Is is posible to use a custom authentication logic in Keycloak?












0















I have configured Keycloak with LDAP User Federation. When a user wants to login into an application, he is redirected to the Keycloak login page, enters the uid/pwd and is authenticated using an LDAP bind.



This isn't enough for my requirements since I would like to implement some custom authentication logic, e.g:



public boolean authenticate(String uid, String pwd) {

//1.- validate against LDAP
//2.- do some other validations
return validationResult;
}


How could I include my own authentication logic into Keycloak?










share|improve this question





























    0















    I have configured Keycloak with LDAP User Federation. When a user wants to login into an application, he is redirected to the Keycloak login page, enters the uid/pwd and is authenticated using an LDAP bind.



    This isn't enough for my requirements since I would like to implement some custom authentication logic, e.g:



    public boolean authenticate(String uid, String pwd) {

    //1.- validate against LDAP
    //2.- do some other validations
    return validationResult;
    }


    How could I include my own authentication logic into Keycloak?










    share|improve this question



























      0












      0








      0








      I have configured Keycloak with LDAP User Federation. When a user wants to login into an application, he is redirected to the Keycloak login page, enters the uid/pwd and is authenticated using an LDAP bind.



      This isn't enough for my requirements since I would like to implement some custom authentication logic, e.g:



      public boolean authenticate(String uid, String pwd) {

      //1.- validate against LDAP
      //2.- do some other validations
      return validationResult;
      }


      How could I include my own authentication logic into Keycloak?










      share|improve this question
















      I have configured Keycloak with LDAP User Federation. When a user wants to login into an application, he is redirected to the Keycloak login page, enters the uid/pwd and is authenticated using an LDAP bind.



      This isn't enough for my requirements since I would like to implement some custom authentication logic, e.g:



      public boolean authenticate(String uid, String pwd) {

      //1.- validate against LDAP
      //2.- do some other validations
      return validationResult;
      }


      How could I include my own authentication logic into Keycloak?







      keycloak redhat-sso






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 25 '18 at 22:48







      codependent

















      asked Nov 25 '18 at 22:37









      codependentcodependent

      7,4181061130




      7,4181061130
























          2 Answers
          2






          active

          oldest

          votes


















          0














          To add a new authentication mechanism, you implement the Authentication SPI. This is described in the Server Development guide > Authentication SPI section.






          share|improve this answer































            0














            You could implement an Authentication SPI and deploy it to Keycloak server, or you could implement the authentication logic inside the custom user provider package if you are implementing user federation without using the default options (this authentication flow would be available only for this particular federated user store in this case).






            share|improve this answer























              Your Answer






              StackExchange.ifUsing("editor", function () {
              StackExchange.using("externalEditor", function () {
              StackExchange.using("snippets", function () {
              StackExchange.snippets.init();
              });
              });
              }, "code-snippets");

              StackExchange.ready(function() {
              var channelOptions = {
              tags: "".split(" "),
              id: "1"
              };
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using("snippets", function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: 'answer',
              autoActivateHeartbeat: false,
              convertImagesToLinks: true,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: 10,
              bindNavPrevention: true,
              postfix: "",
              imageUploader: {
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              },
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              });


              }
              });














              draft saved

              draft discarded


















              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53472715%2fis-is-posible-to-use-a-custom-authentication-logic-in-keycloak%23new-answer', 'question_page');
              }
              );

              Post as a guest















              Required, but never shown

























              2 Answers
              2






              active

              oldest

              votes








              2 Answers
              2






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes









              0














              To add a new authentication mechanism, you implement the Authentication SPI. This is described in the Server Development guide > Authentication SPI section.






              share|improve this answer




























                0














                To add a new authentication mechanism, you implement the Authentication SPI. This is described in the Server Development guide > Authentication SPI section.






                share|improve this answer


























                  0












                  0








                  0







                  To add a new authentication mechanism, you implement the Authentication SPI. This is described in the Server Development guide > Authentication SPI section.






                  share|improve this answer













                  To add a new authentication mechanism, you implement the Authentication SPI. This is described in the Server Development guide > Authentication SPI section.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 26 '18 at 21:28









                  Cyril DangervilleCyril Dangerville

                  1,332516




                  1,332516

























                      0














                      You could implement an Authentication SPI and deploy it to Keycloak server, or you could implement the authentication logic inside the custom user provider package if you are implementing user federation without using the default options (this authentication flow would be available only for this particular federated user store in this case).






                      share|improve this answer




























                        0














                        You could implement an Authentication SPI and deploy it to Keycloak server, or you could implement the authentication logic inside the custom user provider package if you are implementing user federation without using the default options (this authentication flow would be available only for this particular federated user store in this case).






                        share|improve this answer


























                          0












                          0








                          0







                          You could implement an Authentication SPI and deploy it to Keycloak server, or you could implement the authentication logic inside the custom user provider package if you are implementing user federation without using the default options (this authentication flow would be available only for this particular federated user store in this case).






                          share|improve this answer













                          You could implement an Authentication SPI and deploy it to Keycloak server, or you could implement the authentication logic inside the custom user provider package if you are implementing user federation without using the default options (this authentication flow would be available only for this particular federated user store in this case).







                          share|improve this answer












                          share|improve this answer



                          share|improve this answer










                          answered Nov 27 '18 at 2:40









                          RakihthaRRRakihthaRR

                          194112




                          194112






























                              draft saved

                              draft discarded




















































                              Thanks for contributing an answer to Stack Overflow!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function () {
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53472715%2fis-is-posible-to-use-a-custom-authentication-logic-in-keycloak%23new-answer', 'question_page');
                              }
                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown







                              Popular posts from this blog

                              404 Error Contact Form 7 ajax form submitting

                              How to know if a Active Directory user can login interactively

                              Refactoring coordinates for Minecraft Pi buildings written in Python