[keycloak-user] KeyCloak Server as OpenID provider for AppEngine

Stian Thorgersen stian at redhat.com
Fri Sep 11 10:19:05 EDT 2015

----- Original Message -----
> From: "Andrew Moedinger" <a at soliduslink.com>
> To: keycloak-user at lists.jboss.org
> Sent: Friday, 11 September, 2015 11:09:38 AM
> Subject: [keycloak-user] KeyCloak Server as OpenID provider for AppEngine
> Hi folks!
> I'd like to use my KeyCloak server to authenticate an AppEngine application.
> I'm currently authenticating using Google accounts as it works out of the
> box, but I want to handle account management myself, largely for user
> perception issues.
> I see two options:
> 1) Implement a new KeyCloak Adapter for AppEngine - I haven't found an
> existing one so far.
> -- This seems pretty doable with all the examples to base it on... but I'd
> rather not write and maintain another 1000 lines of code if it's not
> necessary!
> 2) Use the experimental OpenID Connect-based federated login of AppEngine
> -- I'm currently hitting an issue here where AppEngine is looking for an XRDS
> document. I'll try returning one pointing to the OpenId service of my
> server, but I suspect more issues will come up with this route, and
> debugging issues in the internal AppEngine auth flow is a bit tricky.

XRDS is an OpenID 2 thing, which we don't support. Keycloak only supports OpenID Connect.

> Is this a crazy approach? Has anyone else tried something similar or have
> better ideas?

No, as long as there's a standard way to use an OpenID Connect provider in Google AppEngine, that's a decent option.

> Cheers,
> Andrew
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list