<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:#1F4E79;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:2127003344;
mso-list-type:hybrid;
mso-list-template-ids:172684150 201916433 201916441 201916443 201916431 201916441 201916443 201916431 201916441 201916443;}
@list l0:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-AU link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='color:#1F4E79'>Hi Experts,<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F4E79'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F4E79'>I’ve got scenario, seeking your valuable inputs to take this in right direction.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F4E79'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F4E79'>My application is complete server side solution which has 6 different modules and it expose only the REST(Microservices) end points(5 modules are hosted in tomcat 8 container and 1 is hosted in Apache Karaf [OSGI bundle] ) to the external world ; which will be accessed by different enterprise and they need to integrate their SAML 2.0 IDP for authentication. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F4E79'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F4E79'>These Microservices end points could be integrated with their existing portals or could be integrated with their existing mobile app applications, in some scenario’s it could be an exclusive client application built to consume our REST end points which could potentially be a browser based and Mobile app.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F4E79'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F4E79'>The challenge here is, for now we could use only SAML 2.0 based authentication since not all the organizations support OIDC/OAuth2.0 and as well our application could be flexible enough to be integrated with the existing client portals which uses SAML 2.0 authentication.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F4E79'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F4E79'>We are planning to use keycloak as IDP broker to secure our endpoints.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F4E79'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F4E79'>Questions :<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F4E79'><o:p> </o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='color:#1F4E79'><span style='mso-list:Ignore'>1)<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='color:#1F4E79'>Can this be achieved in keycloak? If yes, could you please provide some inputs on architectural directions in keycloak; like should all the modules need to be configured under 1 relam and need to have a separate brokering relam?<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='color:#1F4E79'><span style='mso-list:Ignore'>2)<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='color:#1F4E79'>Does keycloak support Apache karaf container? I couldn’t find any adapter for this under SAML adapter category.<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='color:#1F4E79'><span style='mso-list:Ignore'>3)<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='color:#1F4E79'>For REST style endpoints, how should the user credential/Token details need to shared? Any example links? kerberos is not a complete solution here, since it need to work on all the devices(Desktop,Laptop & handheld). <o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='color:#1F4E79'><span style='mso-list:Ignore'>4)<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='color:#1F4E79'>For the REST based solution, can the application completely rely on keycloak for the session management, after the first time the user is authenticated? <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F4E79'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F4E79'>Any inputs on this will be highly valued.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F4E79'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F4E79;mso-fareast-language:EN-AU'>Regards,<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F4E79;mso-fareast-language:EN-AU'>Siva.<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>