[keycloak-user] Login a Java Fat Client with Windows Kerberos Token agains Keycloak backed by AD?
Marek Posolda
mposolda at redhat.com
Wed Jun 7 16:04:19 EDT 2017
It's not yet supported OOTB. There is already JIRA opened for the long
time. Feel free to add a vote :)
However it should be already possible to implement it if you write
custom authenticator and put it into the "Direct Grant Flow"
authentication flow for the realm. Then your Java Fat Client will be
able to send the token in the "Authorization: Negotiate token" header
and your authenticator can then authenticate this request. Feel free to
send PR if you manage to have it working.
See our docs and examples for Authentication SPI for more details.
Marek
On 07/06/17 15:13, Malte Finsterwalder wrote:
> Hi,
>
> I have the following setup:
>
> I'm programming a Java Fat Client application. I want to integrate it into
> SSO with Keycloak.
> Our Keycloak is connected to our Windows Active Directory (AD).
>
> So my idea is, that my Fat Client uses the Windows 7 Kerberos Token and
> sends that to Keycloak. Keycloak should authorize the token agains the AD
> and send back an authorization token to the Fat Client, so I can later use
> this Keycloak token to access other Rest-Services.
>
> Fat Client (with Kerberos Token) -> Keycloak -> AD
> Fat Client (with Keycloak Token) -> REST-Service
>
> I can't find anything in the documentation regarding this szenario.
> Is this possible? And if so, how?
>
> Greetings,
> Malte
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list