[keycloak-dev] Proposal of using existing authentication server on behalf of keycloak browser-based authentication

Stian Thorgersen sthorger at redhat.com
Thu Jun 29 05:23:20 EDT 2017 

There's an SPI to implement your own custom identity brokering provider [1].

[1]
https://github.com/keycloak/keycloak/blob/master/server-spi-private/src/main/java/org/keycloak/broker/provider/IdentityProvider.java

On 29 June 2017 at 10:51, 乗松隆志 / NORIMATSU,TAKASHI <
takashi.norimatsu.ws at hitachi.com> wrote:

> I need to use the authentication server without OIDC/OAuth2/SAMLv2
> implementation as an external IdP,
> in order to integrate existing authentication system.
> (some commercial products supports such the case)
>
> I consulted identity broker's section in keycloak's manual below and found
> that if I use this feature the external IdP must support OIDC or SAMLv2.
> https://keycloak.gitbooks.io/documentation/server_admin/
> topics/identity-broker.html
>
> Therefore, I realized it by using redirect based authentication flows.
>
> Can identity Brokering can support such the case?
>
> Aside from this, I'd like to contribute it to Community extensions and
> examples.
>
> Best Regards
> Takashi Norimatsu
> Hitachi, Ltd.
>
> ---
> From: Stian Thorgersen [mailto:sthorger at redhat.com]
> Sent: Tuesday, June 27, 2017 5:52 PM
> To: 乗松隆志 / NORIMATSU,TAKASHI
> Cc: keycloak-dev at lists.jboss.org
> Subject: [!]Re: [keycloak-dev] Proposal of using existing authentication
> server on behalf of keycloak browser-based authentication
>
> I'm not in favour of adding this. If it's using redirect based
> authentication flows it should be done through identity brokering, not
> authentication flows. It's also a very complex example that we don't want
> to maintain. We've also in the process of moving all examples away from the
> main Keycloak repository into a separate quickstart repository.
>
> On 27 June 2017 at 08:54, 乗松隆志 / NORIMATSU,TAKASHI <
> takashi.norimatsu.ws at hitachi.com> wrote:
> Hello.
>
> Previously, I had proposed the feature of delegating authentication to an
> external authentication server on behalf of keycloak's browser-based
> authentication mechanism.
>
> I've integrated this feature to keycloak's "examples" packages and send PR
> (https://github.com/keycloak/keycloak/pull/4260).
> Hope this PR is reviewed and merged as an example for combining some
> providers to customize keycloak.
>
> Detailed description of this feature is mentioned below.
> https://github.com/Hitachi/PoV-keycloak-authentication-delegation
>
> I am now engaging in integrating this feature to keycloak as product-base
> default providers, but encounter technical problems about writing
> arquillian. Would someone tell me how to resolve this problem?
>
> [Problem]
> - I could not find how to run an external authentication
> server(application running on wildfly 10) during each arquillian test cases.
>
> After resolving this problem and writing and running arquillian test
> cases, I'll send PR for this feature as product-base default providers.
>
> Best Regards
> Takashi Norimatsu
> Hitachi, Ltd.
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

More information about the keycloak-dev mailing list