[keycloak-user] Admin Console: Clients Configuration: Displaying of "attributes" from Client Representation

Thomas Darimont thomas.darimont at googlemail.com
Thu Feb 25 03:55:35 EST 2016


FYI, back to the original question of allowing edit of client attributes
from admin console...

Some use cases where client attributes would be very handy:
* additional metadata for applications
* display-order for application listing
* icon name in application listing (more flexible than deriving from client
id)
* tagging of clients as internal, public etc.
* application version
* url for checking application status (health check endpoint) - ok,
maintenance, offline

Would be happy to send a PR for editing of client attributes in the admin
console.

Cheers,
Thomas

2016-02-22 13:58 GMT+01:00 Bystrik Horvath <bystrik.horvath at gmail.com>:

> Thank you guys for the answers, I think you & Stian directed me to the
> right way, so it should solve my requirements.
>
> Best regards,
> Bystrik
>
>
>
> On Mon, Feb 22, 2016 at 1:48 PM, Thomas Darimont <
> thomas.darimont at googlemail.com> wrote:
>
>> You could define the set of secret questions on the authenticator - you
>> could either hardcode them or make them configurable by implementing
>> ConfiguredProvider see [0].
>> Then you could store a reference to the selected secret question and the
>> answer as a custom user-attribute.
>>
>> Cheers,
>>
>> Thomas
>>
>> [0] -
>> https://github.com/keycloak/keycloak/blob/60f9f73c4ca2ddf4ad49ff53a03a63dca8148ea9/server-spi/src/main/java/org/keycloak/provider/ConfiguredProvider.java#L26
>>
>> Stian Thorgersen <sthorger at redhat.com> schrieb am Mo., 22. Feb. 2016,
>> 13:40:
>>
>>> I thought the example did allow configuring the security question on the
>>> authenticator, but you can create your own that does it. Then the security
>>> questions are configured on the authenticator itself.
>>>
>>> On 22 February 2016 at 13:24, Bystrik Horvath <bystrik.horvath at gmail.com
>>> > wrote:
>>>
>>>> Hi,
>>>>
>>>> I went through the example (
>>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authenticator).
>>>> The security questions are written in secret-question.ftl
>>>> and secret-question-config.ftl files. From my point of view, the security
>>>> questions are know in advance and they can be "hardcoded" in ftl files. My
>>>> case is that security questions are defined during the runtime (preferably
>>>> via  admin REST API). The admin REST API does not provide the functionality
>>>> to store attributes on realm level. I agree that security questions belongs
>>>> to realm, but how to provision them - *.ftl files are not an option for me.
>>>>
>>>> Best regards,
>>>> Bystrik
>>>>
>>>> On Mon, Feb 22, 2016 at 12:55 PM, Stian Thorgersen <sthorger at redhat.com
>>>> > wrote:
>>>>
>>>>> If you look at our security questions example it stores the
>>>>> configuration on the authenticator itself.
>>>>>
>>>>> On 22 February 2016 at 12:46, Bystrik Horvath <
>>>>> bystrik.horvath at gmail.com> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> what would be a recommended way to provision a security question on
>>>>>> realm base if the question is not known in advance? May be it is an misuse
>>>>>> of client representation for provisioning that.
>>>>>>
>>>>>> Best regards,
>>>>>> Bystrik
>>>>>>
>>>>>> On Mon, Feb 22, 2016 at 12:28 PM, Stian Thorgersen <
>>>>>> sthorger at redhat.com> wrote:
>>>>>>
>>>>>>> I don't understand how you can have security questions that are
>>>>>>> particular to a client. A user logs-in to a realm, not a client.
>>>>>>>
>>>>>>> On 22 February 2016 at 10:20, Juraj Janosik <
>>>>>>> juraj.janosik77 at gmail.com> wrote:
>>>>>>>
>>>>>>>> @ Stian:
>>>>>>>> generally said, I did not find any description, that the client
>>>>>>>> attributes are for internal use only.
>>>>>>>> Parameter "attributes" is propagated in ClientRepresentation in the
>>>>>>>> REST Admin API,
>>>>>>>> therefore should be used for CRUD admin operations.
>>>>>>>> We plan to attach Security Answers to the user (Security questions
>>>>>>>> are common for particular client).
>>>>>>>>
>>>>>>>> Best Regards,
>>>>>>>> Juraj
>>>>>>>>
>>>>>>>> 2016-02-22 10:18 GMT+01:00 Bystrik Horvath <
>>>>>>>> bystrik.horvath at gmail.com>:
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> I think the case here is to provision the text of security
>>>>>>>>> question to the client attributes when it is not known in advance.
>>>>>>>>>
>>>>>>>>> Best regards,
>>>>>>>>> Bystrik
>>>>>>>>>
>>>>>>>>> On Mon, Feb 22, 2016 at 10:06 AM, Thomas Darimont <
>>>>>>>>> thomas.darimont at googlemail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Interesting - do you need client specific security questions?
>>>>>>>>>>
>>>>>>>>>> The keycloak examples contain a custom provider for user specific
>>>>>>>>>> security questions - perhaps this would suit your needs better.
>>>>>>>>>>
>>>>>>>>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authenticator
>>>>>>>>>>
>>>>>>>>>> Cheers,
>>>>>>>>>> Thomas
>>>>>>>>>>
>>>>>>>>>> 2016-02-22 10:02 GMT+01:00 Juraj Janosik <
>>>>>>>>>> juraj.janosik77 at gmail.com>:
>>>>>>>>>>
>>>>>>>>>>> Hi Thomas,
>>>>>>>>>>>
>>>>>>>>>>> for example security questions.... :-)
>>>>>>>>>>>
>>>>>>>>>>> Best Regards,
>>>>>>>>>>> Juraj
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> 2016-02-22 9:12 GMT+01:00 Thomas Darimont <
>>>>>>>>>>> thomas.darimont at googlemail.com>:
>>>>>>>>>>>
>>>>>>>>>>>> Hello Juraj,
>>>>>>>>>>>>
>>>>>>>>>>>> I wondered about that too a while ago - may I ask what client
>>>>>>>>>>>> attributes you are planning to store?
>>>>>>>>>>>>
>>>>>>>>>>>> Cheers,
>>>>>>>>>>>> Thomas
>>>>>>>>>>>>
>>>>>>>>>>>> 2016-02-22 8:17 GMT+01:00 Juraj Janosik <
>>>>>>>>>>>> juraj.janosik77 at gmail.com>:
>>>>>>>>>>>>
>>>>>>>>>>>>> The user configuration has the possibility to
>>>>>>>>>>>>> Create/Read/Update/Delete of "custom" attributes in the Admin Console.
>>>>>>>>>>>>>
>>>>>>>>>>>>> (/auth/admin/master/console/#/realms/demo/users/{uid}/user-attributes)
>>>>>>>>>>>>> The client does not. I think, the logic and the focus is the
>>>>>>>>>>>>> same for both.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Best regards,
>>>>>>>>>>>>> Juraj
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> 2016-02-19 15:40 GMT+01:00 Stian Thorgersen <
>>>>>>>>>>>>> sthorger at redhat.com>:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> We don't. Why would we add it though?
>>>>>>>>>>>>>> On 18 Feb 2016 12:43, "Juraj Janosik" <
>>>>>>>>>>>>>> juraj.janosik77 at gmail.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> is there any plan to support for displaying of "attributes"
>>>>>>>>>>>>>>> from Client Representation
>>>>>>>>>>>>>>> (like users configuration) in Admin Console?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>>>> Juraj
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160225/6029006a/attachment.html 


More information about the keycloak-user mailing list