[keycloak-user] REST(MicroServices) authentication through SAML 2.0

Siva siva.b at knowledgeflux.com
Thu Feb 25 20:01:15 EST 2016 

Hi Experts,

 

I've got scenario, seeking your valuable inputs to take this in right
direction.

 

My application is complete server side solution which has 6 different
modules and it expose only the REST(Microservices) end points(5 modules are
hosted in tomcat 8 container and 1 is hosted in Apache Karaf [OSGI bundle] )
to the external world ; which will be accessed by different enterprise and
they need to integrate their SAML 2.0 IDP for authentication. 

 

These Microservices end points could be integrated with their existing
portals or could be integrated with their existing mobile app applications,
in some scenario's it could be an exclusive client application built to
consume our REST end points which could potentially be a browser based and
Mobile app.

 

The challenge here is, for now we could use only SAML 2.0 based
authentication since not all the organizations support OIDC/OAuth2.0 and as
well our application could be flexible enough to be integrated with the
existing client portals which uses SAML 2.0 authentication.

 

We are planning to use keycloak as IDP broker to secure our endpoints.

 

Questions :

 

1)      Can this be achieved in keycloak? If yes, could you please provide
some inputs on architectural directions in keycloak; like should all the
modules need to be configured under 1 relam and need to have a separate
brokering relam?

2)      Does keycloak support Apache karaf container? I couldn't find any
adapter for this under SAML adapter category.

3)      For REST style endpoints, how should the user credential/Token
details need to shared? Any example links? kerberos is not a complete
solution here, since it need to work on all the devices(Desktop,Laptop &
handheld). 

4)      For the REST based solution, can the application completely rely on
keycloak for the session management, after the first time the user is
authenticated? 

 

Any inputs on this will be highly valued.

 

Regards,

Siva.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160226/27339b62/attachment.html

More information about the keycloak-user mailing list