Git Product home page Git Product logo

Comments (2)

sventorben avatar sventorben commented on May 22, 2024

Hey @Jirvil,

I know flows can become quite complicated and it may sometimes be a bit cumbersome to configure them. I made some minor changes to the docs, but would like to understand a little better where the exact issue is.

Default Keycloak Browser Flow contains mixed required and alternative subflows/steps/authenticators, that, as described in documentation, can't be used in conjunction with keycloak-restrict-client-auth.

Yes, and it is perfectly fine to do so as long as you do not have them on the same level. Where in the docs do you read that it is not supported?

Built-in Browser Flow contains Cookie, IdP and Forms alternatives on top. And you can't just add a keycloak-restrict-client-auth to the bottom of the list and set it as Required.

Ok, I changed the docs in this regard.

The solution is not just to create a copy of the built-in Bowser Flow

I can't find instructions like that in the docs.

You need to create three sub-flows for Cookie, IdP and Forms and add keycloak-restrict-client-auth to each of this subflows.

No, you do not have to. Please take a look at the example from the docs. It is not needed.

Example Flow

Flows with levels explained

The Keycloak documentation has some good information about how to configure flows: https://www.keycloak.org/docs/21.0.1/server_admin/#_authentication-flows
I do not want to replicate any of that content. With that in mind, what else do you think is missing or unclear?

from keycloak-restrict-client-auth.

Jirvil avatar Jirvil commented on May 22, 2024

Hi @sventorben!
Thanks for your answer!

No, you do not have to. Please take a look at the example from the docs. It is not needed.

Your last image (the same one in the documentation) is different (for some reason) from the standard built-in Browser flow. You have a top-level "Login" sub-flow which is missing from the keycloak configuration (at least in my conf). (See image below).
In my Built-in Browser flow there are four Alternatives on top and there no place to correctly put the Required
keycloak-restrict-client-auth. That's why I wrote that it's not enough just to copy the standard browser flow and you need to build your own. I don't think it's very clear from the documentation.
But you are right, the structure may be different, with one common sub-flow and one keycloak-restrict-client-auth.
chrome_iUZMgTHa2r

from keycloak-restrict-client-auth.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.