[keycloak-user] Application to application: could Keycloak implement this?
Tech
tech at psynd.net
Tue Jul 4 12:42:40 EDT 2017
Dear experts,
I want to bring you this use case to understand if you might be able to
support me.
Our architecture is based in java, where we might have two kind of clients:
* Fat java clients
* Browsers
Application servers with:
* Web containers performing local and remote EJB calls + remote WS calls
* EJB container performing local and remote EJB calls + remote WS calls
* A remote EJB server performing local and remote EJB calls + remote
WS calls
* Ws implemeting SOAP or REST
* Server SSO able to protect what described above
The goal is to allow the clients (thin and fat) to authenticate on the
SSO server and to propagate the user identity on these requests:
* Fat client authenticated -> EJB secure -> WS secure
* Browser authenticated -> Web container -> EJB secure -> WS secure
The solution could use a secure token OAuth, OIDC or SAML.
The token propagation should be based on standards JAAS and WS-Security.
We saw that is possible to implement something similar in some SAML
Login Modules on JBoss Enterprise server, but we are not finding
anything equivalent in Keycloak.
We cannot neither find, for example, not neither for a STS server, that
are the required elements to transform this kind of tokens.
Did anybody faced a similar experience?
Thanks for your support!
More information about the keycloak-user
mailing list