Ok. Got it now.
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: "Pedro Igor Silva" <psilva(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Tuesday, November 25, 2014 6:12:54 PM
Subject: Re: [keycloak-dev] security proxy prototype
On 11/25/2014 3:06 PM, Pedro Igor Silva wrote:
----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com>
> To: "Pedro Igor Silva" <psilva(a)redhat.com>
> Cc: keycloak-dev(a)lists.jboss.org
> Sent: Tuesday, November 25, 2014 5:55:31 PM
> Subject: Re: [keycloak-dev] security proxy prototype
>
> I don't see the similarity to PL HTTP Security. You use this when there
> is no Keycloak adapter for your environment (i.e. python, ruby, etc.).
> Take a look at our code [1] The proxy was ridiculously easy to implement
> and used our existing Undertow authentication plugin.
>
> Using PL HTTP Security would be overkill, wouldn't work because the
> servlet API isn't used by Undertow's proxy impl, and would require me to
> write an adapter specific to the PL HTTP Security Auth SPI (which I'm
> not convinced can handle OAuth).
>
> [1]
https://github.com/keycloak/keycloak/tree/master/proxy
From a functional perspective they are similar. From an implementation perspective, yes,
they are different. PL one is based on servlet api and that is a blocker for you.
I was just curious if the idea was the same. Protect paths based on certain constraints.
Again, the idea is to bring support for Keycloak IDP to environments
that don't have a Keycloak adapter. That's it. I would actually prefer
to have an Apache module, but, it would have taken me too long to brush
up on my C/C++ skills as I haven't coded in those languages in 13 years.
This is something that looked like could be implemented in a few days
(and was).
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com