[keycloak-user] one issue in keycloak

Dmitry Telegin dt at acutus.pro
Mon Jul 30 23:10:40 EDT 2018 

Hi Prashant,

The power of Keycloak is that in order to bring to Keycloak some new functionality, you don't need to modify Keycloak code in 99% of cases. Everything is done via SPIs + themes.

In your case, I'd suggest that you take a look at the following classes (keycloak-services module):

org.keycloak.authentication.authenticators.resetcred.ResetCredentialChooseUser
org.keycloak.authentication.authenticators.directgrant.ValidatePassword

They are destined for another flows (reset credentials and direct grant respectively), but you can use them as a reference. They demonstrate how username and password handling can be done separately.

Also I'd suggest that you look into Theme Resource SPI and Script Authenticator. These might be helpful in your case.

Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

On Fri, 2018-07-27 at 16:20 +0530, prashant kumar wrote:
>  Hi,
> 
> We are using keycloak for identiy provider and have got following
> requirement,
> 
>    - We need to show user email
>    - If the user is of key cloak then showing password text otherwise
>    showing list of other identity provider.
> 
> 
> We couldn't divide username and password without changing the core keycloak
> class namely
> 
> org.keycloak.authentication.DefaultAuthenticationFlow and then class
> doesn't support extension without changing the entire hierarchy of objects
> in new.
> 
> We can only add provider using SPI for subsequent flow.
> 
> So we have taken following approach
> 
> 1) Changing the core class itself but then keycloak release update will
> happen only with this change incorporated.
> 
> 2) Created our own rest API which is using keycloak utilities and services
> as object but entire flow is in the rest API.
> 
> Please provide your take on this along with if there is any way we can
> inject our own object using spring injection or some other injection
> mechanism.
> 
> Thanks,
> Prashant
> 
> > 
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list