Re: [keycloak-user] Integrating WildFly JavaEE application with Keyclock

Hi, I don’t know, we have not been focusing on the war as I suspected that would work out of the box. (We have other standalone war deployments which are working). Maybe someone else can comment? In any case, our main issue has been around the remote ejb authentication / authorization issues. Is anyone on the user group successfully using EAR + remote EJB module(s) and willing to share solution (including the WildFly domain/standalone.xml settings for JAAS / …) Best regards, Jeroen Muis, Copas B.V. From: valsaraj pv [mailto:valsarajpv@gmail.com] Sent: Thursday, 8 February 2018 12:28 To: Jeroen Muis <j.muis(a)copas.nl&gt; Cc: keycloak-user(a)lists.jboss.org Subject: RE: [keycloak-user] Integrating WildFly JavaEE application with Keyclock We have ear with war and ejb jar. So what option is better and working to integrate keycloak? If we use keycloak login module, will this set cookies? I wonder how sso will work in this case. On 08-Feb-2018 3:58 PM, "Jeroen Muis" <j.muis@copas.nl<mailto:j.muis@copas.nl>> wrote: Hi, We are very much interested in this as well, and had some tests done based on the work of Marek Posolda https://github.com/mposolda/keycloak-remote-ejb This poc is based on direct access grants so no redirects are required. This seems to work just fine when having a ejb module, but when packaging this inside an EAR we don't seem to be able to get this working any longer. Not sure why yet, as we did not have enough time to fully debug this. Our EAR consists of several ejb modules, wars, etc. Best regards, Jeroen Muis, Copas B.V. -----Original Message----- From: keycloak-user-bounces@lists.jboss.org<mailto:keycloak-user-bounces@lists.jboss.org> [mailto:keycloak-user-bounces@lists.jboss.org<mailto:keycloak-user-bounces@lists.jboss.org>] On Behalf Of valsaraj pv Sent: Thursday, 8 February 2018 10:22 To: keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> Subject: [keycloak-user] Integrating WildFly JavaEE application with Keyclock Hi, Currently our JavaEE application with servlets, EJB, remote EJB & HornetQ messaging using JAAS login module with LDAP back end. I am trying to integrate Keyclock with our WildFly 10.1 server for using identity provider & SSO. *Source LDAP/DB Sync* Found that Keycloak supports LDAP sync & we can sync existing user data periofically to Keyclock. Is it possiblr to sync from multiple user data stores as we have to integrate multiple JavaEE web apps? *JAAS custom login module for Keyclock* Currently we are using JAAS custom login module for authentication/authorization. Is it possible to user the same or similar login module with Keyclock? We need to avoid redirection to Keyclock login page. If redirection is must, is there any sample to migrate from JAAS to Keyclock realm? Thanks! -- Life is like this: "Just when we get all the answers of life.... God changes the question paper.... Valsaraj Viswanathan _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user