<div dir="ltr">I do not want to replace what I currently have though. I use Keycloak.js to include security in my own AngularJS client side applications and those communicate with REST services in a separate Wildfly server secured with Keycloak using the wildfly adapter. I want to add Discourse as a third party messaging application and want to integrate it with my existing security. I just wanted to be sure there wasn't something, feature wise, in Keycloak I might be able to leverage. I will probably just make a REST endpoint in my Wildfly server that gets the already logged in user information and create the necessary sso response Discourse is looking for. It will be more complicated if users are not currently logged into my application and they try to go directly to the Discourse portion of the site. I will have to redirect the user somehow to the keycloak login page, then when that flow ends remember where they were in the Discourse flow of things. I just hate having to maintain security code though and that is why I went with Keycloak in the first place. I wonder how Auth0 did it: <a href="https://meta.discourse.org/t/auth0-single-sign-on-for-enterprise-and-support-for-20-social-providers/12713">https://meta.discourse.org/t/auth0-single-sign-on-for-enterprise-and-support-for-20-social-providers/12713</a></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Mar 8, 2015 at 11:31 AM, Dean Peterson <span dir="ltr"><<a href="mailto:peterson.dean@gmail.com" target="_blank">peterson.dean@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Is there a best practice when it comes to adding hooks to Keycloak for integrating with software that let's you replace their security with Keycloak security? For example, Discourse provides this guide: <a href="https://meta.discourse.org/t/official-single-sign-on-for-discourse/13045" target="_blank">https://meta.discourse.org/t/official-single-sign-on-for-discourse/13045</a>. It assumes the user is using their own home grown security where they can easily intercept redirects. Is there a mechanism in Keycloak that allows end users to more easily implement the solution they describe in that guide? I realize you don't have time to give me a solution. Can you just nudge me in the right direction? </div>
</blockquote></div><br></div>