[keycloak-dev] PAM integration with FreeIPA
Bruno Oliveira
bruno at abstractj.org
Thu Jun 23 10:00:52 EDT 2016
Good morning,
One of the use case scenarios described for FreeIPA, is the integration via PAM
and SSSD, which "automagically" handles the authentication against the IdM.
This first step requires pretty much an IPA setup, but
works with libpam4j[1]. Now, thinking about Keycloak, I
would like to have an Authenticator for PAM[2], which is pretty much our
UsernamePasswordForm + PAM. Does it make sense?
Current flow:
* User logs into Web application with username/password
* PAM authenticator collects data and authenticate against PAM
* SSSD authenticates against IdM
* Authentication is complete
After the last step, should we propagate that user to our database?
Maybe, like Marek already mentioned, have a SSSDFederationProvider?
[1] -
http://search.maven.org/#artifactdetails%7Corg.abstractj%7Clibpam4j%7C1.9.0%7Cjar
[2] - https://keycloak.gitbooks.io/server-developer-guide/content/topics/auth-spi.html
--
abstractj
PGP: 0x84DC9914
More information about the keycloak-dev
mailing list