[keycloak-user] IP Address based default user
Stian Thorgersen
sthorger at redhat.com
Wed Sep 14 07:24:50 EDT 2016
Well... No chance we'll add that out of the box ;)
Simple to implement yourself though, see
https://keycloak.gitbooks.io/server-developer-guide/content/topics/auth-spi.html
On 13 September 2016 at 16:48, Jess Sightler <jsightle at redhat.com> wrote:
> Well, this be insecurity by design. :) Basically we would like to turn off
> security completely in some cases for local installations, but this brings
> a lot of deployment related considerations (multiple descriptors,
> conditional logic around the logged in user, etc).
>
> An authenticator that is essentially just a bypass would accomplish the
> same thing without the additional complexity. It would be similar to a
> default "unauthenticatedIdentity", except with a default role as well.
>
> On 09/13/2016 05:01 AM, Stian Thorgersen wrote:
>
> No there isn't anything like that. Sounds like a potential hackers heaven
> as well.
>
> Assuming you've got the idea from WildFly. WildFly can do that by writing
> to a local file to make sure the user is indeed on the local machine. That
> doens't work in a web based flow unless you can find a way to "share" a
> file between the Keycloak server and the browser.
>
> On 12 September 2016 at 17:17, Jess Sightler <jsightle at redhat.com> wrote:
>
>> Is there a builtin authenticator that can provide a default user account
>> based upon some criteria? For example, could we provide a default user
>> if the client is connecting to localhost?
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160914/9303667a/attachment-0001.html
More information about the keycloak-user
mailing list