[keycloak-user] Limit Google authentication by domain?

Stian Thorgersen stian at redhat.com
Tue Mar 24 02:09:21 EDT 2015


Not sure why it's not working, you can enable debug for org.keycloak.services.DefaultKeycloakSessionFactory and org.keycloak.provider.ProviderManager that may provide some option.

Alternatively, if you try with master (build from github) or wait until 1.2.0.Beta1 is released you can configure your own OpenID Connect provider which would let you add the hd param to the authorization url.

----- Original Message -----
> From: "Thorsten" <thorsten315 at gmx.de>
> To: "Bill Burke" <bburke at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Monday, 23 March, 2015 5:11:12 PM
> Subject: Re: [keycloak-user] Limit Google authentication by domain?
> 
> Ok, I have copied the social Google adapter (all based on the 1.1.0.Final
> codebase) and modified a few lines (incl. ID and NAME). I also adjusted the
> "services" entry to match the new class name.
> Now I used the jboss/keycloak:1.1.0.Final docker image and just added my
> adapter jar to the /opt/jboss/keycloak/standalone/configuration/providers/
> directory.
> 
> But when I start the docker container and enable Social Login I don't see my
> social module name in the "Add provider..." pulldown list.
> 
> Is there anything else I need to do in order to add my social provider to
> register?
> 
> Thanks
> 
> 2015-03-23 15:19 GMT+01:00 Bill Burke < bburke at redhat.com > :
> 
> 
> We don't support this. Our "social" module contains our Google adapter.
> 
> On 3/23/2015 10:14 AM, Thorsten wrote:
> > Hi,
> > 
> > is there a way to limit the Google authentication to only work for users
> > that have a Google account in a specific Google app domain? Right now it
> > seems that anybody with a Google+ account can login once you enable it.
> > 
> > Is there an out-of-the box way to get this done though configuration and
> > if not what would be the simplest way to implement this?
> > 
> > Thanks
> > 
> > 
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > 
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list