[keycloak-user] Creation UI for new authentication schema configuration.
Bill Burke
bburke at redhat.com
Sun Nov 6 10:33:41 EST 2016
Where is the user going to live? In Keycloak's DB? Or does Radius
store and provide info about the user?
On 11/6/16 8:38 AM, Michael Furman wrote:
> I still need a help.
> The example for the secret question is good but I need other example.
> I am in the middle of POC that will help us to understand if we can use Keycloak in our production.
> It contains a lot of aspects (creating of other authenticators, creating of our own UI over Keycloak etc.).
>
> In this thread I just want to create the authenticator that will take a user name and a user password and will authenticate against a Radius server.
> If it will fails, the default UsernamePasswordForm authenticator should handle the authentication.
>
> I will really appreciate if somebody will help me with the following questions.
>
>
> 1. Do you have the example that shows how to create simple user name and password authenticator?
> 2. How can I configure the authentication provider via REST API?
> Will be generated configuration Rest API automatically?
>
> 3. I have created the simple authenticator that overrides UsernamePasswordForm.
> It appears in UI.
> Unfortunately the request does not come to my implementation.
> What I have missed?
> I have opened bug and attached sources: https://issues.jboss.org/browse/KEYCLOAK-3867
>
> Best regards,
> Michael
>
>
>
>
> ________________________________
> From: Thomas Darimont <thomas.darimont at googlemail.com>
> Sent: Sunday, November 6, 2016 11:42 AM
> To: Michael Furman
> Cc: Stian Thorgersen; keycloak-user at lists.jboss.org
> Subject: Re: [keycloak-user] Creation UI for new authentication schema configuration.
>
> Hello Michael,
>
> if you want to create a custom browser flow by copying the original browser flow you need to bind your custom browser flow
> on the "Authentication -> Bindings" tab where you link your custom browser flow to be used as "the" browser flow.
>
> Cheers,
> Thomas
>
> 2016-11-06 10:33 GMT+01:00 Michael Furman <michael_furman at hotmail.com<mailto:michael_furman at hotmail.com>>:
> Hi Stian,
> I was able to add the authentication provider in 2.3.0 but only to the copied flow.
>
> 1. Why I can not add the execution to the Browser flow?
> If I copy the browser flow (and call it Browser2 flow) what flow will be default for the browser authentication?
> How can I configure the new Browser2 flow will be default for the browser authentications?
> 2. Will be generated Rest API for the configuration of the authentication provider?
> How can I configure via REST API.
>
>
> Best regards,
> Michael
>
>
>
> ________________________________
> From: Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com>>
> Sent: Friday, November 4, 2016 7:52 AM
> To: Stian Thorgersen
> Cc: Michael Furman; keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> Subject: Re: [keycloak-user] Creation UI for new authentication schema configuration.
>
> FIY we did check this example for 2.3.0.CR1 release so I doubt it's broken
>
> On 4 November 2016 at 06:51, Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com><mailto:sthorger at redhat.com<mailto:sthorger at redhat.com>>> wrote:
> I don't know what you mean by it is not recognized by Keycloak. Did you follow the steps in the example to register it? See https://github.com/keycloak/keycloak/blob/master/examples/providers/authenticator/README.md
>
> On 3 November 2016 at 20:14, Michael Furman <michael_furman at hotmail.com<mailto:michael_furman at hotmail.com><mailto:michael_furman at hotmail.com<mailto:michael_furman at hotmail.com>>> wrote:
>
> Hi,
>
> Unfortunately I can not deploy the example authentication provider to Keycloak
>
>
> Who can help?
>
>
> I have compiled authenticator-required-action-example from the examples.
> I copied the provider jar into the “standalone/configuration/providers” directory according to the document:
> https://keycloak.gitbooks.io/server-developer-guide/content/v/2.2/topics/auth-spi.html
>
> Unfortunately Keycloak does not recognize the provider.
> Than I have copied it to the “providers” folder under the root Keycloak folder.
> Also without success .
>
>
> I have opened an issue https://issues.jboss.org/browse/KEYCLOAK-3856
>
>
> Best regards,
>
> Michael
>
>
>
> ________________________________
> From: Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com><mailto:sthorger at redhat.com<mailto:sthorger at redhat.com>>>
> Sent: Tuesday, November 1, 2016 11:08 AM
>
> To: Michael Furman
> Cc: keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org><mailto:keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>
> Subject: Re: [keycloak-user] Creation UI for new authentication schema configuration.
>
> On the config for the authenticator. Please look at the docs and also the example it explains this pretty well.
>
> On 31 October 2016 at 13:47, Michael Furman <michael_furman at hotmail.com<mailto:michael_furman at hotmail.com><mailto:michael_furman at hotmail.com<mailto:michael_furman at hotmail.com>>> wrote:
> Thanks,
> Where I will see the generated UI?
> On the authentication page?
> http://localhost:8080/auth/admin/master/console/#/realms/master/authentication/flows/browser
> Also, can I add / update the authenticator configuration via REST API?
> http://www.keycloak.org/docs/rest-api/#_update_authenticator_configuration
> Thank you in advance for your help.
> Best regards,
> Michael
>
>
> ________________________________
> From: Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com><mailto:sthorger at redhat.com<mailto:sthorger at redhat.com>>>
> Sent: Monday, October 31, 2016 8:00 AM
>
> To: Michael Furman
> Cc: keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org><mailto:keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>
> Subject: Re: [keycloak-user] Creation UI for new authentication schema configuration.
>
> Configuration UI is generated based on what's returned by the getConfigProperties method
>
> On 30 October 2016 at 12:28, Michael Furman <michael_furman at hotmail.com<mailto:michael_furman at hotmail.com><mailto:michael_furman at hotmail.com<mailto:michael_furman at hotmail.com>>> wrote:
> Thanks Stian,
> I will happy for the additional clarifications.
> I have looked in https://keycloak.gitbooks.io/server-developer-guide/content/topics/auth-spi.html but was not able to find a lot.
> I think that the following is relevant:
>
> The next few methods define how the Authenticator can be configured.
> …
> The getConfigProperties() method returns a list of ProviderConfigProperty objects. These objects define a specific configuration attribute.
>
> But according to my understanding the configuration should appear in the Authenticator configuration UI.
> Therefore, how should I create the UI?
>
> Additional question: will the new Authenticator appear in Authentication Flows:
> https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/authentication/flows.html
> Will I be able to configure Required / Optional / Disabled for the new the new Authenticator?
> Thank you in advance for your help.
> Best regards,
> Michael
>
>
> ________________________________
> From: Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com><mailto:sthorger at redhat.com<mailto:sthorger at redhat.com>>>
> Sent: Thursday, October 27, 2016 9:57 AM
> To: Michael Furman
> Cc: keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org><mailto:keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>
> Subject: Re: [keycloak-user] Creation UI for new authentication schema configuration.
>
> We don't support that directly so you would have to develop your own custom authenticator for it. The doc you linked describes how to do that.
>
> On 26 October 2016 at 17:08, Michael Furman <michael_furman at hotmail.com<mailto:michael_furman at hotmail.com><mailto:michael_furman at hotmail.com<mailto:michael_furman at hotmail.com>>> wrote:
> Hi all,
> I want to add support for the new authentication schema.
> How can I add UI for new authentication schema configuration?
> For example, I want to add the TACACS authentication schema.
> Therefore I need to configure the TACACS server IP and the secret.
> May be I have missed but I can not find it here:
> https://keycloak.gitbooks.io/server-developer-guide/content/topics/auth-spi.html
>
> Thank you in advance for your help.
> Best regards,
> Michael
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org><mailto:keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list