[keycloak-user] Custom Authentication and Federation question

Jeff Macomber jeff.macomber at modernizingmedicine.com
Wed Nov 11 13:00:08 EST 2015


Hi,

I am trying to figure out how/if KeyCloak can be used for a project.  The
background is that we need three pieces of information to login a user
location, username, password.  The location is used to allow us to figure
out where that user record can be found in distributed environment.  We
have no single central user database but instead a number of different user
databases installed in logically/physically different locations.  We do not
want anything other than login from KeyClaok and we need to be able to
support SAML and eventually OAuth2.

Based on reading the documentation it seems i would need to do the
following:
1. Custom Authentication and AuthenticationFactory to handle validation of
the user credentials
2. Custom federation provider and factory to handle construction of the
user object

I then created the custom authentication and factory.  Packaged them and
placed them in the standalone.  I then saw the new option in the
Authentication Admin menu.  I created a new Flow by copying the Browser
flow and removed the default items and just required the new provider.
Saved, restarted.  Then using a SAML client i tried login but i dont get
the new login form (which i reference in the code for the authenticator).
What i get is still the default login page with the two normal fields.
When i submit that form it never attempts to execute the code in my custom
authenticator.

So my questions are:
1. Am i correct that i need a custom authentication and federation
providers? Is there additional items i need here?
2. How do i get the SAML login page to use my custom login page and how do
i route to the custom authentication code? and ideally how do i leave the
admin console login page alone since that will use local users not these
federated remote users.

Please let me know if i can provide more info for clarification.

Thanks
Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151111/766d59f9/attachment.html 


More information about the keycloak-user mailing list