[keycloak-user] Custom Identity Brokering for a CAS Server
Meissa M'baye Sakho
msakho at redhat.com
Wed Aug 15 14:28:04 EDT 2018
Erlend,
At least, you could give inputs if you are not allowed to publish.
2018-08-14 13:00 GMT+02:00 Erlend Hamnaberg <erlend at hamnaberg.net>:
> I have done this for my client.
>
> It is quite possible to do, however it is not trivial.
> Not sure if I'm allowed to publish the source for the integration, but I
> will ask.
>
>
> /Erlend
>
> On Tue, Aug 14, 2018 at 12:07 PM, Rémy Grünblatt <remy at grunblatt.org>
> wrote:
>
>> Hi,
>>
>> This adds a client protocol, what we are searching for is the other way
>> around (use the CAS as a provider).
>>
>> Thanks,
>> Rémy
>>
>> Le 14 août 2018 11:51:41 GMT+02:00, Meissa M'baye Sakho <
>> msakho at redhat.com> a écrit :
>> >Remy,
>> >take a look at this [1]
>> > [1] =https://github.com/Doccrazy/keycloak-protocol-cas
>> >
>> >Meissa
>> >
>> >2018-08-14 11:25 GMT+02:00 Rémy Grünblatt <remy at grunblatt.org>:
>> >
>> >> Hello,
>> >>
>> >> We would like to have a Keycloak server use data from a legacy auth
>> >> system (namely, a CAS server,
>> >> https://en.wikipedia.org/wiki/Central_Authentication_Service ) to
>> >> authenticate people. We do not have admin rights on the CAS server,
>> >nor
>> >> we are able to access the underlying ldap database it uses
>> >internally.
>> >>
>> >> People would be able to have « pure » keycloak accounts (new users),
>> >but
>> >> also link their identity from the CAS or use the CAS to identify, and
>> >> create an account the first time they do so.
>> >>
>> >> I tried to find documentation to develop our own identity provider
>> >(as
>> >> Keycloak only has an social, oidc, and saml providers), but I find it
>> >> difficult to guess what are the interfaces we need to implement.
>> >>
>> >> Right now, this is what I have:
>> >https://github.com/Reventl0v/KeycloakCAS
>> >>
>> >>
>> >> So, questions:
>> >>
>> >> - Is there somewhere listing everything we need to implement beside
>> >> looking at the code of keycloak?
>> >> - Is there online some custom provider example code for something
>> >that
>> >> is not talking oidc, saml, or is a social provider?
>> >> - Do you think it's a good idea to create such a provider?
>> >>
>> >>
>> >> I found
>> >>
>> >http://lists.jboss.org/pipermail/keycloak-user/2017-October/012100.html
>> >> but I have no news about the result of this enterprise: Dominik (can
>> >I
>> >> call you Dominik?), did you manage to achieve this goal?
>> >>
>> >> Many thanks,
>> >>
>> >> Rémy
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> keycloak-user mailing list
>> >> keycloak-user at lists.jboss.org
>> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>> --
>> Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser
>> ma brièveté.
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
More information about the keycloak-user
mailing list