[keycloak-user] Connect EAP with third party Identity Manager

Dmitry Telegin dt at acutus.pro
Wed Feb 6 10:56:53 EST 2019

Hello Michael,

Unfortunately, Keycloak OpenID Connect adapter is not compatible with generic OIDC providers (on the contrary to SAML adapter). Please check out these threads [1] [2].

Basically, you have two options: to hack on KeycloakConfigResolver, or to deploy an intermediary Keycloak with brokering to NetIQ. The former is risky and not guaranteed to work at all, while the latter should work for sure (at the price of increased maintenance costs).

[1] https://lists.jboss.org/pipermail/keycloak-user/2018-November/016193.html
[2] http://lists.jboss.org/pipermail/keycloak-dev/2018-November/011378.html

Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

On Wed, 2019-02-06 at 11:21 +0100, Michael Gulitz wrote:
> Hello!
> We have implemented an JEE application on EAP 7 with three layers (UI 
> (OpenUI5), REST API, EJB layer) and are using keycloak adapters and 
> keycloak server in our local environment. This setup works fine so far 
> with security context in all layers.
> But now we have to deploy the application to a different environment and 
> must connect to a NetIQ identity server via OpenId, but the keycloak 
> adapter uses its own specific URL pattern, etc.
> I cannot find any documentation how to configure EAP to allow 
> authentication with other identity managers than keycloak or JBoss SSO.
> For OAuth Picktlink documentation also points to the keylcoak project.
> Can anyone help?
> Thanks,
> Michael
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list