[keycloak-user] Creation UI for new authentication schema configuration.

Michael Furman michael_furman at hotmail.com
Sun Nov 6 08:38:07 EST 2016 

I still need a help.
The example for the secret question is good but I need other example.
I am in the middle of POC that will help us to understand if we can use Keycloak in our production.
It contains a lot of aspects (creating of other authenticators, creating of our own UI over Keycloak etc.).

In this thread I just want to create the authenticator that will take a user name and a user password and will authenticate against a Radius server.
If it will fails, the default UsernamePasswordForm authenticator should handle the authentication.

I will really appreciate if somebody will help me with the following questions.


  1.  Do you have the example that shows how to create simple user name and password authenticator?
  2.  How can I configure the authentication provider via REST API?
Will be generated configuration Rest API automatically?

  3.  I have created the simple authenticator that overrides UsernamePasswordForm.
It appears in UI.
Unfortunately the request does not come to my implementation.
What I have missed?
I have opened bug and attached sources: https://issues.jboss.org/browse/KEYCLOAK-3867

Best regards,
   Michael




________________________________
From: Thomas Darimont <thomas.darimont at googlemail.com>
Sent: Sunday, November 6, 2016 11:42 AM
To: Michael Furman
Cc: Stian Thorgersen; keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Creation UI for new authentication schema configuration.

Hello Michael,

if you want to create a custom browser flow by copying the original browser flow you need to bind your custom browser flow
on the "Authentication -> Bindings" tab where you link your custom browser flow to be used as "the" browser flow.

Cheers,
Thomas

2016-11-06 10:33 GMT+01:00 Michael Furman <michael_furman at hotmail.com<mailto:michael_furman at hotmail.com>>:
Hi Stian,
I was able to add the authentication provider in 2.3.0 but only to the copied flow.

  1.  Why I can not add the execution to the Browser flow?
If I copy the browser flow (and call it Browser2 flow) what flow will be default for the browser authentication?
How can I configure the new Browser2 flow will be default for the browser authentications?
  2.  Will be generated Rest API for the configuration of the authentication provider?
How can I configure via REST API.


Best regards,
   Michael



________________________________
From: Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com>>
Sent: Friday, November 4, 2016 7:52 AM
To: Stian Thorgersen
Cc: Michael Furman; keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
Subject: Re: [keycloak-user] Creation UI for new authentication schema configuration.

FIY we did check this example for 2.3.0.CR1 release so I doubt it's broken

On 4 November 2016 at 06:51, Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com><mailto:sthorger at redhat.com<mailto:sthorger at redhat.com>>> wrote:
I don't know what you mean by it is not recognized by Keycloak. Did you follow the steps in the example to register it? See https://github.com/keycloak/keycloak/blob/master/examples/providers/authenticator/README.md

On 3 November 2016 at 20:14, Michael Furman <michael_furman at hotmail.com<mailto:michael_furman at hotmail.com><mailto:michael_furman at hotmail.com<mailto:michael_furman at hotmail.com>>> wrote:

Hi,

Unfortunately I can not deploy the example authentication provider to Keycloak


Who can help?


I have compiled authenticator-required-action-example from the examples.
I copied the provider jar into the “standalone/configuration/providers” directory according to the document:
https://keycloak.gitbooks.io/server-developer-guide/content/v/2.2/topics/auth-spi.html

Unfortunately Keycloak does not recognize the provider.
Than I have copied it to the “providers” folder under the root Keycloak folder.
Also without success .


I have opened an issue https://issues.jboss.org/browse/KEYCLOAK-3856


Best regards,

   Michael



________________________________
From: Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com><mailto:sthorger at redhat.com<mailto:sthorger at redhat.com>>>
Sent: Tuesday, November 1, 2016 11:08 AM

To: Michael Furman
Cc: keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org><mailto:keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>
Subject: Re: [keycloak-user] Creation UI for new authentication schema configuration.

On the config for the authenticator. Please look at the docs and also the example it explains this pretty well.

On 31 October 2016 at 13:47, Michael Furman <michael_furman at hotmail.com<mailto:michael_furman at hotmail.com><mailto:michael_furman at hotmail.com<mailto:michael_furman at hotmail.com>>> wrote:
Thanks,
Where I will see the generated UI?
On the authentication page?
http://localhost:8080/auth/admin/master/console/#/realms/master/authentication/flows/browser
Also, can I add / update the authenticator configuration via REST API?
http://www.keycloak.org/docs/rest-api/#_update_authenticator_configuration
Thank you in advance for your help.
Best regards,
   Michael


________________________________
From: Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com><mailto:sthorger at redhat.com<mailto:sthorger at redhat.com>>>
Sent: Monday, October 31, 2016 8:00 AM

To: Michael Furman
Cc: keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org><mailto:keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>
Subject: Re: [keycloak-user] Creation UI for new authentication schema configuration.

Configuration UI is generated based on what's returned by the getConfigProperties method

On 30 October 2016 at 12:28, Michael Furman <michael_furman at hotmail.com<mailto:michael_furman at hotmail.com><mailto:michael_furman at hotmail.com<mailto:michael_furman at hotmail.com>>> wrote:
Thanks Stian,
I will happy for the additional clarifications.
I have looked in https://keycloak.gitbooks.io/server-developer-guide/content/topics/auth-spi.html but was not able to find a lot.
I think that the following is relevant:

The next few methods define how the Authenticator can be configured.
…
The getConfigProperties() method returns a list of ProviderConfigProperty objects. These objects define a specific configuration attribute.

But according to my understanding the configuration should appear in the Authenticator configuration UI.
Therefore, how should I create the UI?

Additional question: will the new Authenticator appear in Authentication Flows:
https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/authentication/flows.html
Will I be able to configure Required / Optional / Disabled for the new the new Authenticator?
Thank you in advance for your help.
Best regards,
   Michael


________________________________
From: Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com><mailto:sthorger at redhat.com<mailto:sthorger at redhat.com>>>
Sent: Thursday, October 27, 2016 9:57 AM
To: Michael Furman
Cc: keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org><mailto:keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>
Subject: Re: [keycloak-user] Creation UI for new authentication schema configuration.

We don't support that directly so you would have to develop your own custom authenticator for it. The doc you linked describes how to do that.

On 26 October 2016 at 17:08, Michael Furman <michael_furman at hotmail.com<mailto:michael_furman at hotmail.com><mailto:michael_furman at hotmail.com<mailto:michael_furman at hotmail.com>>> wrote:
Hi all,
I want to add support for the new authentication schema.
How can I add UI for new authentication schema configuration?
For example, I want to add the TACACS authentication schema.
Therefore I need to configure the TACACS server IP and the secret.
May be I have missed but I can not find it here:
https://keycloak.gitbooks.io/server-developer-guide/content/topics/auth-spi.html

Thank you in advance for your help.
Best regards,
   Michael

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org><mailto:keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>
https://lists.jboss.org/mailman/listinfo/keycloak-user





_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list