[keycloak-user] Admin Console: Clients Configuration: Displaying of "attributes" from Client Representation

Bystrik Horvath bystrik.horvath at gmail.com
Mon Feb 22 07:58:44 EST 2016


Thank you guys for the answers, I think you & Stian directed me to the
right way, so it should solve my requirements.

Best regards,
Bystrik



On Mon, Feb 22, 2016 at 1:48 PM, Thomas Darimont <
thomas.darimont at googlemail.com> wrote:

> You could define the set of secret questions on the authenticator - you
> could either hardcode them or make them configurable by implementing
> ConfiguredProvider see [0].
> Then you could store a reference to the selected secret question and the
> answer as a custom user-attribute.
>
> Cheers,
>
> Thomas
>
> [0] -
> https://github.com/keycloak/keycloak/blob/60f9f73c4ca2ddf4ad49ff53a03a63dca8148ea9/server-spi/src/main/java/org/keycloak/provider/ConfiguredProvider.java#L26
>
> Stian Thorgersen <sthorger at redhat.com> schrieb am Mo., 22. Feb. 2016,
> 13:40:
>
>> I thought the example did allow configuring the security question on the
>> authenticator, but you can create your own that does it. Then the security
>> questions are configured on the authenticator itself.
>>
>> On 22 February 2016 at 13:24, Bystrik Horvath <bystrik.horvath at gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> I went through the example (
>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authenticator).
>>> The security questions are written in secret-question.ftl
>>> and secret-question-config.ftl files. From my point of view, the security
>>> questions are know in advance and they can be "hardcoded" in ftl files. My
>>> case is that security questions are defined during the runtime (preferably
>>> via  admin REST API). The admin REST API does not provide the functionality
>>> to store attributes on realm level. I agree that security questions belongs
>>> to realm, but how to provision them - *.ftl files are not an option for me.
>>>
>>> Best regards,
>>> Bystrik
>>>
>>> On Mon, Feb 22, 2016 at 12:55 PM, Stian Thorgersen <sthorger at redhat.com>
>>> wrote:
>>>
>>>> If you look at our security questions example it stores the
>>>> configuration on the authenticator itself.
>>>>
>>>> On 22 February 2016 at 12:46, Bystrik Horvath <
>>>> bystrik.horvath at gmail.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> what would be a recommended way to provision a security question on
>>>>> realm base if the question is not known in advance? May be it is an misuse
>>>>> of client representation for provisioning that.
>>>>>
>>>>> Best regards,
>>>>> Bystrik
>>>>>
>>>>> On Mon, Feb 22, 2016 at 12:28 PM, Stian Thorgersen <
>>>>> sthorger at redhat.com> wrote:
>>>>>
>>>>>> I don't understand how you can have security questions that are
>>>>>> particular to a client. A user logs-in to a realm, not a client.
>>>>>>
>>>>>> On 22 February 2016 at 10:20, Juraj Janosik <
>>>>>> juraj.janosik77 at gmail.com> wrote:
>>>>>>
>>>>>>> @ Stian:
>>>>>>> generally said, I did not find any description, that the client
>>>>>>> attributes are for internal use only.
>>>>>>> Parameter "attributes" is propagated in ClientRepresentation in the
>>>>>>> REST Admin API,
>>>>>>> therefore should be used for CRUD admin operations.
>>>>>>> We plan to attach Security Answers to the user (Security questions
>>>>>>> are common for particular client).
>>>>>>>
>>>>>>> Best Regards,
>>>>>>> Juraj
>>>>>>>
>>>>>>> 2016-02-22 10:18 GMT+01:00 Bystrik Horvath <
>>>>>>> bystrik.horvath at gmail.com>:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I think the case here is to provision the text of security question
>>>>>>>> to the client attributes when it is not known in advance.
>>>>>>>>
>>>>>>>> Best regards,
>>>>>>>> Bystrik
>>>>>>>>
>>>>>>>> On Mon, Feb 22, 2016 at 10:06 AM, Thomas Darimont <
>>>>>>>> thomas.darimont at googlemail.com> wrote:
>>>>>>>>
>>>>>>>>> Interesting - do you need client specific security questions?
>>>>>>>>>
>>>>>>>>> The keycloak examples contain a custom provider for user specific
>>>>>>>>> security questions - perhaps this would suit your needs better.
>>>>>>>>>
>>>>>>>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authenticator
>>>>>>>>>
>>>>>>>>> Cheers,
>>>>>>>>> Thomas
>>>>>>>>>
>>>>>>>>> 2016-02-22 10:02 GMT+01:00 Juraj Janosik <
>>>>>>>>> juraj.janosik77 at gmail.com>:
>>>>>>>>>
>>>>>>>>>> Hi Thomas,
>>>>>>>>>>
>>>>>>>>>> for example security questions.... :-)
>>>>>>>>>>
>>>>>>>>>> Best Regards,
>>>>>>>>>> Juraj
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2016-02-22 9:12 GMT+01:00 Thomas Darimont <
>>>>>>>>>> thomas.darimont at googlemail.com>:
>>>>>>>>>>
>>>>>>>>>>> Hello Juraj,
>>>>>>>>>>>
>>>>>>>>>>> I wondered about that too a while ago - may I ask what client
>>>>>>>>>>> attributes you are planning to store?
>>>>>>>>>>>
>>>>>>>>>>> Cheers,
>>>>>>>>>>> Thomas
>>>>>>>>>>>
>>>>>>>>>>> 2016-02-22 8:17 GMT+01:00 Juraj Janosik <
>>>>>>>>>>> juraj.janosik77 at gmail.com>:
>>>>>>>>>>>
>>>>>>>>>>>> The user configuration has the possibility to
>>>>>>>>>>>> Create/Read/Update/Delete of "custom" attributes in the Admin Console.
>>>>>>>>>>>>
>>>>>>>>>>>> (/auth/admin/master/console/#/realms/demo/users/{uid}/user-attributes)
>>>>>>>>>>>> The client does not. I think, the logic and the focus is the
>>>>>>>>>>>> same for both.
>>>>>>>>>>>>
>>>>>>>>>>>> Best regards,
>>>>>>>>>>>> Juraj
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> 2016-02-19 15:40 GMT+01:00 Stian Thorgersen <
>>>>>>>>>>>> sthorger at redhat.com>:
>>>>>>>>>>>>
>>>>>>>>>>>>> We don't. Why would we add it though?
>>>>>>>>>>>>> On 18 Feb 2016 12:43, "Juraj Janosik" <
>>>>>>>>>>>>> juraj.janosik77 at gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> is there any plan to support for displaying of "attributes"
>>>>>>>>>>>>>> from Client Representation
>>>>>>>>>>>>>> (like users configuration) in Admin Console?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>>> Juraj
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> keycloak-user mailing list
>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160222/d3c94d50/attachment.html 


More information about the keycloak-user mailing list