<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">- If you want to skip just Keycloak
login page, then you can possibly set the "Authenticate by
default" in the Keycloak admin console on the OpenAM identity
provider screen. This means that Keycloak won't try to show the
login screen, but immediatelly redirect to OpenAM login screen.
However in case that you're not yet logged to OpenAM, you will
still see the OpenAM login screen. So this is likely not
sufficient for you?<br>
<br>
-Option 2) Probably better for non-browser usecase, but more
complex. Keycloak has support for "direct access grants" aka.
OAuth2 "Resource Owner password credentials grant". See the OAuth2
specs for details. <br>
So you can implement your own Authenticator, which will re-send
the provided username+password to OpenAM and then if it success,
the Authenticator itself will create user to KEycloak DB (if
doesn't yet exists). You will need to create new Authentication
flow and put your Authenticator here and configure as "Direct
Grant" authenticator in Keycloak admin console. See Authentication
SPI docs for more details.<br>
<br>
This is possible just if OpenAM itself also has support for
"Resource owner password credentials grant" or something like
that, which will allow to send just REST request for validate
username+password . <br>
<br>
Maybe we should support this OOTB as it looks there are more
people asking for it...<br>
<br>
Marek<br>
<br>
On 09/08/16 22:25, Abelardo Vacca wrote:<br>
</div>
<blockquote
cite="mid:1157262288.14426508.1470774324298.JavaMail.yahoo@mail.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff;
font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande,
sans-serif;font-size:16px">
<div id="yui_3_16_0_ym19_1_1470772788542_5336"><br
id="yui_3_16_0_ym19_1_1470772788542_5337">
</div>
<div id="yui_3_16_0_ym19_1_1470772788542_5338" dir="ltr">I am
wondering if it is possible to delegate to authentication to
an identity provider, as you would on the Login Page, but
using the REST API.</div>
<div id="yui_3_16_0_ym19_1_1470772788542_4827" dir="ltr"> I've
posted to stackoverflow a few minutes ago with details and
diagrams to try to explain the best I could: <a
moz-do-not-send="true"
id="yui_3_16_0_ym19_1_1470772788542_4750" class=""
href="http://stackoverflow.com/questions/38859379/is-it-possible-to-authenticate-against-a-keycloaks-identity-provider-openam-w"><a class="moz-txt-link-freetext" href="http://stackoverflow.com/questions/38859379/is-it-possible-to-authenticate-against-a-keycloaks-identity-provider-openam-w">http://stackoverflow.com/questions/38859379/is-it-possible-to-authenticate-against-a-keycloaks-identity-provider-openam-w</a></a>
<br>
</div>
<div id="yui_3_16_0_ym19_1_1470772788542_5406" dir="ltr"><br>
</div>
<div id="yui_3_16_0_ym19_1_1470772788542_5405" dir="ltr">Please
feel free to correct any misconceptions I might have, I am new
to all these tools I am posting about (APIMAN, Keycloak and
OpenAM)<br>
</div>
<div id="yui_3_16_0_ym19_1_1470772788542_4757"><br>
</div>
<div id="yui_3_16_0_ym19_1_1470772788542_5400">Thanks,</div>
<div id="yui_3_16_0_ym19_1_1470772788542_5394">Abelardo<br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>