I looked over a solution for configuration user 2FA (OTP) from my application using Admin API. Obviously, I looked over another similar questions where the answer was 'NO', but I started thinking: how Keycloak implemented this feature from the Account Console ?
I tried to debug the new Keycloak v2 theme without any success. Could anyone explain or link some resources where to find how the link is build ?
The most important information which I pretty understand is that it redirects to login page with
kc_action='CONFIGURE_TOTP'
but the rest of the link is magic for my knowledge.
** To be more specific, the link beside that button 'Set up authenticator application'.
Thanks a lot!
Related
I watched the recent Youtube video intro to Keycloak and have been following along with the examples used here: https://github.com/stianst/keycloak-containers-demo
I have it all working fine, and I am trying to test what this might look like with more applications. So I have added an additional Jenkins app to the mix and configured it to use the OIDC plugin for authentication. Was easy and works great. So now I have one realm with two clients, jenkins and the js-console. I am seeing some unexpected behaviors and wondering if I am doing something wrong or just have a fundamental misunderstanding about what Keycloak can provide.
I am not getting SSO. If I access the js-console app and login and then open the URL for Jenkins I am redirected to Keycloak and have to login again. I was expecting SSO to happen here. Doesn't Keycloak set a cookie or something so that I would be logged in to the second app? Thinking out loud .. could the fact that I am not using SSL be the issue? Maybe the cookie is marked as secure?
I went ahead and added Github login like in the demo. From what I can tell this will only work with one client. Both my clients get the same login screen so both have the login with Github option available, but the redirect URL's can only be configured for one of the clients. Is there a solution for this so that you could have many clients sharing the same realm and allow login via social login?
I would like to eventually test a SAML provider like Okta and am wondering if I will run into the same problem with that as I did with Github?
I have a Xamarin Forms project that uses Google Authentication as described here. I can log in fine, but I can't figure out a way to truly log out of Google. The Google accounts are stored in the browser, so when I use the Presenter to display the Choose an Account list from Google, the passwords don't need to be entered. Is there a way to force the user to enter their google password every time?
If your open to switching to a different solution to OAuth. I have used the Simple Auth Package. It provides a method to log out. The documentation provides a fairly easy implementation. Once you have the log in set.Use ResetData(); to log out.
I know this does not answer your question exactly but it would be a possible solution.
I have tested and used Bluemix SSO with a Liberty runtime on Bluemix successfully with the G+ login provider. Now I added LinkedIn and Cloud Directory providers as well.
However, when I try to login, it still always redirects me to the G+ login. When I disable G+ in the SSO service, it tells me "FBTIAS030E No login methods are configured.", even though the other two are enabled in the SSO config (and verified in case of LinkedIn).
I have restarted the runtime, and even re-staged it, to no avail.
Any ideas?
Did you customize the login.html page? If you did, you can get the default template back by using the reset button at the Custom Design page. The default template displays the list of Identity Providers that you set up.
Sorry for the late reply, but I found the problem. The nice big switches in front of each provider (in the dashboard for the SSO service) were doing nothing in terms of switching providers on or off. You need to go to the "integrate" tab where the real switches are to enable the other providers.
My school is looking to use moodle as an LMS and integrating it with google apps. What I would like to implement in the integration is a single sign on where once a user is logged into google apps, they would immediately be logged into their moodle account. I want this to also be possible vice versa where a user would also be automatically logged into their google apps account if they login to moodle instead. So far the plugins I have found can only do one or the other; not both (or perhaps I do not know how to configure them this way).
I have tried using googleoauth2 and GSAML but had no luck. Can someone please help or guide me somewhere that has this implemented?
Thanks you
THe process is well-documented here: https://docs.moodle.org/29/en/Google_Apps_Integration
The OneLogin plugin (among other options) supports both SSO and Google Apps. I would suggest starting there.
The exact documentation (should you choose to proceed with this login) can be found here. You will need OpenAM as well.
I would like to install a custom Wi-fi hotspot which needs login to enable Internet access with this requirements and I would like to know if someone has installed.
Requirements:
Login server: I have my own OAuth server built with Java/Spring to
enable user login with Twitter and Facebook via REST API.
Wi-fi access point: allows user Internet access when login success.
When the user selects the Wi-Fi network, the landing page must appear with the login button.
I' ve got the login module, but I don' t know how to install some kind of Wi-fi hotspot with a custom landing page that could link with this login server. I've searched for some kind of tool or software, but I found nothing. Any ideas or suggestions, please?
Thank you very much!
I just stumbled over a google code project which achieves what you want for routers running openwrt.
The basic setup is this: You run a router with openwrt (a list of supported Hardware can be found on their wiki). Then you install wifidog to provide your portal page and run the project (which now seeems to have moved here and has been renamed to KikiAuth) as the auth provider for wifidog.
Since KikiAuth is opensource it should be easy to adopt the method it uses to provide the auth information for wifidog into your existing software and use it as the provider instead if you want to manage the login process yourself.
More details about the setup can be found on the page of the google code project.