Hello
First, let me introduce myself (I've subscribed to keycloak-dev list
just recently). I'm Grzegorz Grzybek and I'm contributing to both
Apache Karaf (and JBoss Fuse) and ops4j PAX-WEB project.
"Keycloak OSGi adapter" (GA = org.keycloak:keycloak-osgi-adapter)
indeed has some Fuse specific features. Or rather pax-web specific
features.
It uses org.ops4j.pax.web.service.WebContainer OSGi service to
register "something more" than what's possible to register using plain
org.osgi.service.http.HttpService.
In fact, org.ops4j.pax.web.service.WebContainer simply extends
org.osgi.service.http.HttpService adding methods to register filters,
listeners, login configurations security constraints, etc.
So org.ops4j.pax.web.service.WebContainer allows you to directly
register what's possible with WEB-INF/web.xml elements.
I never used Felix' http service (because Karaf uses pax-web), so I'm
not sure how keycloak works with plain OSGi http service.
I think, for sling integration you should not use
org.keycloak:keycloak-osgi-adapter, but
org.keycloak:keycloak-servlet-filter-adapter.
best regards
Grzegorz Grzybek
2018-06-12 21:59 GMT+02:00 Dmitry Telegin <dt(a)acutus.pro>:
Hi,
Together with Ioan Eugen Stan (in CC) we'll be doing a talk at
adaptTo()'2018 conference [1] that will take place 12-13 September in
Potsdam, Germany. It's an event dedicated to Apache Sling and
everything around it. The talk will be titled "Modern authentication in
Sling with OpenID Connect and Keycloak".
As you might guess, we're going to present Sling + Keycloak integration
which I hope we'll manage to implement by the time of the conference :)
that said, we welcome any thoughts that might help us with that.
Now for technical details, Sling is an OSGi-based content-oriented web
framework that runs on top of Apache Felix and uses Felix HTTP Service.
I've examined Keycloak OSGi adapter and found its name a bit confusing;
seems like it's only suitable for JBoss Fuse, depending on Pax Web
(correct me if I'm wrong).
Right now I see two scenarios, the first is to take current OSGi
adapter and adapt it (sorry for tautology) to Felix HTTP Service; the
second is to use the existing servlet filter adapter. I'd say I would
prefer the second variant, as it's more straightforward. Felix and
Sling have a proven and well-documented support for servlet filters,
however, we'll have to solve the problems of packaging for OSGi, filter
registration, configuration and more deep integration with Sling's
security framework.
Also please let us know if you consider our (future) code worth being
contributed to Keycloak codebase. Most likely, the deliverables will
include 1) servlet filter adapter packaged as OSGi bundle, 2) the Sling
adapter proper.
Cheers and hope to hear from you,
Dmitry
[1]
https://adapt.to/2018/en/schedule/modern-authentication-in-sling-wi
th-openid-connect-and-keycloak.html
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev