cooperlyt / keycloak-phone-provider

A Keycloak provider for phone and SMS
MIT License
286 stars 159 forks source link

Installing provider k8s bitbucket/keycloak #44

Open DmitriZamysloff opened 1 year ago

DmitriZamysloff commented 1 year ago

Hi,

I am trying to add plugin to bitnami/keycloak distribution. I am using helm chart which utilizes bitnami/keycloak:20.0.5-debian-11-r4 image. I am creating docker image with jar files:

FROM busybox:latest
RUN mkdir -p /opt/tmp
ADD https://github.com/cooperlyt/keycloak-phone-provider/releases/download/21.0.1_phone-2.2.2/keycloak-phone-provider.jar /opt/tmp/
ADD https://github.com/cooperlyt/keycloak-phone-provider/releases/download/21.0.1_phone-2.2.2/keycloak-phone-provider.resources.jar /opt/tmp/
ADD https://github.com/cooperlyt/keycloak-phone-provider/releases/download/21.0.1_phone-2.2.2/keycloak-sms-provider-twilio.jar /opt/tmp/

then I am attaching this as init container and copy all jar files to the shared mounted volume which is then mounted on the path "/opt/bitnami/keycloak/providers" in mentioned bitnami image. By start getting following error:

2023-04-04T18:09:43.528822877Z ERROR: Failed to run 'build' command.
2023-04-04T18:09:43.528843669Z ERROR: java.io.IOException: Failed to create a new filesystem for /opt/bitnami/keycloak/lib/../providers/keycloak-phone-provider.resources.jar
2023-04-04T18:09:43.528875585Z ERROR: Failed to create a new filesystem for /opt/bitnami/keycloak/lib/../providers/keycloak-phone-provider.resources.jar
2023-04-04T18:09:43.528887710Z ERROR: zip END header not found
2023-04-04T18:09:43.528890877Z For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.

Can you help? Thank you in advance.

P.S. Before I was installing on the same image some different plugin using the same procedure - it worked.

cooperlyt commented 1 year ago

21.0.1_phone-2.2.2 is for keycloak 21.0.1 ; try change your keyclaok version or use Keycloak20.0.5_phone-2.3.1

This error look like a filesystem error!

DmitriZamysloff commented 1 year ago

21.0.1_phone-2.2.2 is for keycloak 21.0.1 ; try change your keyclaok version or use Keycloak20.0.5_phone-2.3.1

This error look like a filesystem error!

Switched to 21 version of Keycloak. In docker compose works if I just mount folder with jars into /opt/bitnami/keycloak/providers. If in k8s I use init container which copies jars into folder (emptyDir volume) which will be than mounted on path /opt/bitnami/keycloak/providers in bitnami container then I receive same exceptions:

ERROR: Failed to run 'build' command.
ERROR: java.io.IOException: Failed to create a new filesystem for /opt/bitnami/keycloak/lib/../providers/keycloak-sms-provider-twilio.jar
ERROR: Failed to create a new filesystem for /opt/bitnami/keycloak/lib/../providers/keycloak-sms-provider-twilio.jar
ERROR: /opt/bitnami/keycloak/lib/../providers/keycloak-sms-provider-twilio.jar
For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command."
cooperlyt commented 1 year ago

Sorry! I don't know much about k8s, so I can't help you.

DmitriZamysloff commented 1 year ago

Hi, got it working. Now for a single client in realm I want to be able to login just by phone and SMS verification code, without password. Is it possible? Thanks in advance.

cooperlyt commented 1 year ago

oh , you need change this page remove username and password input , create a new theme.

DmitriZamysloff commented 1 year ago

Hi, may be I did not explain our usecase well. We have two type of clients for keycloak. The first one is ordinary web portal so no surprises. The second one is an app. By this app we have login flow like input phone number -> receive code -> enter code as password -> token. I just realised that your plugin basically does OTP over SMS. So my question if we can build described workflow for app using your plugin or we need to write our own.

I would also like to understand if the flow in keycloak is possible where I enter just username=phonenumber without any password and then go to the OTP. Can then be a successful login.

I am asking you because IMHO if you have written plugin for Keycloak you must be experts or in any case have more knowledge of keycloak. Thank you very much in advance.

Canislupus1980 commented 1 year ago

Hello! Yes you can use the plugin. It implements the use of a personal SMS-gate for registration in a guest wi-fi network. Now this plugin allows registration by user (phone number) and receiving SMS. It is possible that if you wait, after a while, the implementation of logging in using the registered phone number to the portal will be completed, and a mask for entering the phone number will be added.

ср, 12 апр. 2023 г. в 11:28, Dmitri Zamysloff @.***>:

Hi, may be I did not explain our usecase well. We have two type of clients for keycloak. The first one is ordinary web portal so no surprises. The second one is an app. By this app we have login flow like input phone number -> receive code -> enter code as password -> token. I just realised that your plugin basically does OTP over SMS. So my question if we can build described workflow for app using your plugin or we need to write our own.

I would also like to understand if the flow in keycloak is possible where I enter just username=phonenumber without any password and then go to the OTP. Can then be a successful login.

I am asking you because IMHO if you have written plugin for Keycloak you must be experts or in any case have more knowledge of keycloak. Thank you very much in advance.

— Reply to this email directly, view it on GitHub https://github.com/cooperlyt/keycloak-phone-provider/issues/44#issuecomment-1504872540, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUXNF2SPQ5IVJYQZFSUUZZ3XAZRS5ANCNFSM6AAAAAAWTB53TI . You are receiving this because you are subscribed to this thread.Message ID: @.***>

DmitriZamysloff commented 1 year ago

Hello! Yes you can use the plugin. It implements the use of a personal SMS-gate for registration in a guest wi-fi network. Now this plugin allows registration by user (phone number) and receiving SMS. It is possible that if you wait, after a while, the implementation of logging in using the registered phone number to the portal will be completed, and a mask for entering the phone number will be added. ср, 12 апр. 2023 г. в 11:28, Dmitri Zamysloff @.>: Hi, may be I did not explain our usecase well. We have two type of clients for keycloak. The first one is ordinary web portal so no surprises. The second one is an app. By this app we have login flow like input phone number -> receive code -> enter code as password -> token. I just realised that your plugin basically does OTP over SMS. So my question if we can build described workflow for app using your plugin or we need to write our own. I would also like to understand if the flow in keycloak is possible where I enter just username=phonenumber without any password and then go to the OTP. Can then be a successful login. I am asking you because IMHO if you have written plugin for Keycloak you must be experts or in any case have more knowledge of keycloak. Thank you very much in advance. — Reply to this email directly, view it on GitHub <#44 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUXNF2SPQ5IVJYQZFSUUZZ3XAZRS5ANCNFSM6AAAAAAWTB53TI . You are receiving this because you are subscribed to this thread.Message ID: @.>

So basically what you say is that this particular plugin is suitable for our use-case and there will be added special forms to use only phone number and receive temporary password over SMS. We have account on twillio and will be using twillio as SMS gateway. Do you have already any timeframe in mind when this extra form will be ready.

cooperlyt commented 1 year ago

OTP over SMS is used for 2FA , you need token by phone this is example for android client keycloak client