[keycloak-dev] disabling credential types
Stian Thorgersen
sthorger at redhat.com
Mon Oct 31 01:46:14 EDT 2016
Can you explain the rational behind this? I don't understand what the
use-case is and why you would want to "disable" credentials.
On 28 October 2016 at 23:00, Bill Burke <bburke at redhat.com> wrote:
> Admin console user credential tab has been changed. It will now list
> "disabable credential types". This will be a list of credential types
> that can be disabled by the admin (i.e. OTP, PASSWORD, CERT, etc..).
> All this hooks into the Credential SPI that I went over a few weeks
> ago. So, if new credential types are created, they should show up in
> the console too.
>
> Note that disabling happens per credential type, and not per device
> (i.e. OTP). I honestly could not figure out how to have an SPI and
> generic admin console UI that would take into account ideas like
> multiple OTPs, certs, etc...So, disabling is done per type, not per OTP
> generator. These are the SPI items that are the backbone of this
> feature. They are methods on UserCredentialManager
>
> /** * Calls disableCredential on UserStorageProvider and
> UserFederationProviders first, then loop through * each
> CredentialProvider. * * @param realm * @param user * @param
> credentialType */ void disableCredentialType(RealmModel realm, UserModel
> user, String credentialType);
>
> /** * Returns a set of credential types that can be disabled by
> disableCredentialType() method * * @param realm * @param user * @return */
> Set<String> getDisableableCredentialTypes(RealmModel realm, UserModel
> user);
>
> CredentialProviders and UserStorageProviders will be required to
> implement these methods if they support credential updates.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list