[keycloak-dev] Few Questions on usage

gambol gambol99 at gmail.com
Mon May 21 09:00:01 EDT 2018


Hiya

Apologizes for the wide range questions .. but figured a number for be
useful for the user base.

- Using the current scripted authentication in Authentication Flows would
it possible to use script to say if clientid == x and user have role x,
permitted else not. Also do you have a repo with some examples of scripts?
similar to https://github.com/auth0/rules

- Will the scripting always be global level, or is there any plan to make
it per client? or perhaps a better question would be will authentication
flow always be at the realm level.

- Assuming a realm with multiple identity providers, is there any means by
which a client and enforce that a use came in via a specific identity
provider? or if i come in via provider x they need to use MFA (would this
be done with a Post Login Flow on the provider perhaps?).

- Is the any plans to make Groups per client and under the client ui? as
for realms which have many disassociated applications but common user bases
it makes it easier for them to manage.

- Are the any plans to expose metrics (or perhaps they are already
exposed)? via jmx, stats, prometheus etc .. around logins, successful,
failed etc, any latency measures on identity providers, infinispan /
database operations etc

- Is there any way to turn off the internal passwords and force via
identity provider? .. i guess this is where scripting becomes useful .. i.e
if client = y get the provider name and deny if not y etc

Rohith


More information about the keycloak-dev mailing list