[keycloak-user] [EXTERNAL] Re: Core Services Without UI & Local Unix Users

Nick Powers sshscp at gmail.com
Thu Jul 18 19:37:08 EDT 2019 

Aditya,

This is only a guess, as I have never attempted what you are suggesting.
But, if I were trying to do what you are I would start off by implementing
PAM (Pluggable Authentication Modules) with LDAP (database) to authenticate
your Unix users and then use Keycloak User Federation to keep your LDAP and
Keycloak user DB in sync.  This assumes that your Unix system supports
PAM.  PAM is currently supported in the AIX operating system, DragonFly
BSD, FreeBSD, HP-UX, Linux, macOS, NetBSD and Solaris.

- Nick

On Thu, Jul 18, 2019 at 5:00 PM Aditya Bhole <Aditya.Bhole at veritas.com>
wrote:

> Hi Nick,
>
> To authenticate the Unix local users, can we do something like-
>
> - Take the user credentials on login screen, along with a flag/indicator
> that this user is a local Unix user
> - Write a java API/library which takes these credentials and authenticate
> the user at its OS level
> -  If we get success as response from the API/library, create a Keycloak
> access token and let the user in to access the protected resources/clients
>
> Thanks,
> Aditya
>
> On 7/17/19, 3:02 PM, "keycloak-user-bounces at lists.jboss.org on behalf of
> Nick Powers" <keycloak-user-bounces at lists.jboss.org on behalf of
> sshscp at gmail.com> wrote:
>
>     Aditya,
>
>     I am not sure about the Unix local users, although it sounds like a
> cool
>     idea.  As for the GUI elements an option, rather than abandoning the
>     keycloak pages is you could theme the login and admin screens to look
> like
>     your site.  Below is a link that might help you get started with
> theming
>     keycloak:
>
>     https://github.com/keycloak/keycloak/tree/master/examples/themes
>
>     Thanks - Nick
>
>     On Wed, Jul 17, 2019 at 1:11 PM Aditya Bhole <Aditya.Bhole at veritas.com
> >
>     wrote:
>
>     > Hi,
>     >
>     > We are building an SSO framework for our company products using
> Keycloak
>     > and want to use our existing UI and flow for login.
>     > Is there a way to deploy Keycloak without using any of its UI
> components
>     > (Login Screen and Admin Console) and still use all the core services
> such
>     > as authentication, authorization, managing user storage etc.
>     >
>     > Also, we want to authenticate the Unix local users via Keycloak. Is
> there
>     > any way to do this? Or is there any workaround that you can suggest
> for the
>     > same?
>     >
>     > Regards,
>     > Aditya Bhole
>     > _______________________________________________
>     > keycloak-user mailing list
>     > keycloak-user at lists.jboss.org
>     > https://lists.jboss.org/mailman/listinfo/keycloak-user
>     >
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list