Greetings,
We started doing a proof of concept with Keycloak only 2 weeks ago. We already have a
small SPA in Vue.js with authentication using the direct grant flow.
Since we have a legacy users database, we plugged a custom UserFederationProvider
implementation.
This custom provider helped us to support these 2 cenarios:
1) Users authenticating against our legacy database.2) Users authenticating against our
CAS server. Since the user storage provider has access to user/password, our
implementation will also try to get a Service Token from our CAS server and in case of
success, it will set a a value to a custom user attribute "CAS_TOKEN" so the SPA
will have access to it and use when it's needed (links to CAS protected resources).
This works for our POC but we have a third scenario: We want to authenticate an user
coming to our resources but with a token (CAS) appended to the url. With the CAS token, we
would need to 1) validate the ticket, 2) get user identity in order to authenticate it.
But we have been studying that providers/authenticator example from Keycloak source but it
doesn't seems to be useful since we are using direct grant flow.
So can someone please give me a hint on this? Is there any other (better/cleaner) way to
do this?
Thanks in advance!
Show replies by thread