[keycloak-user] Dynamically branded login?

Craig Setera craig at baseventure.com
Fri Oct 12 10:46:35 EDT 2018 

The URL you call out is how I'm solving for this.  I'm hopeful to be able
to do something similar for the account management pages as well, but I
haven't tried that at all to this point.

I would love to see something more "official", but I understand if that
isn't something easily handled in the core.

=================================
*Craig Setera*

*Chief Technology Officer*




On Fri, Oct 12, 2018 at 8:14 AM Dmitry Telegin <dt at acutus.pro> wrote:

> Craig, Will,
>
> Indeed, in the out-of-the-box configuration the URI info is not accessible
> in FTL templates. But I was able to provide it with the help of the custom
> LoginFormsProvider, which was trivial to implement.
> Yep this adds another entity, but as long as you're deploying your custom
> theme as a module or via deployments dir (which is the recommended way),
> you should be ok with this, as theme+provider could be packaged as a single
> JAR.
>
> Since it turns out to be kind of popular topic, I think I'll publish the
> PoC and maybe even write an article on that. In a few words, you extend
> FreeMarkerLoginFormsProvider and override createCommonAttributes(), where
> you can push any arbitrary data to the FTL context.
>
> 2 Craig: is your use case similar to that of Will? I mean your URL is like
> this:
>
> http://localhost:8080/auth/realms/default/protocol/openid-connect/auth?...&customvar=1
>
> I'm asking because if you append a query param to your client URL, it
> won't be propagated to the Keycloak auth URL directly, but rather as a part
> of redirect_uri param (from where it can be parsed of course).
>
> P.S. if anyone from the dev team reads this: do you think we can have this
> OOTB?
>
> Cheers,
> Dmitry Telegin
> CTO, Acutus s.r.o.
> Keycloak Consulting and Training
>
> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> +42 (022) 888-30-71
> E-mail: info at acutus.pro
>
> On Mon, 2018-10-08 at 10:04 -0500, Craig Setera wrote:
> > Following up on this conversation.  I was unable to find a way to do
> this via the Freemarker templates unfortunately.  The templates are not
> receiving anything useful in determining the full path and query
> parameters.  The only approach that I've found to do what I need is to add
> a small Javascript snippet to my theme that is able to look at the query
> parameters and insert a new stylesheet reference into the code based on a
> query parameter.  Ugly, but seems effective assuming I can get my query
> parameter set in all of the URL's that matter.
> >
> > =================================
> > Craig Setera
> > Chief Technology Officer
> >
> >
> >
> >
> > > On Wed, Aug 29, 2018 at 9:36 AM Craig Setera <craig at baseventure.com>
> wrote:
> > > Dmitry,
> > >
> > > I've put Keycloak on the back burner for the moment.  I do intend to
> pick it back up toward the end of the year and I expect I will be digging
> into this heavily.  If I figure anything out, I will be sure to report back.
> > >
> > > Craig
> > >
> > >
> > > =================================
> > > Craig Setera
> > > Chief Technology Officer
> > > 415-324-5861
> > > craig at baseventure.com
> > >
> > >
> > >
> > >
> > > > > On Wed, Aug 1, 2018 at 7:50 PM Dmitry Telegin <dt at acutus.pro>
> wrote:
> > > > Craig, Will,
> > > >
> > > > Sorry for having fooled you :-\ turns out that the ${url} object is
> actually not what it seems.
> > > >
> > > > I'd suggest the following trick. Could someone please try dumping
> all the available FTL variables using the below approach?
> > > >
> https://community.liferay.com/blogs/-/blogs/the-magic-template-variable-dumper-script-for-liferay-7
> > > >
> > > > This is for Liferay, but I hope it works with Keycloak FTLs without
> any major modifications. So hopefully we can fish something useful out of
> there.
> > > >
> > > > Cheers,
> > > > Dmitry Telegin
> > > > CTO, Acutus s.r.o.
> > > > Keycloak Consulting and Training
> > > >
> > > > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> > > > +42 (022) 888-30-71
> > > > E-mail: info at acutus.pro
> > > >
> > > > On Tue, 2018-07-31 at 14:13 -0700, Will Lopez wrote:
