Comments (4)
Hello @cesarbtt,
thanks for the feature request.
Keycloak already has built-in functionality to configure a login theme per client. Would not it be sufficient deploy a client-specific theme where you overwrite the messages as needed? I am a little bit reluctant to implement some mechanism for this, that is not aligned with the way Keycloak handles such things.
Each client will check different requirements ...
Can you give me some details on this, please? I would like to better understand which scenarios and requirements you have in mind here. Aren't the requirements prescribed by the authentication flow and configured authenticators therein?
I have made a modification to the RestrictClientAuthAuthenticator.htmlErrorResponse
Would you mind sharing this, so I can have a look on what you have in mind?
Best regards,
Sven-Torben
from keycloak-restrict-client-auth.
Although in our context we limit access to clients by groups, the requirements for a user to be part of a group are different. For example if to access a client A you need to have paid a fee the message should be "You cannot access the service because you have not paid the fee". If for a client B the criterion to be assigned to his group is to reside in the city the message should be "You cannot access the service because you do not reside in this locality". This is why we need different messages for each client.
from keycloak-restrict-client-auth.
The modification I have made what it does is to check if there is a custom message for the client of the form {error-code}.{clientid}. If it exists that one is used. Otherwise the message {errorcode} is used.
I have been working with keycloak for a short time so I don't know if the implementation I have done is the best solution but for the moment it has solved our need.
from keycloak-restrict-client-auth.
private Response htmlErrorResponse(AuthenticationFlowContext context, RestrictClientAuthConfig config) {
AuthenticationSessionModel authSession = context.getAuthenticationSession();
KeycloakSession session = context.getSession();
String mensajeID = (config.getErrorMessage()!=null)?config.getErrorMessage():DEFAULT_ERROR_MESSAGE;
try {
Theme theme = session.theme().getTheme(Theme.Type.LOGIN);
UserModel user = context.getUser();
Locale locale = session.getContext().resolveLocale(user);
Properties messagesBundle = theme.getMessages(locale);
String mensajePersonalizadoID = config.getErrorMessage()+"."+authSession.getClient().getClientId();
Object mensaje = messagesBundle.get(mensajeID);
Object mensajePersonalizado = messagesBundle.get(mensajePersonalizadoID);
if (mensajePersonalizado!=null) {
mensajeID = mensajePersonalizadoID;
}
} catch (IOException e) {
e.printStackTrace();
}
return context.form()
.setError(mensajeID, authSession.getAuthenticatedUser().getUsername(),
authSession.getClient().getClientId())
.createErrorPage(Response.Status.FORBIDDEN);
}
from keycloak-restrict-client-auth.
Related Issues (20)
- No access denied when access is denied HOT 8
- [Doumentation] Document usage with other flows than login flow
- How to make multiple groups and multiple clients restricted-access name HOT 8
- [BUG] restrict is by passed if user connects with token HOT 9
- [Feature] Support for configuring different role per client HOT 7
- [BUG] Error before authentication - invalid username password HOT 7
- [Feature] Keycloak Flow settings HOT 2
- No error access-denied will be show in the result browser windows HOT 10
- [Documentation] Update images in docs
- Unable to install the extension
- Client Restriction Fails with Internal Server Error HOT 1
- [Feature] Support a Docker-based release HOT 2
- [question] Policy-based mode
- User without restricted-access role is being able to authenticate. HOT 10
- [BUG] Cannot find authentication provider implementation with provider ID 'basic-auth' HOT 6
- [BUG] Extension not bein executed HOT 2
- Issue with Browser flow HOT 10
- [BUG] Unknown flow provider type HOT 1
- [BUG] Regex Policy based on multivalued attributes
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from keycloak-restrict-client-auth.