[keycloak-user] Configure Keycloak to be able to delegate authentication to other application
Cécile Radix Saint-Martin
cecile.saintmartin at gmail.com
Thu May 9 10:11:19 EDT 2019
Hi,
We wish to use Keycloak as our IDP for our application (frontend + REST
micro services).
We want to give users the possibility to authenticate using their
credentials of another application (login + password).
In the same time, our application needs to call this other application APIs
and for this, needs the custom token returned by the application during
authentication (this application is not OIDC compliant).
First I wanted to implement a custom identity provider for Keycloak, as it
enables to store token of external IDP. But there is very few documentation
about that and only examples I found are for OIDC providers.
So finally I decided to implement a custom authenticator
(org.keycloak.authentication.Authenticator).
I want to be sure that with a custom authenticator, I will be able to :
- Store custom tokens of the other application, provide it to a client API
and refresh it if expired
- Create user in Keycloak if it does not exist (if authentication with the
other application succeed)
Anyone can confirm ?
*Cécile RADIX SAINT-MARTIN*
*mailto:cecile.saintmartin at gmail.com <cecile.saintmartin at gmail.com>*
More information about the keycloak-user
mailing list