[keycloak-user] Admin Console: Clients Configuration: Displaying of "attributes" from Client Representation
Thomas Darimont
thomas.darimont at googlemail.com
Mon Feb 22 07:48:00 EST 2016
You could define the set of secret questions on the authenticator - you
could either hardcode them or make them configurable by implementing
ConfiguredProvider see [0].
Then you could store a reference to the selected secret question and the
answer as a custom user-attribute.
Cheers,
Thomas
[0] -
https://github.com/keycloak/keycloak/blob/60f9f73c4ca2ddf4ad49ff53a03a63dca8148ea9/server-spi/src/main/java/org/keycloak/provider/ConfiguredProvider.java#L26
Stian Thorgersen <sthorger at redhat.com> schrieb am Mo., 22. Feb. 2016, 13:40:
> I thought the example did allow configuring the security question on the
> authenticator, but you can create your own that does it. Then the security
> questions are configured on the authenticator itself.
>
> On 22 February 2016 at 13:24, Bystrik Horvath <bystrik.horvath at gmail.com>
> wrote:
>
>> Hi,
>>
>> I went through the example (
>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authenticator).
>> The security questions are written in secret-question.ftl
>> and secret-question-config.ftl files. From my point of view, the security
>> questions are know in advance and they can be "hardcoded" in ftl files. My
>> case is that security questions are defined during the runtime (preferably
>> via admin REST API). The admin REST API does not provide the functionality
>> to store attributes on realm level. I agree that security questions belongs
>> to realm, but how to provision them - *.ftl files are not an option for me.
>>
>> Best regards,
>> Bystrik
>>
>> On Mon, Feb 22, 2016 at 12:55 PM, Stian Thorgersen <sthorger at redhat.com>
>> wrote:
>>
>>> If you look at our security questions example it stores the
>>> configuration on the authenticator itself.
>>>
>>> On 22 February 2016 at 12:46, Bystrik Horvath <bystrik.horvath at gmail.com
>>> > wrote:
>>>
>>>> Hi,
>>>>
>>>> what would be a recommended way to provision a security question on
>>>> realm base if the question is not known in advance? May be it is an misuse
>>>> of client representation for provisioning that.
>>>>
>>>> Best regards,
>>>> Bystrik
>>>>
>>>> On Mon, Feb 22, 2016 at 12:28 PM, Stian Thorgersen <sthorger at redhat.com
>>>> > wrote:
>>>>
>>>>> I don't understand how you can have security questions that are
>>>>> particular to a client. A user logs-in to a realm, not a client.
>>>>>
>>>>> On 22 February 2016 at 10:20, Juraj Janosik <juraj.janosik77 at gmail.com
>>>>> > wrote:
>>>>>
>>>>>> @ Stian:
>>>>>> generally said, I did not find any description, that the client
>>>>>> attributes are for internal use only.
>>>>>> Parameter "attributes" is propagated in ClientRepresentation in the
>>>>>> REST Admin API,
>>>>>> therefore should be used for CRUD admin operations.
>>>>>> We plan to attach Security Answers to the user (Security questions
>>>>>> are common for particular client).
>>>>>>
>>>>>> Best Regards,
>>>>>> Juraj
>>>>>>
>>>>>> 2016-02-22 10:18 GMT+01:00 Bystrik Horvath <bystrik.horvath at gmail.com
>>>>>> >:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I think the case here is to provision the text of security question
>>>>>>> to the client attributes when it is not known in advance.
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Bystrik
>>>>>>>
>>>>>>> On Mon, Feb 22, 2016 at 10:06 AM, Thomas Darimont <
>>>>>>> thomas.darimont at googlemail.com> wrote:
>>>>>>>
>>>>>>>> Interesting - do you need client specific security questions?
>>>>>>>>
>>>>>>>> The keycloak examples contain a custom provider for user specific
>>>>>>>> security questions - perhaps this would suit your needs better.
>>>>>>>>
>>>>>>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authenticator
>>>>>>>>
>>>>>>>> Cheers,
>>>>>>>> Thomas
>>>>>>>>
>>>>>>>> 2016-02-22 10:02 GMT+01:00 Juraj Janosik <juraj.janosik77 at gmail.com
>>>>>>>> >:
>>>>>>>>
>>>>>>>>> Hi Thomas,
>>>>>>>>>
>>>>>>>>> for example security questions.... :-)
>>>>>>>>>
>>>>>>>>> Best Regards,
>>>>>>>>> Juraj
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 2016-02-22 9:12 GMT+01:00 Thomas Darimont <
>>>>>>>>> thomas.darimont at googlemail.com>:
>>>>>>>>>
>>>>>>>>>> Hello Juraj,
>>>>>>>>>>
>>>>>>>>>> I wondered about that too a while ago - may I ask what client
>>>>>>>>>> attributes you are planning to store?
>>>>>>>>>>
>>>>>>>>>> Cheers,
>>>>>>>>>> Thomas
>>>>>>>>>>
>>>>>>>>>> 2016-02-22 8:17 GMT+01:00 Juraj Janosik <
>>>>>>>>>> juraj.janosik77 at gmail.com>:
>>>>>>>>>>
>>>>>>>>>>> The user configuration has the possibility to
>>>>>>>>>>> Create/Read/Update/Delete of "custom" attributes in the Admin Console.
>>>>>>>>>>>
>>>>>>>>>>> (/auth/admin/master/console/#/realms/demo/users/{uid}/user-attributes)
>>>>>>>>>>> The client does not. I think, the logic and the focus is the
>>>>>>>>>>> same for both.
>>>>>>>>>>>
>>>>>>>>>>> Best regards,
>>>>>>>>>>> Juraj
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> 2016-02-19 15:40 GMT+01:00 Stian Thorgersen <sthorger at redhat.com
>>>>>>>>>>> >:
>>>>>>>>>>>
>>>>>>>>>>>> We don't. Why would we add it though?
>>>>>>>>>>>> On 18 Feb 2016 12:43, "Juraj Janosik" <
>>>>>>>>>>>> juraj.janosik77 at gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>
>>>>>>>>>>>>> is there any plan to support for displaying of "attributes"
>>>>>>>>>>>>> from Client Representation
>>>>>>>>>>>>> (like users configuration) in Admin Console?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>> Juraj
>>>>>>>>>>>>>
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-user mailing list
>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160222/a78c9da9/attachment-0001.html
More information about the keycloak-user
mailing list