Re: [keycloak-dev] Openshift Identity Provider for KeyCloak
redirect_uri is part of the OAuth spec, so it should. Without a
redirect URI, the IDP is supposed to abort authentication as this URI is
validated. You don't want to deliver an access code to a rogue URL.
On 2/15/17 6:38 AM, Bartosz Majsak wrote:
OpenShift should authenticate against Keycloak (or another IdP) at
least
for on-prem installations.
This is intended primarily for OSO I believe.
For OpenShift Online I see a use-case for this, but in that case can it not
just use the OIDC provider?
One issue I can already point out is that when using OIDC provider
authorization URL created by an AbstractOAuth2IdentityProvider will result
in bad request from OpenShift OAuth server, as it doesn’t accept
redirect_uri as a valid request parameter. At least when tested against
minishift.
On Wed, Feb 15, 2017 at 12:29 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
> Not sure to be honest. Strictly speaking it should be the other way
> around. OpenShift should authenticate against Keycloak (or another IdP) at
> least for on-prem installations. For OpenShift Online I see a use-case for
> this, but in that case can it not just use the OIDC provider?
>
> On 15 February 2017 at 02:46, Bartosz Majsak <bartosz(a)redhat.com> wrote:
>
>> Hi,
>>
>> I've implemented Openshift Identity Provider for KeyCloak [1]. Would you
>> be
>> interested in getting it upstream?
>>
>> Cheers,
>> Bartosz.
>>
>> [1] https://github.com/bartoszmajsak/keycloak-openshift-identity-provider
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev