[teiid-issues] [JBoss JIRA] (TEIIDSB-34) Support Keycloak based OAuth authentication for OData
Ramesh Reddy (Jira)
issues at jboss.org
Wed Feb 20 19:55:00 EST 2019
[ https://issues.jboss.org/browse/TEIIDSB-34?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ramesh Reddy resolved TEIIDSB-34.
---------------------------------
Resolution: Done
There were more than few things that were wrong in the previous commit.
* The security-context was being created, but wrongfully assumed it was being associated with the current thread during the 'createSession' call.
* Subject with Role names was being built wrong order than Teiid expects. Fixed that.
* Since we are using "spring-security", give the security help a new security-domain name and use that elsewhere such that that will be used. Note that, in the container world, since we are using single VDB per container VDB level security domain is not workable. Maybe we should ignore this during the migration of the .vdb to .DDL if one is set.
* Also using correct baseName if security-context is available during the Teiid's createSession call.
* The authentication order in Web Interceptors was wrong. The auth filter needs to come before the odata filter.
> Support Keycloak based OAuth authentication for OData
> -----------------------------------------------------
>
> Key: TEIIDSB-34
> URL: https://issues.jboss.org/browse/TEIIDSB-34
> Project: Teiid Spring Boot
> Issue Type: Feature Request
> Components: OData
> Reporter: Ramesh Reddy
> Assignee: Ramesh Reddy
> Priority: Major
> Fix For: 1.0.3
>
>
> Provide Keycloak based oAuth2 authentication on top of OData API. This needs to be an optional feature either exposed through a flag or starter project in the pom.xml file.
> The scope in the OAuth needs to be used as the roles in the Teiid (this is how legacy Teiid mapped)
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the teiid-issues
mailing list