[keycloak-user] Authentication API

Bill Burke bburke at redhat.com
Fri Feb 10 17:16:31 EST 2017


I've been meaning to implement something like this for awhile.

1. Create a new registration flow.

2. Create authentictor for reg flow.  This authenticator will be 
configured to redirect to your external registration service.

3.Use the POST trick that SAML post binding does to distribute the 
session code to the remote external registration service

4. Registration service executes registration for user.

5. Registration service then creates a JWS using strong HMAC or 
Keypair.  The JWS contains a json doc that includes the username of the 
new user.

6. Registration does the POST trick again and redirects back to the 
registratio flow using the session code provided in #3.

7. Authenticator validates the JWS and sets the user and completes the 
flow.  User is redirect back to application.

Hope I am making sense.


On 2/10/17 1:06 PM, Jason B wrote:
> Hi Bill,
>
> We are handling user registration completely external to keycloak due 
> to business processes and for this we can't use Keycloak REST APIs.
>
> Once user completes registration, user will receive a activation link 
> and when user clicks on activation link user will be redirected to 
> activation service which is external to keycloak. By this time we 
> won't have user credentials to use direct grant access but we will 
> have username only.
>
> So I am thinking of building a rest web service for this but not sure 
> how to create session for a given user programmatically.
>
> Thanks!
>
>
> On Thu, Feb 9, 2017 at 11:59 AM, Bill Burke <bburke at redhat.com 
> <mailto:bburke at redhat.com>> wrote:
>
>     Yes, you can create users through Admin REST API.  You can also obtain
>     tokens via the direct grant flow that OAuth has:
>
>     http://www.keycloak.org/documentation
>     <http://www.keycloak.org/documentation>
>
>
>     On 2/9/17 1:29 PM, Jason B wrote:
>     > Hi,
>     >
>     > I  would like to handle user registration outside of Keycloak
>     instead of
>     > using built in registration feature. But I am having  difficulty in
>     > figuring out how to allow user to login into Keycloak seamlessly
>     after
>     > registration is completed.
>     >
>     > Does Keycloak supports Authentication as API.. like a web
>     service call and
>     > is there any way we can create a session for a user through API?
>     >
>     >
>     > Thanks!
>     > _______________________________________________
>     > keycloak-user mailing list
>     > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     > https://lists.jboss.org/mailman/listinfo/keycloak-user
>     <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>     <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>



More information about the keycloak-user mailing list