[keycloak-dev] Keycloak Intergration
Bill Burke
bburke at redhat.com
Thu Sep 25 09:32:32 EDT 2014
Sagar, I'm moving this to keycloak-dev list. See comments inline
On 9/25/2014 6:53 AM, Sagar Zond wrote:
> Hi,
>
> We are planning to use KeyClock for OAuth authorization server for our
> API platform. Our understanding to KeyClock and OAuth is not very clear
> so need your help to properly utilize KeyClock features.
>
> Just to introduce our self, we are a start-up firm and creating products
> for Health care domain. In our architecture we will have multiple Rest
> API servers and multiple types of client like mobile, web and publicly
> expose API. KeyCloak can be used as authentication and authorization
> server. We have already gone through most of KeyCloak tutorials.
>
> Here are few points of which we need answer -
>
> 1. API platform will be registered as application server on KeyClock and
> clients (mobile app, web app or other app) will be authorized by
> keyclock as per defined role. Is this a proper use case of KeyClock ?
>
You'll have to elaborate. I don't know exactly what you are saying.
Your REST API server would be registered as a Keycloak "Application".
You can define roles per "Application" or at the Realm level (global roles).
> 2. How do we integrate OAuth into mobile app ? Where can we write token
> refresh logic?
>
You can start off by defining an public "OAuth Client" per mobile app.
You can use the direct grant REST API to obtain a token, or, use mobile
redirects to login through the mobile's browser. I believe the Aerogear
project is doing some work around Keycloak IOS and Android clients, but
you'd have to ping them.
> 3. How we can add more fields in session? e.g. if we want to add more
> token in header which may contain some extra application specific
> encrypted data.
>
Not sure what you mean. We don't have a nice way of adding claims to
the token at the moment.
> 4. We are currently using OpenDS Ldap for authentication and we already
> have number of registered users which currently using API. So we need
> Keyclock to be configured for OpenDS, so please suggested how to
> integrate OpenDS with KeyClock.
>
We have LDAP integration:
http://docs.jboss.org/keycloak/docs/1.0.1.Final/userguide/html/user_federation.html#d4e1263
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list