[
https://issues.jboss.org/browse/ELY-19?page=com.atlassian.jira.plugin.sys...
]
Pedro Igor edited comment on ELY-19 at 7/1/16 9:59 AM:
-------------------------------------------------------
Keycloak subsystem does not provide the necessary means to get access to its repository.
For that, we would need to implement a SecurityRealm based on Keycloak Admin Client which
basically provides an API to access the Keycloak Administration RESTful API (based on
RESTeasy Client API).
The Admin RESTful API does not return user credentials when querying an user (for obvious
reasons). There are other ways to authenticate users though, but that would require some
additional configurations to a realm in Keycloak, such as enable resource owner password
grant type to a client.
The resource owner password grant type is suitable when the client is highly trusted. The
reason for that is that user's credentials are shared with the client. However, for
this particular case, specially CLI access, I think we can say that we have a highly
trusted client. So that could be an option to implement the security realm.
Considering all that, do you want me to start implementing it ? May I change the title of
this issue to 'Introduce a Keycloak Security Realm' ?
was (Author: pcraveiro):
Keycloak subsystem does not provide the necessary means to get access to its repository.
For that, we would need to implement a SecurityRealm based on Keycloak Admin Client which
basically provides an API to access the Keycloak Administration RESTful API (based on
RESTeasy Client API).
Even if we use Keycloak Admin Client, we won't be able to support authentication
because credentials are not returned by the Admin RESTful API (for obvious reasons).
There are other ways to authenticate users though, but that would require some additional
configurations to a realm in Keycloak, such as enable resource owner password grant type
to a client.
The resource owner password grant type is suitable when the client is highly trusted. The
reason for that is that user's credentials are shared with the client. However, for
this particular case, specially CLI access, I think we can say that we have a highly
trusted client. So that could be an option to implement the security realm.
Considering all that, do you want me to start implementing it ? May I change the title of
this issue to 'Introduce a Keycloak Security Realm' ?
OAuth Broker Security Realm
---------------------------
Key: ELY-19
URL:
https://issues.jboss.org/browse/ELY-19
Project: WildFly Elytron
Issue Type: Sub-task
Reporter: Darran Lofthouse
Assignee: Pedro Igor
Fix For: 1.1.0.Beta7
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)