[jboss-jira] [JBoss JIRA] (ELY-19) OAuth Broker Security Realm
Pedro Igor (JIRA)
issues at jboss.org
Fri Jul 1 09:58:00 EDT 2016
[ https://issues.jboss.org/browse/ELY-19?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13260574#comment-13260574 ]
Pedro Igor commented on ELY-19:
-------------------------------
Keycloak subsystem does not provide the necessary means to get access to its repository. For that, we would need to implement a SecurityRealm based on Keycloak Admin Client which basically provides an API to access the Keycloak Administration RESTful API (based on RESTeasy Client API).
Even if we use Keycloak Admin Client, we won't be able to support authentication because credentials are not returned by the Admin RESTful API (for obvious reasons).
There are other ways to authenticate users though, but that would require some additional configurations to a realm in Keycloak, such as enable resource owner password grant type to a client.
The resource owner password grant type is suitable when the client is highly trusted. The reason for that is that user's credentials are shared with the client. However, for this particular case, specially CLI access, I think we can say that we have a highly trusted client. So that could be an option to implement the security realm.
Considering all that, do you want me to start implementing it ? May I change the title of this issue to 'Introduce a Keycloak Security Realm' ?
> OAuth Broker Security Realm
> ---------------------------
>
> Key: ELY-19
> URL: https://issues.jboss.org/browse/ELY-19
> Project: WildFly Elytron
> Issue Type: Sub-task
> Reporter: Darran Lofthouse
> Assignee: Pedro Igor
> Fix For: 1.1.0.Beta7
>
>
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list