[keycloak-dev] security proxy prototype
Bill Burke
bburke at redhat.com
Tue Nov 25 15:12:54 EST 2014
On 11/25/2014 3:06 PM, Pedro Igor Silva wrote:
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: "Pedro Igor Silva" <psilva at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Tuesday, November 25, 2014 5:55:31 PM
>> Subject: Re: [keycloak-dev] security proxy prototype
>>
>> I don't see the similarity to PL HTTP Security. You use this when there
>> is no Keycloak adapter for your environment (i.e. python, ruby, etc.).
>> Take a look at our code [1] The proxy was ridiculously easy to implement
>> and used our existing Undertow authentication plugin.
>>
>> Using PL HTTP Security would be overkill, wouldn't work because the
>> servlet API isn't used by Undertow's proxy impl, and would require me to
>> write an adapter specific to the PL HTTP Security Auth SPI (which I'm
>> not convinced can handle OAuth).
>>
>> [1] https://github.com/keycloak/keycloak/tree/master/proxy
>
> From a functional perspective they are similar. From an implementation perspective, yes, they are different. PL one is based on servlet api and that is a blocker for you.
>
> I was just curious if the idea was the same. Protect paths based on certain constraints.
Again, the idea is to bring support for Keycloak IDP to environments
that don't have a Keycloak adapter. That's it. I would actually prefer
to have an Apache module, but, it would have taken me too long to brush
up on my C/C++ skills as I haven't coded in those languages in 13 years.
This is something that looked like could be implemented in a few days
(and was).
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list