[keycloak-user] question on integration in a mixed environment

Istvan Orban istvan.orban at gmail.com
Tue Jan 10 06:27:57 EST 2017


I am in the middle of setting up SSO in our infrastructure and I am
wondering if people would more experience could share their learnings.

I already have a reverse-proxy in-front of our system.
We have several legacy java apps running on tomcat
We have SPA apps as well written in JS
We have few APIs that will also need to be protected
I have two ways to set SSO up for us.

set up SSO on the reverse proxy using mod_auth_openidc so our gatekeeper
makes sure that anyone who is hitting our services is already validated.
add a keycloak libs to each individual service
My preference is to set this up on the referse proxy.

Are there any disadvantages / best practices when it comes to this?

For legacy apps I would just use the HTTP headers added by the reverse
proxy to find user details For the new apps I would like to use the
keycloak libs to get user details.

I do not want to go down some routes which is obviously problematic. So Any
tips so that I can save some time are very welcome.

-- 
Kind Regards,

*----------------------------------------------------------------------------------------------------------------*
*Istvan Orban* *I *Skype: istvan_o *I *Mobile: +44 (0) 7956 122 144 *I  *


More information about the keycloak-user mailing list