[keycloak-user] KeyCloak Server as OpenID provider for AppEngine

[Andrew Moedinger]

Hi folks!

I'd like to use my KeyCloak server to authenticate an AppEngine application.

I'm currently authenticating using Google accounts as it works out of the
box, but I want to handle account management myself, largely for user
perception issues.

I see two options:

1) Implement a new KeyCloak Adapter for AppEngine - I haven't found an
existing one so far.
-- This seems pretty doable with all the examples to base it on... but I'd
rather not write and maintain another 1000 lines of code if it's not
necessary!

2) Use the experimental OpenID Connect-based federated login of AppEngine
-- I'm currently hitting an issue here where AppEngine is looking for an
XRDS document. I'll try returning one pointing to the OpenId service of my
server, but I suspect more issues will come up with this route, and
debugging issues in the internal AppEngine auth flow is a bit tricky.

Is this a crazy approach? Has anyone else tried something similar or have
better ideas?

Cheers,
Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150911/fd1c8d0a/attachment.html