[keycloak-dev] security proxy prototype

[Pedro Igor Silva]

Ok. Got it now.

----- Original Message -----
From: "Bill Burke" <bburke at redhat.com>
To: "Pedro Igor Silva" <psilva at redhat.com>
Cc: keycloak-dev at lists.jboss.org
Sent: Tuesday, November 25, 2014 6:12:54 PM
Subject: Re: [keycloak-dev] security proxy prototype



On 11/25/2014 3:06 PM, Pedro Igor Silva wrote:
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: "Pedro Igor Silva" <psilva at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Tuesday, November 25, 2014 5:55:31 PM
>> Subject: Re: [keycloak-dev] security proxy prototype
>>
>> I don't see the similarity to PL HTTP Security.  You use this when there
>> is no Keycloak adapter for your environment (i.e. python, ruby, etc.).
>> Take a look at our code [1] The proxy was ridiculously easy to implement
>> and used our existing Undertow authentication plugin.
>>
>> Using PL HTTP Security would be overkill, wouldn't work because the
>> servlet API isn't used by Undertow's proxy impl, and would require me to
>> write an adapter specific to the PL HTTP Security Auth SPI (which I'm
>> not convinced can handle OAuth).
>>
>> [1] https://github.com/keycloak/keycloak/tree/master/proxy
>
>  From a functional perspective they are similar. From an implementation perspective, yes, they are different. PL one is based on servlet api and that is a blocker for you.
>
> I was just curious if the idea was the same. Protect paths based on certain constraints.

Again, the idea is to bring support for Keycloak IDP to environments 
that don't have a Keycloak adapter.  That's it.  I would actually prefer 
to have an Apache module, but, it would have taken me too long to brush 
up on my C/C++ skills as I haven't coded in those languages in 13 years. 
  This is something that looked like could be implemented in a few days 
(and was).



-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com