Re: [Apiman-user] Replacing Keycloak

Hello, I am trying to use Ping Federate for both login and for the API restrictions. I understand that integrating into Ping Federate might not be trivial and might require some hacking into the APIMan code. I have created a sample java app that does the SP initiated login for ping federate that works. However with APIMan I am lost as to where to start ... I tried to look at the apiman-plugin-keycloak-oauth-policy to see but I suspect that it will take me some time to trace through it and figured that people working on the product might be able to get me started quicker. In short, happy to help hack on the code but will need the touch points. I assume there is some code somewhere that checks if the token already exists and if not then generates the auth request, gets the access code, validates the code and generates the token? Regards, Amit Joshi -----Original Message----- From: Eric Wittmann [mailto:eric.wittmann@redhat.com] Sent: Monday, January 25, 2016 3:37 PM To: Amit Joshi; apiman-user(a)lists.jboss.org Subject: Re: [Apiman-user] Replacing Keycloak Hi Amit. To be clear, you are trying to replace Keycloak as the authentication mechanism for logging into the apiman UI, correct? I can't say I know how to configure a web application to use pingfederate for authenticaiton (never done that before). But I can tell you that it's likely that you will not be able to use the settings in standalone-apiman.xml because those are configuration settings for the keycloak auth client adapter. The client adapter is the keycloak specific client that handles authentication redirects to the auth server. I *assume* this adapter is keycloak-specific. In order to get pingfederate working I must assume that they (pingfederate) have some documentation for how to configure a java web application for authentication. Sadly their documentation server seems to be broken at the moment. I'll warn you that, while I'm sure using pingfederate is *possible*, it is probably not trivial. You may need to contribute some code to apiman in order to enable support in the UI, for example. If hacking some code is not a daunting prospect then I'd be happy to help point you in the direction of all the authentication touch points... -Eric On 1/25/2016 3:18 PM, Amit Joshi wrote: ________________________________ This e-mail, including accompanying communications and attachments, is strictly confidential and only for the intended recipient. Any retention, use or disclosure not expressly authorised by Markit is prohibited. This email is subject to all waivers and other terms at the following link: http://www.markit.com/en/about/legal/email-disclaimer.page Please visit http://www.markit.com/en/about/contact/contact-us.page for contact information on our offices worldwide.