[keycloak-user] Discourse SSO with Keycloak

Bill Burke bburke at redhat.com
Sun Mar 8 14:31:48 EDT 2015 

Keycloak supports SAML and OpenID Connect concurrently.  It could do the 
same for Discourse's protocol.  I didn't see how they handled rest 
invocations though.

On 3/8/2015 2:19 PM, Dean Peterson wrote:
> I do not want to replace what I currently have though.  I use
> Keycloak.js to include security in my own AngularJS client side
> applications and those communicate with REST services in a separate
> Wildfly server secured with Keycloak using the wildfly adapter.  I want
> to add Discourse as a third party messaging application and want to
> integrate it with my existing security.  I just wanted to be sure there
> wasn't something, feature wise, in Keycloak I might be able to
> leverage.  I will probably just make a REST endpoint in my Wildfly
> server that gets the already logged in user information and create the
> necessary sso response Discourse is looking for.  It will be more
> complicated if users are not currently logged into my application and
> they try to go directly to the Discourse portion of the site.  I will
> have to redirect the user somehow to the keycloak login page, then when
> that flow ends remember where they were in the Discourse flow of
> things.  I just hate having to maintain security code though and that is
> why I went with Keycloak in the first place.  I wonder how Auth0 did it:
> https://meta.discourse.org/t/auth0-single-sign-on-for-enterprise-and-support-for-20-social-providers/12713
>
> On Sun, Mar 8, 2015 at 11:31 AM, Dean Peterson <peterson.dean at gmail.com
> <mailto:peterson.dean at gmail.com>> wrote:
>
>     Is there a best practice when it comes to adding hooks to Keycloak
>     for integrating with software that let's you replace their security
>     with Keycloak security?  For example, Discourse provides this guide:
>     https://meta.discourse.org/t/official-single-sign-on-for-discourse/13045.
>     It assumes the user is using their own home grown security where
>     they can easily intercept redirects.  Is there a mechanism in
>     Keycloak that allows end users to more easily implement the solution
>     they describe in that guide?  I realize you don't have time to give
>     me a solution.  Can you just nudge me in the right direction?
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-user mailing list