[keycloak-user] Keycloak integration with REST service
Jim Dillon
jdillon at redhat.com
Tue May 31 21:20:51 EDT 2016
It looks like a custom User Federation Provider in needs to be created in
order to access a REST Service for user information and an Authentication
Provider to authenticate against a REST Service.
I've looked at the example User Federation Provider that uses a static file
and the Authentication Provider examples which enforce secret question /
answer flow. I have a better understanding of what needs to be
accomplished, but I'm still quite a ways from where I need to be.
Can anyone point me in the direction of an example User Federation Provider
and / or an Authentication Provider that uses a REST Service? (Google
hasn't found any examples for me.)
Is there more documentation to be found on these subjects other than the
inline code comments, User Manual, and github based docs?
Could I possibly be making it more difficult than it is, do I simply need
to substitute http requests for file i/o in the User Federation Provider
example?
The Flow (as I understand it, please confirm / correct as needed):
1. User lands on Keycloak login page and initiates login
2. User does not exist in Keycloak
3. REST API is asked to authenticate via Authentication Provider SPI
4. User is authenticated
5. REST API is asked for user information to create user in Keycloak
(part of this process would need to decrypt the existing password and then
encrypt it using Keycloak's "default" method.)
6. User is created in Keycloak and any further authentication /
authorization logic will remain "in house"
Thank you for your time,
jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160531/637ae7b9/attachment.html
More information about the keycloak-user
mailing list