9:29 a.m.
What you describe would work only if you treat Keycloak solely as an
identity store and wrote a login module that uses Keycloak admin
interface to obtain principal and role mapping information. Then there
is the issue of getting the Kerberos server and Keycloak using the same
user database. Then for this particular idea, you start to wonder if
using Keycloak is any benefit.
On 10/11/2014 9:54 AM, prab rrrr wrote:
Wildfly makes a number of login modules available as a part of the
Security sub system that include SPNEGO (see the link below). Since
Keycloak supports defining new Realms, if you can provide some hooks to
map the newly defined Realms to the Security sub system, I think it
would address the issue. Picketlink examples shed some light on how it
can be done.
https://docs.jboss.org/author/display/WFLY8/Security+subsystem+configuration
On Saturday, October 11, 2014 8:53 AM, Bill Burke <bburke(a)redhat.com> wrote:
Kerberos is on our roadmap as there's some other Red Hat kerberos
products we need to integrate wit. I don't understand Kerberos deep
enough yet to know exactly what or how we would do it. My current
thought that the Keycloak auth server would be a secured Kerberos
service and become a bridge between kerberos and SAML or OpenID Connect.
On 10/10/2014 5:24 PM, Raghuram wrote:
> Can I put in an enhancement request for at least some hooks as I am
not sure how a custom federation provider could be written for SPNEGO
negotiation. This feature will be useful for all organizations that
invested in Kerberos infrastructure.
>
>> On Oct 10, 2014, at 5:11 PM, Bill Burke <bburke(a)redhat.com
<mailto:bburke@redhat.com>> wrote:
>>
>> we don't support kerberos.
>>
>>> On 10/10/2014 5:06 PM, Raghuram wrote:
>>>
>>>> Has anyone tried out SPNEGO (Kerberos) authentication with key cloak
>>>> 1.0.2? If so, appreciate any input on how it can be achieved?
>>>
>>> Sent from my iPhone
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com/
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com/
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com