[keycloak-user] servlet filter and roles

Simon Gordon dev at sgordon.totalise.co.uk
Tue Mar 22 04:33:36 EDT 2016


My client applications (some SAML, some OIDC) are all running within Tomcat 
7 on OpenShift. Since the Keycloak Tomcat adapter is a Valve, the jar needs 
adding into the server classpath which of course I can't do on OpenShift. 
(Or I've struggled to at least!)

Hence I'm using the generic servlet filter adapter. Looking here for SAML:

and here for OIDC: 

I can't see how to achieve the security-constraints (roles primarily). Do I 
need to resort to coding those in the apps, or maybe using JAAS?



More information about the keycloak-user mailing list