Re: [keycloak-user] Protecting Hadoop UIs with Keycloak?

Hi Keycloak, I'm interested in putting together a quick POC of Keycloak as the SSO server for several Hadoop UIs. Most Hadoop UIs use an embedded Jetty server and they provide a Hadoop specific authentication plugin mechanism. See: https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-... I was hoping to find in docs or in an example on the web a non-container managed servlet filter integration that I could rework into a Hadoop AuthenticationHandler. Anyway, would I be on the right track if I... 1) Wrap the adapters below in Hadoop AuthenticationHandlers having AuthenticationHandler.authenticate call *Authenticator.authenticate keycloak/integration/adapter-core/src/main/java/org/keycloak/adapters/BasicAuthRequestAuthenticator.java keycloak/integration/adapter-core/src/main/java/org/keycloak/adapters/BearerTokenRequestAuthenticator.java 2) In those, wrap the request/response in this keycloak/integration/jetty/jetty-core/src/main/java/org/keycloak/adapters/jetty/JettyHttpFacade.java 3) Create the KeycloakDeployment via the builder with these with a keystone.js input stream from somewhere keycloak/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeployment.java keycloak/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeploymentBuilder.java What totally obvious things am I missing? Is it possible to have a container agnostic integration like this? For one I'm not seeing how the KeycloakSecurityContext attribute that JettyHttpFacade expects is setup in the Jetty adapter. Kevin.