[keycloak-user] Admin Console: Clients Configuration: Displaying of "attributes" from Client Representation

Stian Thorgersen sthorger at redhat.com
Thu Feb 25 04:26:14 EST 2016


I can see those details are things that you may want to add to a client,
but I don't see how you're going to utilize that information?

On 25 February 2016 at 09:55, Thomas Darimont <
thomas.darimont at googlemail.com> wrote:

> FYI, back to the original question of allowing edit of client attributes
> from admin console...
>
> Some use cases where client attributes would be very handy:
> * additional metadata for applications
> * display-order for application listing
> * icon name in application listing (more flexible than deriving from
> client id)
> * tagging of clients as internal, public etc.
> * application version
> * url for checking application status (health check endpoint) - ok,
> maintenance, offline
>
> Would be happy to send a PR for editing of client attributes in the admin
> console.
>
> Cheers,
> Thomas
>
> 2016-02-22 13:58 GMT+01:00 Bystrik Horvath <bystrik.horvath at gmail.com>:
>
>> Thank you guys for the answers, I think you & Stian directed me to the
>> right way, so it should solve my requirements.
>>
>> Best regards,
>> Bystrik
>>
>>
>>
>> On Mon, Feb 22, 2016 at 1:48 PM, Thomas Darimont <
>> thomas.darimont at googlemail.com> wrote:
>>
>>> You could define the set of secret questions on the authenticator - you
>>> could either hardcode them or make them configurable by implementing
>>> ConfiguredProvider see [0].
>>> Then you could store a reference to the selected secret question and the
>>> answer as a custom user-attribute.
>>>
>>> Cheers,
>>>
>>> Thomas
>>>
>>> [0] -
>>> https://github.com/keycloak/keycloak/blob/60f9f73c4ca2ddf4ad49ff53a03a63dca8148ea9/server-spi/src/main/java/org/keycloak/provider/ConfiguredProvider.java#L26
>>>
>>> Stian Thorgersen <sthorger at redhat.com> schrieb am Mo., 22. Feb. 2016,
>>> 13:40:
>>>
>>>> I thought the example did allow configuring the security question on
>>>> the authenticator, but you can create your own that does it. Then the
>>>> security questions are configured on the authenticator itself.
>>>>
>>>> On 22 February 2016 at 13:24, Bystrik Horvath <
>>>> bystrik.horvath at gmail.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I went through the example (
>>>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authenticator).
>>>>> The security questions are written in secret-question.ftl
>>>>> and secret-question-config.ftl files. From my point of view, the security
>>>>> questions are know in advance and they can be "hardcoded" in ftl files. My
>>>>> case is that security questions are defined during the runtime (preferably
>>>>> via  admin REST API). The admin REST API does not provide the functionality
>>>>> to store attributes on realm level. I agree that security questions belongs
>>>>> to realm, but how to provision them - *.ftl files are not an option for me.
>>>>>
>>>>> Best regards,
>>>>> Bystrik
>>>>>
>>>>> On Mon, Feb 22, 2016 at 12:55 PM, Stian Thorgersen <
>>>>> sthorger at redhat.com> wrote:
>>>>>
>>>>>> If you look at our security questions example it stores the
>>>>>> configuration on the authenticator itself.
>>>>>>
>>>>>> On 22 February 2016 at 12:46, Bystrik Horvath <
>>>>>> bystrik.horvath at gmail.com> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> what would be a recommended way to provision a security question on
>>>>>>> realm base if the question is not known in advance? May be it is an misuse
>>>>>>> of client representation for provisioning that.
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Bystrik
>>>>>>>
>>>>>>> On Mon, Feb 22, 2016 at 12:28 PM, Stian Thorgersen <
>>>>>>> sthorger at redhat.com> wrote:
>>>>>>>
