4:21 a.m.
Hello!
We have implemented an JEE application on EAP 7 with three layers (UI
(OpenUI5), REST API, EJB layer) and are using keycloak adapters and
keycloak server in our local environment. This setup works fine so far
with security context in all layers.
But now we have to deploy the application to a different environment and
must connect to a NetIQ identity server via OpenId, but the keycloak
adapter uses its own specific URL pattern, etc.
I cannot find any documentation how to configure EAP to allow
authentication with other identity managers than keycloak or JBoss SSO.
For OAuth Picktlink documentation also points to the keylcoak project.
Can anyone help?
Thanks,
Michael
9:56 a.m.
Hello Michael,
Unfortunately, Keycloak OpenID Connect adapter is not compatible with generic OIDC
providers (on the contrary to SAML adapter). Please check out these threads [1] [2].
Basically, you have two options: to hack on KeycloakConfigResolver, or to deploy an
intermediary Keycloak with brokering to NetIQ. The former is risky and not guaranteed to
work at all, while the latter should work for sure (at the price of increased maintenance
costs).
[1] https://lists.jboss.org/pipermail/keycloak-user/2018-November/016193.html
[2] http://lists.jboss.org/pipermail/keycloak-dev/2018-November/011378.html
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Wed, 2019-02-06 at 11:21 +0100, Michael Gulitz wrote:
Hello!
We have implemented an JEE application on EAP 7 with three layers (UI
(OpenUI5), REST API, EJB layer) and are using keycloak adapters and
keycloak server in our local environment. This setup works fine so far
with security context in all layers.
But now we have to deploy the application to a different environment and
must connect to a NetIQ identity server via OpenId, but the keycloak
adapter uses its own specific URL pattern, etc.
I cannot find any documentation how to configure EAP to allow
authentication with other identity managers than keycloak or JBoss SSO.
For OAuth Picktlink documentation also points to the keylcoak project.
Can anyone help?
Thanks,
Michael
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2164
days inactive
2164
days old
1 comments
2 participants
participants (2)
-
Dmitry Telegin -
Michael Gulitz