Comments (2)
Hey @Jirvil,
I know flows can become quite complicated and it may sometimes be a bit cumbersome to configure them. I made some minor changes to the docs, but would like to understand a little better where the exact issue is.
Default Keycloak Browser Flow contains mixed required and alternative subflows/steps/authenticators, that, as described in documentation, can't be used in conjunction with keycloak-restrict-client-auth.
Yes, and it is perfectly fine to do so as long as you do not have them on the same level. Where in the docs do you read that it is not supported?
Built-in Browser Flow contains Cookie, IdP and Forms alternatives on top. And you can't just add a keycloak-restrict-client-auth to the bottom of the list and set it as Required.
Ok, I changed the docs in this regard.
The solution is not just to create a copy of the built-in Bowser Flow
I can't find instructions like that in the docs.
You need to create three sub-flows for Cookie, IdP and Forms and add keycloak-restrict-client-auth to each of this subflows.
No, you do not have to. Please take a look at the example from the docs. It is not needed.
The Keycloak documentation has some good information about how to configure flows: https://www.keycloak.org/docs/21.0.1/server_admin/#_authentication-flows
I do not want to replicate any of that content. With that in mind, what else do you think is missing or unclear?
from keycloak-restrict-client-auth.
Hi @sventorben!
Thanks for your answer!
No, you do not have to. Please take a look at the example from the docs. It is not needed.
Your last image (the same one in the documentation) is different (for some reason) from the standard built-in Browser flow. You have a top-level "Login" sub-flow which is missing from the keycloak configuration (at least in my conf). (See image below).
In my Built-in Browser flow there are four Alternatives on top and there no place to correctly put the Required
keycloak-restrict-client-auth. That's why I wrote that it's not enough just to copy the standard browser flow and you need to build your own. I don't think it's very clear from the documentation.
But you are right, the structure may be different, with one common sub-flow and one keycloak-restrict-client-auth.
from keycloak-restrict-client-auth.
Related Issues (20)
- No access denied when access is denied HOT 8
- [Doumentation] Document usage with other flows than login flow
- How to make multiple groups and multiple clients restricted-access name HOT 8
- [BUG] restrict is by passed if user connects with token HOT 9
- [Feature] Support for configuring different role per client HOT 7
- Support for customised messages per client HOT 4
- [BUG] Error before authentication - invalid username password HOT 7
- No error access-denied will be show in the result browser windows HOT 10
- [Documentation] Update images in docs
- Unable to install the extension
- Client Restriction Fails with Internal Server Error HOT 1
- [Feature] Support a Docker-based release HOT 2
- [question] Policy-based mode
- User without restricted-access role is being able to authenticate. HOT 10
- [BUG] Cannot find authentication provider implementation with provider ID 'basic-auth' HOT 6
- [BUG] Extension not bein executed HOT 2
- Issue with Browser flow HOT 10
- [BUG] Unknown flow provider type HOT 1
- [BUG] Regex Policy based on multivalued attributes
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from keycloak-restrict-client-auth.