[keycloak-user] Admin Console: Clients Configuration: Displaying of "attributes" from Client Representation

Thomas Darimont thomas.darimont at googlemail.com
Thu Feb 25 05:10:10 EST 2016 

Thanks for the quick response :)

Well, one example would be the applications listing in the self-service
account UI:

* I want to control the order of application items in the list
* I want to show whether the application can be currently accessed or not
(at least I want to give a hint)
* I want to group certain applications (HR, Finance, Customers) etc. based
on tags

Other areas would be a mobile app that presents the "service-portfolio"
with the apps currently available for a user.
(this would be provided by a intermediate service though but the data would
be read from client attributes).

Cheers,
Thomas


2016-02-25 10:26 GMT+01:00 Stian Thorgersen <sthorger at redhat.com>:

> I can see those details are things that you may want to add to a client,
> but I don't see how you're going to utilize that information?
>
> On 25 February 2016 at 09:55, Thomas Darimont <
> thomas.darimont at googlemail.com> wrote:
>
>> FYI, back to the original question of allowing edit of client attributes
>> from admin console...
>>
>> Some use cases where client attributes would be very handy:
>> * additional metadata for applications
>> * display-order for application listing
>> * icon name in application listing (more flexible than deriving from
>> client id)
>> * tagging of clients as internal, public etc.
>> * application version
>> * url for checking application status (health check endpoint) - ok,
>> maintenance, offline
>>
>> Would be happy to send a PR for editing of client attributes in the admin
>> console.
>>
>> Cheers,
>> Thomas
>>
>> 2016-02-22 13:58 GMT+01:00 Bystrik Horvath <bystrik.horvath at gmail.com>:
>>
>>> Thank you guys for the answers, I think you & Stian directed me to the
>>> right way, so it should solve my requirements.
>>>
>>> Best regards,
>>> Bystrik
>>>
>>>
>>>
>>> On Mon, Feb 22, 2016 at 1:48 PM, Thomas Darimont <
>>> thomas.darimont at googlemail.com> wrote:
>>>
>>>> You could define the set of secret questions on the authenticator - you
>>>> could either hardcode them or make them configurable by implementing
>>>> ConfiguredProvider see [0].
>>>> Then you could store a reference to the selected secret question and
>>>> the answer as a custom user-attribute.
>>>>
>>>> Cheers,
>>>>
>>>> Thomas
>>>>
>>>> [0] -
>>>> https://github.com/keycloak/keycloak/blob/60f9f73c4ca2ddf4ad49ff53a03a63dca8148ea9/server-spi/src/main/java/org/keycloak/provider/ConfiguredProvider.java#L26
>>>>
>>>> Stian Thorgersen <sthorger at redhat.com> schrieb am Mo., 22. Feb. 2016,
>>>> 13:40:
>>>>
>>>>> I thought the example did allow configuring the security question on
>>>>> the authenticator, but you can create your own that does it. Then the
>>>>> security questions are configured on the authenticator itself.
>>>>>
>>>>> On 22 February 2016 at 13:24, Bystrik Horvath <
>>>>> bystrik.horvath at gmail.com> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I went through the example (
>>>>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authenticator).
>>>>>> The security questions are written in secret-question.ftl
>>>>>> and secret-question-config.ftl files. From my point of view, the security
>>>>>> questions are know in advance and they can be "hardcoded" in ftl files. My
>>>>>> case is that security questions are defined during the runtime (preferably
>>>>>> via  admin REST API). The admin REST API does not provide the functionality
>>>>>> to store attributes on realm level. I agree that security questions belongs
>>>>>> to realm, but how to provision them - *.ftl files are not an option for me.
>>>>>>
>>>>>> Best regards,
>>>>>> Bystrik
>>>>>>
>>>>>> On Mon, Feb 22, 2016 at 12:55 PM, Stian Thorgersen <
>>>>>> sthorger at redhat.com> wrote:
>>>>>>
>>>>>>> If you look at our security questions example it stores the
>>>>>>> configuration on the authenticator itself.
>>>>>>>
>>>>>>> On 22 February 2016 at 12:46, Bystrik Horvath <
>>>>>>> bystrik.horvath at gmail.com> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> what would be a recommended way to provision a security question on
>>>>>>>> realm base if the question is not known in advance? May be it is an misuse
