AMJ*_*ony 5 java authentication keycloak keycloak-services
I'm trying to implement a custom keycloack Authenticator SPI for authentication purposes against an external Datasource/Rest Service. The plan is to migrate them into keycloak.
Updated the browser flow(copy and created a new flow and bind it).
First time when the user logs in, will display custom theme login screen.
On submit Using Custom SPI authenticate against external service.
On success create users on the keycloak datasource.
Create custom mappers to add extra user attributes on tokens.
I'm following section 8.3 of the official guide https://www.keycloak.org/docs/latest/server_development/index.html#_auth_spi_walkthrough, which is very similar to what I need.
Also, followed examples(https://github.com/keycloak/keycloak/tree/master/examples/providers/authenticator) I think the instructions doesn't map it to the new version.
For example: In your copy, click the "Actions" menu item and "Add Execution". Pick Secret Question.
In Keycloak-6.0.1, there isn't any such execution as "Pick Secret Question". I really don't need this, but I was atleast trying to set this flow to get hold on how the flow works.
Next you have to register the required action that you created. Click on the Required Actions tab in the Authenticaiton menu. Click on the Register button and choose your new Required Action.
There isn't such Register button on the required action.
Things I have done. Created new realm Registered UI client Created new user in new realm in keycloak tables. UI on login redirects to Keycloak UI and successfully authenticated and able to retrieve successfully tokens using javascript adapters
componentDidMount = () => {
const keycloak = Keycloak('/keycloak.json');
keycloak.init({onLoad: 'login-required'}).then(authenticated => {
this.setState({ keycloak: keycloak, authenticated: authenticated })
})
}
....
....
if(this.state.keycloak) {
if(this.state.authenticated) return (
<div className="contact-body">
<p>Name: {this.state.name}</p>
<p>Email: {this.state.email}</p>
<p>ID: {this.state.id}</p>
</div>
);
}
}
Would like to use Keycloak Login UI features(like OTP) along with custom authenticator SPI. In the custom authenticator SPI get form fields like username and password and authenticate it using external service. Then create users in Keycloak DB.
管理员可以在 keycloak 中锁定/暂时暂停某个领域内的用户吗?
我计划使用的另一个选项是,更新 login.ftl onsubmit 将用户名/密码发布到自定义服务,并将 keycloak url 作为查询参数传递。
Will validate it against custom service, create users on keycloak database and redirect to keycloak url which is passed on query param. This doesn't seem like right way.
任何帮助/想法都会非常有帮助。
| 归档时间: |
|
| 查看次数: |
5851 次 |
| 最近记录: |