[keycloak-user] Admin Console: Clients Configuration: Displaying of "attributes" from Client Representation

Stian Thorgersen sthorger at redhat.com
Mon Feb 22 07:39:53 EST 2016


I thought the example did allow configuring the security question on the
authenticator, but you can create your own that does it. Then the security
questions are configured on the authenticator itself.

On 22 February 2016 at 13:24, Bystrik Horvath <bystrik.horvath at gmail.com>
wrote:

> Hi,
>
> I went through the example (
> https://github.com/keycloak/keycloak/tree/master/examples/providers/authenticator).
> The security questions are written in secret-question.ftl
> and secret-question-config.ftl files. From my point of view, the security
> questions are know in advance and they can be "hardcoded" in ftl files. My
> case is that security questions are defined during the runtime (preferably
> via  admin REST API). The admin REST API does not provide the functionality
> to store attributes on realm level. I agree that security questions belongs
> to realm, but how to provision them - *.ftl files are not an option for me.
>
> Best regards,
> Bystrik
>
> On Mon, Feb 22, 2016 at 12:55 PM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> If you look at our security questions example it stores the configuration
>> on the authenticator itself.
>>
>> On 22 February 2016 at 12:46, Bystrik Horvath <bystrik.horvath at gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> what would be a recommended way to provision a security question on
>>> realm base if the question is not known in advance? May be it is an misuse
>>> of client representation for provisioning that.
>>>
>>> Best regards,
>>> Bystrik
>>>
>>> On Mon, Feb 22, 2016 at 12:28 PM, Stian Thorgersen <sthorger at redhat.com>
>>> wrote:
>>>
>>>> I don't understand how you can have security questions that are
>>>> particular to a client. A user logs-in to a realm, not a client.
>>>>
>>>> On 22 February 2016 at 10:20, Juraj Janosik <juraj.janosik77 at gmail.com>
>>>> wrote:
>>>>
>>>>> @ Stian:
>>>>> generally said, I did not find any description, that the client
>>>>> attributes are for internal use only.
>>>>> Parameter "attributes" is propagated in ClientRepresentation in the
>>>>> REST Admin API,
>>>>> therefore should be used for CRUD admin operations.
>>>>> We plan to attach Security Answers to the user (Security questions are
>>>>> common for particular client).
>>>>>
>>>>> Best Regards,
>>>>> Juraj
>>>>>
>>>>> 2016-02-22 10:18 GMT+01:00 Bystrik Horvath <bystrik.horvath at gmail.com>
>>>>> :
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I think the case here is to provision the text of security question
>>>>>> to the client attributes when it is not known in advance.
>>>>>>
>>>>>> Best regards,
>>>>>> Bystrik
>>>>>>
>>>>>> On Mon, Feb 22, 2016 at 10:06 AM, Thomas Darimont <
>>>>>> thomas.darimont at googlemail.com> wrote:
>>>>>>
>>>>>>> Interesting - do you need client specific security questions?
>>>>>>>
>>>>>>> The keycloak examples contain a custom provider for user specific
>>>>>>> security questions - perhaps this would suit your needs better.
>>>>>>>
>>>>>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authenticator
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Thomas
>>>>>>>
>>>>>>> 2016-02-22 10:02 GMT+01:00 Juraj Janosik <juraj.janosik77 at gmail.com>
>>>>>>> :
>>>>>>>
>>>>>>>> Hi Thomas,
>>>>>>>>
>>>>>>>> for example security questions.... :-)
>>>>>>>>
>>>>>>>> Best Regards,
>>>>>>>> Juraj
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> 2016-02-22 9:12 GMT+01:00 Thomas Darimont <
>>>>>>>> thomas.darimont at googlemail.com>:
>>>>>>>>
>>>>>>>>> Hello Juraj,
>>>>>>>>>
>>>>>>>>> I wondered about that too a while ago - may I ask what client
>>>>>>>>> attributes you are planning to store?
>>>>>>>>>
>>>>>>>>> Cheers,
>>>>>>>>> Thomas
>>>>>>>>>
>>>>>>>>> 2016-02-22 8:17 GMT+01:00 Juraj Janosik <juraj.janosik77 at gmail.com
>>>>>>>>> >:
>>>>>>>>>
>>>>>>>>>> The user configuration has the possibility to
>>>>>>>>>> Create/Read/Update/Delete of "custom" attributes in the Admin Console.
>>>>>>>>>>
>>>>>>>>>> (/auth/admin/master/console/#/realms/demo/users/{uid}/user-attributes)
>>>>>>>>>> The client does not. I think, the logic and the focus is the same
>>>>>>>>>> for both.
>>>>>>>>>>
>>>>>>>>>> Best regards,
>>>>>>>>>> Juraj
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2016-02-19 15:40 GMT+01:00 Stian Thorgersen <sthorger at redhat.com>
>>>>>>>>>> :
>>>>>>>>>>
>>>>>>>>>>> We don't. Why would we add it though?
>>>>>>>>>>> On 18 Feb 2016 12:43, "Juraj Janosik" <juraj.janosik77 at gmail.com>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi,
>>>>>>>>>>>>
>>>>>>>>>>>> is there any plan to support for displaying of "attributes"
>>>>>>>>>>>> from Client Representation
>>>>>>>>>>>> (like users configuration) in Admin Console?
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks.
>>>>>>>>>>>>
>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>> Juraj
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160222/b39490e9/attachment-0001.html 


More information about the keycloak-user mailing list