> > > > > Hi Dmitry,
> > > > >
> > > > > I have a use case for this same need: conditionally rendering a
> block of HTML in in the login.ftl based on the value of a query string
> param.
> > > > >
> > > > > I have an a question with more details here:
> https://stackoverflow.com/questions/51619158/keycloak-make-query-string-param-available-in-marker-freemarker-template?noredirect=1#comment90204334_51619158
> > > > >
> > > > > I attempted to use ${ur} as you suggested, however it does not
> have a public method that provides the request url :(
> > > > >
> > > > >
> https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/forms/login/freemarker/model/UrlBean.java
> > > > >
> > > > > I am missing something? Or is there any other way to access the
> login request url in login.ftl?
> > > > >
> > > > > Thanks, Will
> > > > >
> > > > > > > > On Jul 30, 2018, at 9:25 PM, Dmitry Telegin <dt at acutus.pro>
> wrote:
> > > > > >
> > > > > > Hi Craig, sorry for late response,
> > > > > >
> > > > > > On Thu, 2018-07-12 at 06:08 -0500, Craig Setera wrote:
> > > > > > > We build and host a multitenant application that is currently
> using
> > > > > > > homegrown authentication and authorization (using
> Picketlink).  We are
> > > > > > > considering a move to Keycloak.  My preference would be to use
> the login
> > > > > > > flows that are built in to Keycloak rather than building our
> own, however
> > > > > > > that is dependent on whether we can properly brand those login
> flows on a
> > > > > > > per-customer basis in some dynamic way.
> > > > > >
> > > > > > In Keycloak parlance, the term "login flow" has a very particular
> > > > > > meaning. Basically, it's what you see in the Authentication
> section in
> > > > > > the Admin Console. It defines how authentication *works* rather
> than
> > > > > > how it *looks like* (i.e. logic rather than appearance).
> > > > > >
> > > > > > Do you really mean "login flows"? From the second part of your
> message
> > > > > > I can deduce you're mainly interested in customizing the GUI.
> > > > > >
> > > > > > > In looking at the theme SPI support, it appears to be mostly
> targeted to
> > > > > > > supporting mulitple "static" themes.  Is it possible to make a
> theme that
> > > > > > > is dynamic based on, for example, a query parameter?
> > > > > >
> > > > > > By default, Keycloak uses FreeMarker templates for login
> screens. In
> > > > > > the templates, the URL object is exposed as ${url}, so you can
> analyze
> > > > > > it and add conditional statements. If you're ok with that,
> probably you
> > > > > > won't need to implement any SPIs.
> > > > > >
> > > > > > Otherwise, you can either implement custom theme selection logic
> based
> > > > > > on request parameters (Theme Selector SPI), or completely
> redefine
> > > > > > theming mechanism (Theme SPI).
> > > > > >
> > > > > > >    Are there any
> > > > > > > examples anywhere on how that might be possible?
> > > > > >
> > > > > > Well, builtin Keycloak themes are the best example IMO :) you
> can find
> > > > > > the default login theme under
> > > > > > themes/src/main/resources/theme/base/login in the source tree.
> > > > > >
> > > > > > > Would Keycloak carry
> > > > > > > through query parameters if they were provided when launching
> the login
> > > > > > > flow?
> > > > > >
> > > > > > It's best to create a custom theme and see :)
> > > > > >
> > > > > > Good luck!
> > > > > > Dmitry Telegin
> > > > > > CTO, Acutus s.r.o.
> > > > > > Keycloak Consulting and Training
> > > > > >
> > > > > > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> > > > > > +42 (022) 888-30-71
> > > > > > E-mail: info at acutus.pro
> > > > > >
> > > > > > > Thanks,
> > > > > > > Craig
> > > > > > > _______________________________________________
> > > > > > > keycloak-user mailing list
> > > > > > > keycloak-user at lists.jboss.org
> > > > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > > > _______________________________________________
> > > > > > keycloak-user mailing list
> > > > > > keycloak-user at lists.jboss.org
> > > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > >
> > > > >
> > > >
>

More information about the keycloak-user mailing list