airavata-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcus Christie (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (AIRAVATA-2407) Keycloak: how to restrict authentication methods allowed
Date Fri, 02 Jun 2017 12:34:04 GMT

    [ https://issues.apache.org/jira/browse/AIRAVATA-2407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16034616#comment-16034616
] 

Marcus Christie edited comment on AIRAVATA-2407 at 6/2/17 12:33 PM:
--------------------------------------------------------------------

A [response|http://lists.jboss.org/pipermail/keycloak-user/2017-June/010837.html] for the
users list:
{quote}
Hi Marcus,

Both should be possible. For 1) have a look at https://keycloak.gitbooks.io/documentation/content/server_admin/topics/identity-broker/default-provider.html
and for 2) look at https://keycloak.gitbooks.io/documentation/content/server_admin/topics/identity-broker/suggested.html

Best regards,
Sebastian

Mit freundlichen Grüßen / Best regards

Sebastian Schuster

{quote}


Looking at the docs, setting a default provider would redirect automatically from the login
page to the default identity provider. It's not quite the same as disabling username/password
authentication, but for all intents and purposes, I think it accomplishes the same thing.
This way there would be no way that a user could login with a username and password.


was (Author: marcuschristie):
A response for the users list:
{quote}
Hi Marcus,

Both should be possible. For 1) have a look at https://keycloak.gitbooks.io/documentation/content/server_admin/topics/identity-broker/default-provider.html
and for 2) look at https://keycloak.gitbooks.io/documentation/content/server_admin/topics/identity-broker/suggested.html

Best regards,
Sebastian

Mit freundlichen Grüßen / Best regards

Sebastian Schuster

{quote}


Looking at the docs, setting a default provider would redirect automatically from the login
page to the default identity provider. It's not quite the same as disabling username/password
authentication, but for all intents and purposes, I think it accomplishes the same thing.
This way there would be no way that a user could login with a username and password.

> Keycloak: how to restrict authentication methods allowed
> --------------------------------------------------------
>
>                 Key: AIRAVATA-2407
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-2407
>             Project: Airavata
>          Issue Type: Bug
>          Components: Security
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>             Fix For: 0.18
>
>
> In Keycloak we would like to be able to enable CILogon but disable username/password
login.
> From Eroma's notes:
> {quote}
> If we need to restrict one authentication method in a gateway, need to find out how to
configure this. Currently we haven’t found out how to enable only CILogon (In keycloak the
default setting is both CILogon and account creation to he available).
> {quote}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message