[keycloak-dev] generic cli sso utility
Darran Lofthouse
darran.lofthouse at jboss.com
Mon Aug 14 07:28:30 EDT 2017
Could the integration Pedro added to the JBoss CLI make use of this. I
believe there at the moment any tokens are obtained at the time they are
needed so would be good to combine that with a cached token as well.
Regards,
Darran Lofthouse.
On Mon, 14 Aug 2017 at 12:21 Stian Thorgersen <sthorger at redhat.com> wrote:
> For this exact reason it can't use the browser based flow rather it should
> the direct grant (or some other flow?!?).
>
> On 4 August 2017 at 10:09, Marek Posolda <mposolda at redhat.com> wrote:
>
> > I wonder if it's possible to have CLI utility, which is able to read
> > HTML with the form and challenge user based on that? For example once it
> > receives the HTML like this:
> >
> > <form>
> > Username: <input name="username" />
> > Password: <input name="password" type="password" />
> > </form>
> >
> > Then in command line, user will be challenged for username and password.
> >
> > I am not sure if it's doable in practice and how much work it is. Sounds
> > like re-implementing browser in command line. But maybe something like
> > this exists already?
> >
> > BTV. Some things will never work in CLI in my opinion. For example:
> > - Registration with captcha
> > - TOTP setup
> > - Broker login (but hopefully some brokers offer alternatives)
> >
> > Marek
> >
> >
> > On 28/07/17 22:36, Bill Burke wrote:
> > > I've developed a small command line utility around Keycloak Installed.
> > > The idea is that this utility performs a login with keycloak to obtain
> > > an access token. This utility saves the access and refresh token in a
> > > file (similar to how ssh does in .ssh). Then bash scripts can be used
> to
> > > export the access token as an environment variable so it can be used by
> > > other command line utilities.
> > >
> > >
> > > https://github.com/patriot1burke/keycloak/blob/master/adapters/oidc/
> > installed/src/main/java/org/keycloak/adapters/installed/
> > KeycloakCliSso.java
> > >
> > > https://github.com/patriot1burke/keycloak/tree/
> > master/adapters/oidc/cli-sso
> > >
> > >
> > > Eventually I'm thinking of creating a text/plain protocol with Keycloak
> > > server so that launching a browser or cutting/pasting between the
> > > command line window and browser isn't a requirement. It woudl be a
> plain
> > > text challenge response protocol. This would require a bit more work
> as
> > > it would require reworking all of our built in authenticators and
> > > required action plugins.
> > >
> > > _______________________________________________
> > > keycloak-dev mailing list
> > > keycloak-dev at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
> >
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list