[keycloak-user] Developing with keycloak-adapter without an OAuth Server

[Jordan Conner]

 Hi all,

I've been developing a J2EE application utilizing the keycload-wildfly
adapter to connect to a 3rd party OAuth server.

Now the customer who I'm developing this application for also has another
vendor creating an OAuth server. After almost 2 years of developing they
have now restricted access to the OAuth server and I can no longer access
it from my local environment.

They expect me to push my code up to their remote development server to
test changes.

What is the best way I can go from here? I have tons of code utilizing the
attributes in a token, and I don't understand fully how to customize the
keycloak-adapter to skip certain functions in a development environment.

I was told my local environment shouldn't need to access the OAuth server
yet I don't understand how to bypass/fake certain functions.

For example, all of my .xhtml pages are secured in the .WAR's web.xml
using

<login-config>
  <auth-method>KEYCLOAK</auth-method>
</login-config>

>From my understanding, if a page is secured in <security-constraints> then
that is what triggers the redirect to OAuth (if a token isn't
active/valid.) How can I basically "skip" this authentication check in a
local environment?

I have stood up my own keycloak server which I can authenticate with, but
the customer's OAuth server vendor has done custom modifications to their
keycloak server. For example, they have added extra fields where first/last
name are, where on regular keycloak that would be a user-attribute map.

TLDR;
Is there anything in the keycloak-adapter that would skip authentication in
a development environment. Is there a way to create a fake base64 token? Or
during login of my application (where I extract user attributes and their
custom attributes) should I make it so it works for either OAuth server?


Thank you for any help.