[JAVA] Let's take a look at the functions of Keycloak's management console (user edition), user account service

What to do today

Keycloak Advent Calendar Day 10 This time, let's take a look at the Keycloak management console.

Keycloak management console

--Administrator functions --User functions (user account service)

there is.

Today, let's take a look at the latter "functions for users (user account services)".

Advance preparation

Prepare the following as per Day 2 "Keycloak Setup".

--Keycloak environment --Create Keycloak admin and regular users

User Account Service Overview

The User Account Service is the ability for users to manage their own accounts. Open a browser, access http: // localhost: 8080 / auth / realms / realm name / account /, and log in as the user user. (If you log in as a user of the realm "demo", access http: // localhost: 8080 / auth / realms / demo / account /)

The user account service consists of settings for the menu on the left side of the screen and the selection menu on the right side.

image.png

If you have enabled the internationalization setting for the realm, you can change the language setting in the upper right corner of the screen. You can also sign out of Keycloak by clicking "Sign Out" at the top right of the screen.

image.png

Now let's look at the user account service settings.

User account service settings

account

This screen is for setting account information.

image.png

item name Description
username usernameを指定する。
レルム設定で「usernameの編集」を無効にしている場合は編集できない。
レルム設定で「Eメールをusernameとする」を有効にしている場合は表示されない。
Email Emailアドレスを指定する。
Name Nameを指定する。
Surname Surnameを指定する。

password

This is the screen to change the password.

image.png

item name Description
password 現在のpasswordを指定する。
new password new passwordを指定する。
New password (confirmation) Specify a new password.

Authenticator This is the setting screen for two-factor authentication. You can enhance security by changing from one-element authentication of "ID and password" to two-element authentication of "ID and password" and "one-time password".

Time-based (TOTP) and counter-based (HOTP) can be used as the one-time password method, and FreeOTP and Google Authenticator (Google Authenticator) can be used as the one-time password generator. I can do it.

image.png

@Naokiiiii will write about the specific usage on the 12th day!

Federated Identities This is the screen for linking an account with an external ID provider. It can be used when "Identity Provider" is set in the realm settings.

@ Tamura__246 will write about the "identity provider" settings on the 15th day!

image.png

session

This screen manages your own session. Click the "Log out from all sessions" link to clear all sessions and log out.

image.png

application

This is the screen to browse the applications available to the user. An application is a client defined in the realm settings. The displayed application name will have a link to the "base URL" if the "base URL" is set in the client settings.

image.png

log

This screen is for viewing the user's event log. It is available when "Save login event" is enabled in the realm settings. By checking the log, you can check if there is any unauthorized operation by a third party.

When providing an authentication function, it is generally required to have a function to refer to the user's own login history as a security requirement, so it is nice to have this function from the beginning: smile:

image.png

User account service customization

Unlike the management console, the user account service is a screen for general users who are users of the application. In the case of screens for general users, I think that they are often customized according to the color and style of the user company. Keycloak makes it easy to customize these screens.

If you want to change the look, you can customize the theme. See the Keycloak documentation (http://www.keycloak.org/docs/latest/server_development/#_themes) for more information.

Also, as a customization requirement other than appearance, you may want to increase user attributes, but you can easily do it as follows.

** Example of adding user attribute "TEL" **

Copy the template file (KEYCLOAK_HOME) /themes/base/account/account.ftl to your theme's directory. For example, if the theme you are using is keycloak, the destination will be (KEYCLOAK_HOME) /themes/keycloak/account/account.ftl.

Add the following code to the copied ʻaccount.ftl`.

<div class="form-group">
   <div class="col-sm-2 col-md-2">
       <label for="user.attributes.tel" class="control-label">TEL</label>
   </div>

   <div class="col-sm-10 col-md-10">
       <input type="text" class="form-control" id="user.attributes.tel" name="user.attributes.tel" value="${(account.attributes.tel!'')?html}"/>
   </div>
</div>

After restarting Keycloak, if you display the account screen, you can see that the custom attribute "TEL" has been added. image.png

For more information on customizing attributes, see the Keycloak documentation (http://www.keycloak.org/docs/latest/server_development/index.html#custom-user-attributes).

Summary

Roughly, I took a look at "User Account Services". I think that every screen is easy to understand and can be operated intuitively.

Reference material

Recommended Posts

Let's take a look at the functions of Keycloak's management console (user edition), user account service
Let's take a look at the functions of Keycloak's management console (administrator edition)
Let's take a look at the screen of Quant Analyzer!
Let's take a look at the Hotspot JVM startup procedure
[Java] Let's take a look at Switch Expressions (Preview) of JDK 13.
I tried to take a look at the flow of Android development environment construction with Android Studio
I took a look at the resources of Azure Container Instance
Implement user management functions in a wizard format
A quick look at the Monty Hall problem
A Java user over a dozen years ago tried to study the functions of Java8 (Generics).
Take a quick look at Gradle and read the build.gradle generated by Spring Initializr