything to do with what you
are trying to achieve.
You need to use the direct grant api and include otp code has "totp" in the
form data.
6:32 a.m.
New subject: 2FA via REST API -> server-spi-private?
Take a look at
https://keycloak.gitbooks.io/securing-client-applications-guide/content/t...
On 9 January 2017 at 12:54, Stefan Schlesinger <sts(a)ono.at> wrote:
Can you give an example where to post the mentioned data? The curl
call
I’m trying to do, gives me a 404:
curl -v \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d
"[{"\""type"\"":"\""totp"\"","\""value"\"":"\""$OTP_CODE"\""}]"
\
$BASE_URL/realms/$REALM/credential-validation
Best, Stefan
> On 09 Jan 2017, at 12:47, Stian Thorgersen <sthorger(a)redhat.com> wrote:
>
> Neither server-private-spi or authorization api hasn't anything to do
with what you are trying to achieve.
>
> You need to use the direct grant api and include otp code has "totp" in
the form data.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3389
days inactive
3392
days old
6 comments
3 participants
participants (3)
-
Stefan Schlesinger -
Stian Thorgersen -
Thomas Darimont