You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@airavata.apache.org by "Marcus Christie (JIRA)" <ji...@apache.org> on 2017/06/02 12:34:04 UTC

[jira] [Comment Edited] (AIRAVATA-2407) Keycloak: how to restrict authentication methods allowed

    [ https://issues.apache.org/jira/browse/AIRAVATA-2407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16034616#comment-16034616 ] 

Marcus Christie edited comment on AIRAVATA-2407 at 6/2/17 12:33 PM:
--------------------------------------------------------------------

A [response|http://lists.jboss.org/pipermail/keycloak-user/2017-June/010837.html] for the users list:
{quote}
Hi Marcus,

Both should be possible. For 1) have a look at https://keycloak.gitbooks.io/documentation/content/server_admin/topics/identity-broker/default-provider.html
and for 2) look at https://keycloak.gitbooks.io/documentation/content/server_admin/topics/identity-broker/suggested.html

Best regards,
Sebastian

Mit freundlichen Grüßen / Best regards

Sebastian Schuster

{quote}


Looking at the docs, setting a default provider would redirect automatically from the login page to the default identity provider. It's not quite the same as disabling username/password authentication, but for all intents and purposes, I think it accomplishes the same thing. This way there would be no way that a user could login with a username and password.


was (Author: marcuschristie):
A response for the users list:
{quote}
Hi Marcus,

Both should be possible. For 1) have a look at https://keycloak.gitbooks.io/documentation/content/server_admin/topics/identity-broker/default-provider.html
and for 2) look at https://keycloak.gitbooks.io/documentation/content/server_admin/topics/identity-broker/suggested.html

Best regards,
Sebastian

Mit freundlichen Grüßen / Best regards

Sebastian Schuster

{quote}


Looking at the docs, setting a default provider would redirect automatically from the login page to the default identity provider. It's not quite the same as disabling username/password authentication, but for all intents and purposes, I think it accomplishes the same thing. This way there would be no way that a user could login with a username and password.

> Keycloak: how to restrict authentication methods allowed
> --------------------------------------------------------
>
>                 Key: AIRAVATA-2407
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-2407
>             Project: Airavata
>          Issue Type: Bug
>          Components: Security
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>             Fix For: 0.18
>
>
> In Keycloak we would like to be able to enable CILogon but disable username/password login.
> From Eroma's notes:
> {quote}
> If we need to restrict one authentication method in a gateway, need to find out how to configure this. Currently we haven’t found out how to enable only CILogon (In keycloak the default setting is both CILogon and account creation to he available).
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)