[keycloak-user] Custom Identity Brokering for a CAS Server
Erlend Hamnaberg
erlend at hamnaberg.net
Tue Aug 14 07:00:29 EDT 2018
I have done this for my client.
It is quite possible to do, however it is not trivial.
Not sure if I'm allowed to publish the source for the integration, but I
will ask.
/Erlend
On Tue, Aug 14, 2018 at 12:07 PM, Rémy Grünblatt <remy at grunblatt.org> wrote:
> Hi,
>
> This adds a client protocol, what we are searching for is the other way
> around (use the CAS as a provider).
>
> Thanks,
> Rémy
>
> Le 14 août 2018 11:51:41 GMT+02:00, Meissa M'baye Sakho <msakho at redhat.com>
> a écrit :
> >Remy,
> >take a look at this [1]
> > [1] =https://github.com/Doccrazy/keycloak-protocol-cas
> >
> >Meissa
> >
> >2018-08-14 11:25 GMT+02:00 Rémy Grünblatt <remy at grunblatt.org>:
> >
> >> Hello,
> >>
> >> We would like to have a Keycloak server use data from a legacy auth
> >> system (namely, a CAS server,
> >> https://en.wikipedia.org/wiki/Central_Authentication_Service ) to
> >> authenticate people. We do not have admin rights on the CAS server,
> >nor
> >> we are able to access the underlying ldap database it uses
> >internally.
> >>
> >> People would be able to have « pure » keycloak accounts (new users),
> >but
> >> also link their identity from the CAS or use the CAS to identify, and
> >> create an account the first time they do so.
> >>
> >> I tried to find documentation to develop our own identity provider
> >(as
> >> Keycloak only has an social, oidc, and saml providers), but I find it
> >> difficult to guess what are the interfaces we need to implement.
> >>
> >> Right now, this is what I have:
> >https://github.com/Reventl0v/KeycloakCAS
> >>
> >>
> >> So, questions:
> >>
> >> - Is there somewhere listing everything we need to implement beside
> >> looking at the code of keycloak?
> >> - Is there online some custom provider example code for something
> >that
> >> is not talking oidc, saml, or is a social provider?
> >> - Do you think it's a good idea to create such a provider?
> >>
> >>
> >> I found
> >>
> >http://lists.jboss.org/pipermail/keycloak-user/2017-October/012100.html
> >> but I have no news about the result of this enterprise: Dominik (can
> >I
> >> call you Dominik?), did you manage to achieve this goal?
> >>
> >> Many thanks,
> >>
> >> Rémy
> >>
> >>
> >>
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> --
> Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma
> brièveté.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list