We are currently evaluating Keycloak Passwordless login feature which is called Webauthn and follows FIDO2 specification.
I am able to customize authentication flow (through admin console of keycloak) and login with fido2 device (platform authenticator of my Mac), it works fine.
However I cannot find an option to register user through Webauthn flow. Below are the questions:
Is it something currently supported in keycloak ?
Can Webauthn flow be managed programmatically? Using keycloak spring boot starter and etc.
Thanks
Related
Spring 5.1+ should allow me to configure Auth0's login without a 3rd party jar, I've done similar things before. problem is I haven't figured out all the right properties. What do I need to set in order for this to work?
Create a new Application in Auth0 Dashboard, select Spring Boot as framework.
Set the following callback URL, when adding the settings of your application.
http://localhost:8080/login/oauth2/code/auth0
In dependencies
runtimeOnly("org.springframework.boot:spring-boot-starter-security")
runtimeOnly("org.springframework.boot:spring-boot-starter-web")
runtimeOnly("org.springframework.boot:spring-boot-starter-oauth2-client")
In application.properties is
spring.security.oauth2.client.registration.auth0.scope[0]=openid
spring.security.oauth2.client.registration.auth0.scope[1]=profile
spring.security.oauth2.client.registration.auth0.scope[2]=email
spring.security.oauth2.client.registration.auth0.client-id=<your client id in your application in Auth0 Dashboard>
spring.security.oauth2.client.registration.auth0.client-secret=<your secret in your application in Auth0 Dashboard>
# I haven't found general documentation for this but it's in format https://<your domain in dashboard
spring.security.oauth2.client.provider.auth0.issuer-uri=https://<your domain in your application in Auth0 Dashboard>
For more information a technology documentation page should have opened up when you created the application. Seems to be available via Applicaton -> QuickStart.
I've written a software system that uses Spring Cloud Netflix. Due to Spring Security 5 not offering support for writing an Authorization Server (pls shout out here https://github.com/spring-projects/spring-security/issues/6320) I need to write my own Authorization server. I want my application to permit Social login and username/password registration, have a custom login page but also use keycloack. I don't even know from where to start, if you have any documentations or code samples please provide.
You can use the cas project. By using the overlay it is easy to set up and to customize:
https://github.com/apereo/cas-overlay-template/blob/master/README.md
It serves a frontend where your user can be redirected to and can login. After successful login, the user is redirected back to your web page. The frontend is completely customizable.
It supports all kinda of authentication providers like keycloak, database or Google/Facebook.
After basic setup you just add the dependency inside the gradle file, configure your keycloak/database/... in the application.properties and can start using it as authentication server.
It fits perfect into a microservice landscape and is curated by professionals implementing security best practice.
https://apereo.github.io/cas/6.1.x/planning/Getting-Started.html
Hi, I am trying to use single-sign on with keycloak and springboot 2 app
I got local keycloak setup realm and client.
I followed this example : spring-boot-keycloak-tutorial
This works fine, my issue is that I want to implement single sign on. Which means I don't want the user to login using keycloak login page.
If the users are logged in to the network (using Windows machine), and try to access the page, then they should be able to access the application without login because they are valid network users.
I don't seem to find an example on how to setup SSO and pass the credentials directly from windows to keycloak
You can configure your realm to use Kerberos user federation. This will enable SSO using the active directory.
See the official example page
You then need to make sure that your browser to support the SSO.
It turned out that the keycloak-spring-boot-adapter does not work for spring boot 2.0+
I changed my spring version to 1.5.3 instead of 2.0.5 and this solved the problem.
I am not sure if there is an alternative for spring boot 2.0
I have an architecture where my user application wants to use a basic authentication when accessing a spring service. This service has to use a Keycloak instance to verify the user/pass of the user application. I don't succeed to configure it (and don't know if its possible).
Yes, it is possible. Keycloak has Spring Security adapter that can be configured for Client and/or Resource Server.
https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_security_adapter
And also a working example here:
https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-spring-security
I'd like to give users the option to login to a Spring Boot web application using their Google or Facebook account.
I checked The Spring Cloud Security documentation and also This GitHub issue to add such SSO functionality, but on both they only show how to configure one SSO server, so it's either Google or Facebook.
How can I add both options? on the web front-end I will add a button for each option so the users can choose which account to use, either Google or Facebook.
Or I am choosing the wrong package and should use something different altogether to achieve this?
Thanks!
You basically have to install a separate authentication filter for each provider. There's a tutorial here: https://spring.io/guides/tutorials/spring-boot-oauth2/.