You’re doing great job. I am already using keycloak to architect a SAAS business and provide SSO for each tenants and I have written tenant resolver as middleware. You video would certainly be helpful in enhancing login experience. Thank you.
In this tutorial, user is manually registering at the user side, OK that's fine. Here I had a issue that when the user is created by "ADMIN" and that user is supposed to login, it tells like "invalid username or password"!!!. please help me to solve!!. Thanks in advance.
Very useful video! Thanks for sharing. I found one issue with registering the WebAuthn signature step. It does not show iPhone options (Only add Android device QR code). I use an old mac book pro and google chrome. thanks
Thank you so much Sir Lukasz, for this Tutorial, very interesting and clear! Just a little question more, are FreeOTP or Google Athenticator mandatory to make it work on Androir or IPhone? Possible to make it work with native Android FingerPrint protection or Native IPhone FaceId ?
I didn't get the first part of your question: FreeOTP or Google Authenticator are for MFA. When it comes to the second part of your question, yes Android with biometric sensors or iPhone FaceID can be used as WebAuthn (Keycloak supports W3C Web Authentication WebAuthn spec).
Can we have authentication based on API key for each user? Like in my application I have few endpoint which I have to expose and authentication should be cased on API key assignment
In short: no, this is not how Keycloak works. In OIDC world you could think of JWT tokens as the API keys that get you access to your systems. That's how OIDC works. However, I found this extension which does exactly what you want: github.com/zak905/keycloak-api-key-demo
Great video! Just have one question though. I can't seem to figure out how to make passwordless the 'default'. So that users can directly use their security key without clicking 'Try another way' first. Do you know how I can set that up?
To have passwordless default, you have to keep only Passwordless authentication (remove otp and password). Then you create a new sub-flow at the main level of your Flow. You configure username/password + otp for this sub-flow. You'll then have "login with passkey" as main option and you still have "Try another way" from login form to choose username/password + OTP.
It's automatically supported, using Keycloak JavaScript adapter your users are brought to Keycloak and you can enable any authentication you want, including passwordless. You may want to follow all steps from the demo apps section to deploy sample backend services and use a React app with Keycloak JavaScript adapter: github.com/lukaszbudnik/keycloak-kubernetes#install-demo-apps
please create more videos on keycloak. they are amazing.
Glad you like them!
You’re doing great job.
I am already using keycloak to architect a SAAS business and provide SSO for each tenants and I have written tenant resolver as middleware.
You video would certainly be helpful in enhancing login experience. Thank you.
Great to hear!
Great Tutorial on passwordless authentication Keycloak ! Thanks Lukasz!
Glad you like it!
Have you tried Kerberos with Active Directory on KeyCloak?
Thanks this was a big help!
Hi! thanks for the video... your keycloak is running with HTTPS? I cannot configure de security key
Dziekuje bardzo! This is exactly what I was looking for. Thank you for sharing. It is so nice to hear you greet everyone in spanish ;D
You’re doing a great job. keep going please
Thank you
Thank you too!
Thanks! Great video
Glad you liked it!
In this tutorial, user is manually registering at the user side, OK that's fine. Here I had a issue that when the user is created by "ADMIN" and that user is supposed to login, it tells like "invalid username or password"!!!. please help me to solve!!. Thanks in advance.
Very useful video! Thanks for sharing. I found one issue with registering the WebAuthn signature step. It does not show iPhone options (Only add Android device QR code). I use an old mac book pro and google chrome. thanks
Thanks for sharing!
Thank you so much Sir Lukasz, for this Tutorial, very interesting and clear! Just a little question more, are FreeOTP or Google Athenticator mandatory to make it work on Androir or IPhone? Possible to make it work with native Android FingerPrint protection or Native IPhone FaceId ?
I didn't get the first part of your question: FreeOTP or Google Authenticator are for MFA. When it comes to the second part of your question, yes Android with biometric sensors or iPhone FaceID can be used as WebAuthn (Keycloak supports W3C Web Authentication WebAuthn spec).
Can we have authentication based on API key for each user?
Like in my application I have few endpoint which I have to expose and authentication should be cased on API key assignment
In short: no, this is not how Keycloak works. In OIDC world you could think of JWT tokens as the API keys that get you access to your systems. That's how OIDC works. However, I found this extension which does exactly what you want: github.com/zak905/keycloak-api-key-demo
Great video! Just have one question though. I can't seem to figure out how to make passwordless the 'default'. So that users can directly use their security key without clicking 'Try another way' first. Do you know how I can set that up?
Never had this requirement before.If you find the answer please share it.
I tried this today. No luck.
To have passwordless default, you have to keep only Passwordless authentication (remove otp and password). Then you create a new sub-flow at the main level of your Flow. You configure username/password + otp for this sub-flow.
You'll then have "login with passkey" as main option and you still have "Try another way" from login form to choose username/password + OTP.
Simple & clewr 👍
Hello, what was the version of keycloak you were using? I'm trying to recreate this in keycloak 15.0.1 or above and it is not working and more.
Please check all the steps one more time, it works as you can see on the video. Also, when in doubt please cross check it with Keycloak documentation.
Helpful Video.. thank you..
Nice! but how can I implement it in a react native app?
It's automatically supported, using Keycloak JavaScript adapter your users are brought to Keycloak and you can enable any authentication you want, including passwordless. You may want to follow all steps from the demo apps section to deploy sample backend services and use a React app with Keycloak JavaScript adapter: github.com/lukaszbudnik/keycloak-kubernetes#install-demo-apps
❤👌