[keycloak-dev] Do we have Login SPI with Keycloak_1.1.0_Final?
Stian Thorgersen
stian at redhat.com
Tue Feb 3 05:08:00 EST 2015
----- Original Message -----
> From: "Lakshmi Narayana VADALI (lvadali)" <lvadali at cisco.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Tuesday, 3 February, 2015 10:58:09 AM
> Subject: RE: [keycloak-dev] Do we have Login SPI with Keycloak_1.1.0_Final?
>
> By LogIn SPI we mean any SPI for Customizing authentication.
>
> We need to authenticate devices which will come for authentication with
> their certificate.
> As per keycloak-dev suggestion currently (Integrated with
> Keycloak_1.0.4_Final) we are following below procedure
> 1. Create a new jaxrs class with two methods, one that returns the nounce
> and another that authenticates the client, look at TokenService as a
> reference for this, specifically at TokenService.grantAccessToken.
> 2. Extend KeycloakApplication to add your new class
> 3. Create your own auth-server war - see 'project-integrations/aerogear-ups'
> as a reference for this
> Also we were told that keycloak will come up with hooks whereby we can plug
> in our authentication mechanism. We want to know whether hooks(LogIn SPI)
> are provided with Latest Keycloak 1.1.0_Final Release.
No this is not available yet, and you will have to modify the above a fair bit to make it work.
>
> For reference attaching previous discussion with Keycloak-dev.
>
> Our Requirement:
> Instead of Existing one step authentication(user/pass), We need custom
> certificate based authentication which is 2-step Authentication as below:
> 1. Bypass Login screen , instead generate nonce(UUID) and provide
> intermediate Endpoint URL for Certificate based authentication.
> 2. Client will come to Certificate based authentication with its
> certificate and encrypted UUID. After Validating Encrypted UUID
> and Client certificate server should generate “Access code”.
Assuming this is to authenticate clients, not users, you should use direct grant, not regular login.
>
>
> Thanks,
> Lakshmi Narayana V
>
>
> -----Original Message-----
> From: Stian Thorgersen [mailto:stian at redhat.com]
> Sent: Tuesday, February 03, 2015 1:40 PM
> To: Lakshmi Narayana VADALI (lvadali)
> Cc: keycloak-dev at lists.jboss.org
> Subject: Re: [keycloak-dev] Do we have Login SPI with Keycloak_1.1.0_Final?
>
>
>
> ----- Original Message -----
> > From: "Lakshmi Narayana VADALI (lvadali)" <lvadali at cisco.com>
> > To: keycloak-dev at lists.jboss.org
> > Sent: Tuesday, 3 February, 2015 8:03:56 AM
> > Subject: [keycloak-dev] Do we have Login SPI with Keycloak_1.1.0_Final?
> >
> >
> >
> >
> >
> > Congrats Team for Keycloak 1.1.0.Final Release loaded with features.
> >
> >
> >
> > We are planning to integrate our code with Latest Keycloak. So Can you
> > please confirm do we have full support for Below features in
> > Keycloak_1.1.0_Final Release.
> >
> >
> >
> > 1. Login SPI
>
> Not sure what you're referring to
>
> >
> > 2. HA Support
>
> Yes
>
> >
> > 3. Clustering Support
>
> Yes, it's one of the top new features in 1.1, so yes of course
>
> >
> >
> >
> > Thanks,
> >
> > Lakshmi Narayana V
> >
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list