[keycloak-dev] Do we have Login SPI with Keycloak_1.1.0_Final?

Stian Thorgersen stian at redhat.com
Tue Feb 3 05:08:00 EST 2015 


----- Original Message -----
> From: "Lakshmi Narayana VADALI (lvadali)" <lvadali at cisco.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Tuesday, 3 February, 2015 10:58:09 AM
> Subject: RE: [keycloak-dev] Do we have Login SPI with Keycloak_1.1.0_Final?
> 
> By LogIn SPI  we mean any SPI for Customizing authentication.
> 
> We need to authenticate  devices which will come for authentication with
> their  certificate.
> As per keycloak-dev suggestion currently (Integrated with
> Keycloak_1.0.4_Final) we are following below procedure
> 	1. Create a new jaxrs class with two methods, one that returns the nounce
> 	and another that authenticates the client, look at TokenService as a
> 	reference for this, specifically at TokenService.grantAccessToken.
> 	2. Extend KeycloakApplication to add your new class
> 	3. Create your own auth-server war - see 'project-integrations/aerogear-ups'
> 	as a reference for this
> Also we were told that keycloak will come up with hooks whereby we can plug
> in our authentication mechanism. We want to know whether hooks(LogIn SPI)
> are provided with Latest Keycloak 1.1.0_Final Release.

No this is not available yet, and you will have to modify the above a fair bit to make it work.

> 
> For reference attaching previous discussion with Keycloak-dev.
> 
> Our Requirement:
> Instead of Existing one step authentication(user/pass), We  need custom
> certificate based authentication which is 2-step Authentication as below:
>     1. Bypass Login screen , instead generate nonce(UUID) and provide
>     intermediate Endpoint URL for Certificate based authentication.
>     2. Client will come to Certificate based authentication with its
>     certificate and encrypted UUID.  After Validating Encrypted UUID
>        and Client certificate server should generate “Access code”.

Assuming this is to authenticate clients, not users, you should use direct grant, not regular login.

> 
> 
> Thanks,
> Lakshmi Narayana V
> 
> 
> -----Original Message-----
> From: Stian Thorgersen [mailto:stian at redhat.com]
> Sent: Tuesday, February 03, 2015 1:40 PM
> To: Lakshmi Narayana VADALI (lvadali)
> Cc: keycloak-dev at lists.jboss.org
> Subject: Re: [keycloak-dev] Do we have Login SPI with Keycloak_1.1.0_Final?
> 
> 
> 
> ----- Original Message -----
> > From: "Lakshmi Narayana VADALI (lvadali)" <lvadali at cisco.com>
> > To: keycloak-dev at lists.jboss.org
> > Sent: Tuesday, 3 February, 2015 8:03:56 AM
> > Subject: [keycloak-dev] Do we have Login SPI with Keycloak_1.1.0_Final?
> > 
> > 
> > 
> > 
> > 
> > Congrats Team for Keycloak 1.1.0.Final Release loaded with features.
> > 
> > 
> > 
> > We are planning to integrate our code with Latest Keycloak. So Can you
> > please confirm do we have full support for Below features in
> > Keycloak_1.1.0_Final Release.
> > 
> > 
> > 
> > 1. Login SPI
> 
> Not sure what you're referring to
> 
> > 
> > 2. HA Support
> 
> Yes
> 
> > 
> > 3. Clustering Support
> 
> Yes, it's one of the top new features in 1.1, so yes of course
> 
> > 
> > 
> > 
> > Thanks,
> > 
> > Lakshmi Narayana V
> > 
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

More information about the keycloak-dev mailing list