Re: [keycloak-user] Login a Java Fat Client with Windows Kerberos Token agains Keycloak backed by AD?
It's not yet supported OOTB. There is already JIRA opened for the long
time. Feel free to add a vote :)
However it should be already possible to implement it if you write
custom authenticator and put it into the "Direct Grant Flow"
authentication flow for the realm. Then your Java Fat Client will be
able to send the token in the "Authorization: Negotiate token" header
and your authenticator can then authenticate this request. Feel free to
send PR if you manage to have it working.
See our docs and examples for Authentication SPI for more details.
Marek
On 07/06/17 15:13, Malte Finsterwalder wrote:
Hi,
I have the following setup:
I'm programming a Java Fat Client application. I want to integrate it into
SSO with Keycloak.
Our Keycloak is connected to our Windows Active Directory (AD).
So my idea is, that my Fat Client uses the Windows 7 Kerberos Token and
sends that to Keycloak. Keycloak should authorize the token agains the AD
and send back an authorization token to the Fat Client, so I can later use
this Keycloak token to access other Rest-Services.
Fat Client (with Kerberos Token) -> Keycloak -> AD
Fat Client (with Keycloak Token) -> REST-Service
I can't find anything in the documentation regarding this szenario.
Is this possible? And if so, how?
Greetings,
Malte
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user