>>>>>>>> of client representation for provisioning that.
>>>>>>>>
>>>>>>>> Best regards,
>>>>>>>> Bystrik
>>>>>>>>
>>>>>>>> On Mon, Feb 22, 2016 at 12:28 PM, Stian Thorgersen <
>>>>>>>> sthorger at redhat.com> wrote:
>>>>>>>>
>>>>>>>>> I don't understand how you can have security questions that are
>>>>>>>>> particular to a client. A user logs-in to a realm, not a client.
>>>>>>>>>
>>>>>>>>> On 22 February 2016 at 10:20, Juraj Janosik <
>>>>>>>>> juraj.janosik77 at gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> @ Stian:
>>>>>>>>>> generally said, I did not find any description, that the client
>>>>>>>>>> attributes are for internal use only.
>>>>>>>>>> Parameter "attributes" is propagated in ClientRepresentation in
>>>>>>>>>> the REST Admin API,
>>>>>>>>>> therefore should be used for CRUD admin operations.
>>>>>>>>>> We plan to attach Security Answers to the user (Security
>>>>>>>>>> questions are common for particular client).
>>>>>>>>>>
>>>>>>>>>> Best Regards,
>>>>>>>>>> Juraj
>>>>>>>>>>
>>>>>>>>>> 2016-02-22 10:18 GMT+01:00 Bystrik Horvath <
>>>>>>>>>> bystrik.horvath at gmail.com>:
>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> I think the case here is to provision the text of security
>>>>>>>>>>> question to the client attributes when it is not known in advance.
>>>>>>>>>>>
>>>>>>>>>>> Best regards,
>>>>>>>>>>> Bystrik
>>>>>>>>>>>
>>>>>>>>>>> On Mon, Feb 22, 2016 at 10:06 AM, Thomas Darimont <
>>>>>>>>>>> thomas.darimont at googlemail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Interesting - do you need client specific security questions?
>>>>>>>>>>>>
>>>>>>>>>>>> The keycloak examples contain a custom provider for user
>>>>>>>>>>>> specific security questions - perhaps this would suit your needs better.
>>>>>>>>>>>>
>>>>>>>>>>>> https://github.com/keycloak/keycloak/tree/master/examples/providers/authenticator
>>>>>>>>>>>>
>>>>>>>>>>>> Cheers,
>>>>>>>>>>>> Thomas
>>>>>>>>>>>>
>>>>>>>>>>>> 2016-02-22 10:02 GMT+01:00 Juraj Janosik <
>>>>>>>>>>>> juraj.janosik77 at gmail.com>:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Thomas,
>>>>>>>>>>>>>
>>>>>>>>>>>>> for example security questions.... :-)
>>>>>>>>>>>>>
>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>> Juraj
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> 2016-02-22 9:12 GMT+01:00 Thomas Darimont <
>>>>>>>>>>>>> thomas.darimont at googlemail.com>:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hello Juraj,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I wondered about that too a while ago - may I ask what client
>>>>>>>>>>>>>> attributes you are planning to store?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Cheers,
>>>>>>>>>>>>>> Thomas
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 2016-02-22 8:17 GMT+01:00 Juraj Janosik <
>>>>>>>>>>>>>> juraj.janosik77 at gmail.com>:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> The user configuration has the possibility to
>>>>>>>>>>>>>>> Create/Read/Update/Delete of "custom" attributes in the Admin Console.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> (/auth/admin/master/console/#/realms/demo/users/{uid}/user-attributes)
>>>>>>>>>>>>>>> The client does not. I think, the logic and the focus is the
>>>>>>>>>>>>>>> same for both.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Best regards,
>>>>>>>>>>>>>>> Juraj
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 2016-02-19 15:40 GMT+01:00 Stian Thorgersen <
>>>>>>>>>>>>>>> sthorger at redhat.com>:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> We don't. Why would we add it though?
>>>>>>>>>>>>>>>> On 18 Feb 2016 12:43, "Juraj Janosik" <
>>>>>>>>>>>>>>>> juraj.janosik77 at gmail.com> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> is there any plan to support for displaying of
>>>>>>>>>>>>>>>>> "attributes" from Client Representation
>>>>>>>>>>>>>>>>> (like users configuration) in Admin Console?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Thanks.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Best Regards,
>>>>>>>>>>>>>>>>> Juraj
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>> keycloak-user at lists.jboss.org
>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160225/ef261ff1/attachment-0001.html

More information about the keycloak-user mailing list