[keycloak-user] Dynamically branded login?

Dmitry Telegin dt at acutus.pro
Wed Aug 1 20:50:48 EDT 2018


Craig, Will,

Sorry for having fooled you :-\ turns out that the ${url} object is actually not what it seems.

I'd suggest the following trick. Could someone please try dumping all the available FTL variables using the below approach?
https://community.liferay.com/blogs/-/blogs/the-magic-template-variable-dumper-script-for-liferay-7

This is for Liferay, but I hope it works with Keycloak FTLs without any major modifications. So hopefully we can fish something useful out of there.

Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

On Tue, 2018-07-31 at 14:13 -0700, Will Lopez wrote:
> Hi Dmitry,
> 
> I have a use case for this same need: conditionally rendering a block of HTML in in the login.ftl based on the value of a query string param.
> 
> I have an a question with more details here: https://stackoverflow.com/questions/51619158/keycloak-make-query-string-param-available-in-marker-freemarker-template?noredirect=1#comment90204334_51619158
> 
> I attempted to use ${ur} as you suggested, however it does not have a public method that provides the request url :( 
> 
> https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/forms/login/freemarker/model/UrlBean.java
> 
> I am missing something? Or is there any other way to access the login request url in login.ftl? 
> 
> Thanks, Will 
> 
> > > > On Jul 30, 2018, at 9:25 PM, Dmitry Telegin <dt at acutus.pro> wrote:
> > 
> > Hi Craig, sorry for late response,
> > 
> > On Thu, 2018-07-12 at 06:08 -0500, Craig Setera wrote:
> > > We build and host a multitenant application that is currently using
> > > homegrown authentication and authorization (using Picketlink).  We are
> > > considering a move to Keycloak.  My preference would be to use the login
> > > flows that are built in to Keycloak rather than building our own, however
> > > that is dependent on whether we can properly brand those login flows on a
> > > per-customer basis in some dynamic way.
> > 
> > In Keycloak parlance, the term "login flow" has a very particular
> > meaning. Basically, it's what you see in the Authentication section in
> > the Admin Console. It defines how authentication *works* rather than
> > how it *looks like* (i.e. logic rather than appearance).
> > 
> > Do you really mean "login flows"? From the second part of your message
> > I can deduce you're mainly interested in customizing the GUI.
> > 
> > > In looking at the theme SPI support, it appears to be mostly targeted to
> > > supporting mulitple "static" themes.  Is it possible to make a theme that
> > > is dynamic based on, for example, a query parameter?
> > 
> > By default, Keycloak uses FreeMarker templates for login screens. In
> > the templates, the URL object is exposed as ${url}, so you can analyze
> > it and add conditional statements. If you're ok with that, probably you
> > won't need to implement any SPIs.
> > 
> > Otherwise, you can either implement custom theme selection logic based
> > on request parameters (Theme Selector SPI), or completely redefine
> > theming mechanism (Theme SPI).
> > 
> > >    Are there any
> > > examples anywhere on how that might be possible?  
> > 
> > Well, builtin Keycloak themes are the best example IMO :) you can find
> > the default login theme under
> > themes/src/main/resources/theme/base/login in the source tree.
> > 
> > > Would Keycloak carry
> > > through query parameters if they were provided when launching the login
> > > flow?
> > 
> > It's best to create a custom theme and see :)
> > 
> > Good luck!
> > Dmitry Telegin
> > CTO, Acutus s.r.o.
> > Keycloak Consulting and Training
> > 
> > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> > +42 (022) 888-30-71
> > E-mail: info at acutus.pro
> > 
> > > Thanks,
> > > Craig
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
> 


More information about the keycloak-user mailing list