You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@airavata.apache.org by "Marcus Christie (JIRA)" <ji...@apache.org> on 2017/05/31 19:21:05 UTC

[jira] [Commented] (AIRAVATA-2407) Keycloak: how to restrict authentication methods allowed

    [ https://issues.apache.org/jira/browse/AIRAVATA-2407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16031786#comment-16031786 ] 

Marcus Christie commented on AIRAVATA-2407:
-------------------------------------------

Sent an email to the keycloak-user list for this issue and AIRAVATA-2409
{quote}
Hello,

I have two questions about Identity Provider configuration in Keycloak.

1) I would like to add an Identity Provider and then have this be the only option available to the user for authentication.  Is there a way to disable the username/password authentication and not show it on the login screen?

2) Is there a way to redirect to Keycloak and have it immediately redirect to an Identity Provider?  As an example, let’s say I have two Identity Providers, Google and Facebook.  In my web application I know that the user wants to log in via Google so I want to redirect to Keycloak and tell Keycloak to select the Google Identity Provider and redirect to it immediately.  Maybe something like my web application redirects to keycloak like so:

https://mykeycloak.org/auth/realms/myrealm/protocol/openid-connect/auth?response_type=code&client_id=...&redirect_uri=...&scope=openid&selected_identity_provider=google

and then mykeycloak.org immediately redirects to Google.  For the user they don’t see the Keycloak page.

Is there any functionality like the in Keycloak?


Thanks,

Marcus
{quote}


> Keycloak: how to restrict authentication methods allowed
> --------------------------------------------------------
>
>                 Key: AIRAVATA-2407
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-2407
>             Project: Airavata
>          Issue Type: Bug
>          Components: Security
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>             Fix For: 0.18
>
>
> In Keycloak we would like to be able to enable CILogon but disable username/password login.
> From Eroma's notes:
> {quote}
> If we need to restrict one authentication method in a gateway, need to find out how to configure this. Currently we haven’t found out how to enable only CILogon (In keycloak the default setting is both CILogon and account creation to he available).
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)