[keycloak-user] External Registration Flow

Bill Burke bburke at redhat.com
Tue Apr 7 12:01:29 EDT 2015


Wouldn't you want Keycloak to ask for new credential input?  That way 
you can control from keycloak what credential types are required.

On 4/7/2015 11:52 AM, Schneider, Tom wrote:
> That is close, but not quite the flow we're trying to implement.  This would be the flow we are attempting to implement:
>
> 1. Visit app
> 2. Click on registration link within app
> 3. Fill out registration info
> 4. App calls keycloak webservices to create user and set password
> 5. Redirect to keycloak
> 6. ??? (Currently SAML Login)
> 7. Redirect back to app
>
> Ideally I would think there would be a way for the app to request some kind of token that can be sent back to keycloak to allow the user to be logged in with having the end user login explicitly.  However, I haven't found anything that would do something like this yet.
>
> -----Original Message-----
> From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Bill Burke
> Sent: Tuesday, April 07, 2015 10:31 AM
> To: keycloak-user at lists.jboss.org
> Subject: Re: [keycloak-user] External Registration Flow
>
> To have the seemless integration you want, Keycloak would need some kind of remote registration protocol so that registration could be delegated to another app.  We don't have this ability yet.  This is because you want this flow, right?:
>
> 1. Visit app
> 2. Redirected to Keycloak login
> 3. Click on registration link on page
> 4. Redirect to External registration app 5. Register 6. Redirect back to keycloak 7. Import user 8. Redirect back to app
>
>
> On 4/7/2015 10:17 AM, Schneider, Tom wrote:
>> I have an existing application that I'm looking to integrate with
>> keycloak.  One of the flows we're working on is a user
>> self-registration flow.  In this flow, a user will enter registration
>> information, then the user will be provisioned within the local app
>> and then we use web service calls to create the user in keycloak.
>> After the user is provisioned, then we do a SAML post to keycloak, the
>> user logs in and then they are redirected back to our app.
>>
>> This is all working fine, however, the user must enter their username
>> and password twice, once on the registration screen and once to log
>> into keycloak to establish an SSO session.  We'd like to avoid using
>> the keycloak registration screens since we collect additional business
>> data on our registration screen that our app needs.  Are there any
>> suggestions on how to avoid this double login?
>>
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-user mailing list