[keycloak-user] brokered-login only
Marek Posolda
mposolda at redhat.com
Mon Jun 25 02:49:15 EDT 2018
It's possible to remove username/password fields from login screen by
doing custom theme and override freemarker template for login screen.
You may need to remove tab "password" from account management as well so
that users are not able to set their password here. This can be also
achieved through theme.
Thing is, that after changing themes, users will be still able to login
with their username/passwords if they "simulate" sending the same HTTP
request, which login screen is sending (they can also simulate changing
their password in account management by HTTP request even if "password"
tab is not in the UI). So if you expect to have malicious users, which
would try to do something like this and you want to be safe and avoid
this, you may need to change/override the UsernamePassword Authenticator
too and avoid authentication of users with username/password. Then login
with username/password will be impossible even if user is trying to
"simulate" the request like this.
Marek
On 24/06/18 14:30, mj wrote:
> Hi,
>
> Is there a way to create a realm in keycloak with a few brokered IdP's,
> *without* the local username/password fields on the login screen, but
> *only* a list of external IdP's to choose from?
>
> Thanks!
>
> MJ
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list