>>>>>>>> I don't understand how you can have security questions that are
>>>>>>>> particular to a client. A user logs-in to a realm, not a client.
>>>>>>>>
>>>>>>>> On 22 February 2016 at 10:20, Juraj Janosik <
>>>>>>>> juraj.janosik77 at gmail.com> wrote:
>>>>>>>>
>>>>>>>>> @ Stian:
>>>>>>>>> generally said, I did not find any description, that the client
>>>>>>>>> attributes are for internal use only.
>>>>>>>>> Parameter "attributes" is propagated in ClientRepresentation in
>>>>>>>>> the REST Admin API,
>>>>>>>>> therefore should be used for CRUD admin operations.
>>>>>>>>> We plan to attach Security Answers to the user (Security questions
>>>>>>>>> are common for particular client).
>>>>>>>>>
>>>>>>>>> Best Regards,
>>>>>>>>> Juraj
>>>>>>>>>
>>>>>>>>> 2016-02-22 10:18 GMT+01:00 Bystrik Horvath <
>>>>>>>>> bystrik.horvath at gmail.com>:
>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> I think the case here is to provision the text of security
>>>>>>>>>> question to the client attributes when it is not known in advance.
>>>>>>>>>>
>>>>>>>>>> Best regards,
>>>>>>>>>> Bystrik
>>>>>>>>>>
>>>>>>>>>> On Mon, Feb 22, 2016 at 10:06 AM, Thomas Darimont <
>>>>>>>>>> thomas.darimont at googlemail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Interesting - do you need client specific security questions?
>>>>>>>>>>>
>>>>>>>>>>> The keycloak examples contain a custom provider for user
>>>>>>>>>>> specific security questions - perhaps this would suit your needs better.
>>>>>>>>>>>
>>>>>>>>>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authenticator
>>>>>>>>>>>
>>>>>>>>>>> Cheers,
>>>>>>>>>>> Thomas
>>>>>>>>>>>
>>>>>>>>>>> 2016-02-22 10:02 GMT+01:00 Juraj Janosik <
>>>>>>>>>>> juraj.janosik77 at gmail.com>:
>>>>>>>>>>>
>>>>>>>>>>>> Hi Thomas,
>>>>>>>>>>>>
>>>>>>>>>>>> for example security questions.... :-)
>>>>>>>>>>>>
>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>> Juraj
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> 2016-02-22 9:12 GMT+01:00 Thomas Darimont <
>>>>>>>>>>>> thomas.darimont at googlemail.com>:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hello Juraj,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I wondered about that too a while ago - may I ask what client
>>>>>>>>>>>>> attributes you are planning to store?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Cheers,
>>>>>>>>>>>>> Thomas
>>>>>>>>>>>>>
>>>>>>>>>>>>> 2016-02-22 8:17 GMT+01:00 Juraj Janosik <
>>>>>>>>>>>>> juraj.janosik77 at gmail.com>:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> The user configuration has the possibility to
>>>>>>>>>>>>>> Create/Read/Update/Delete of "custom" attributes in the Admin Console.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> (/auth/admin/master/console/#/realms/demo/users/{uid}/user-attributes)
>>>>>>>>>>>>>> The client does not. I think, the logic and the focus is the
>>>>>>>>>>>>>> same for both.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Best regards,
>>>>>>>>>>>>>> Juraj
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 2016-02-19 15:40 GMT+01:00 Stian Thorgersen <
>>>>>>>>>>>>>> sthorger at redhat.com>:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> We don't. Why would we add it though?
>>>>>>>>>>>>>>> On 18 Feb 2016 12:43, "Juraj Janosik" <
>>>>>>>>>>>>>>> juraj.janosik77 at gmail.com> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> is there any plan to support for displaying of "attributes"
>>>>>>>>>>>>>>>> from Client Representation
>>>>>>>>>>>>>>>> (like users configuration) in Admin Console?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Thanks.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>>>>> Juraj
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160225/5cc8b788/attachment.html 


More information about the keycloak-user mailing list