[teiid-issues] [JBoss JIRA] (TEIIDSB-81) Support Keycloak based OpenID authentication for pg/jdbc
Steven Hawkins (Jira)
issues at jboss.org
Mon Apr 29 14:16:00 EDT 2019
[ https://issues.jboss.org/browse/TEIIDSB-81?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13727878#comment-13727878 ]
Steven Hawkins commented on TEIIDSB-81:
---------------------------------------
This could be done with Spring JAAS integration to use the DirectAccessGrantLoginModule. For now this will use the none-JAAS approach. The code in KeycloakDirectAccessGrantAuthenticationProvider is mostly from that login module - there's no explicit handling there or here for active refresh / invalidation, so for now we're just concerned with the initial authentication. It extends from the KeycloakAuthenticationProvider to create the same mapped token authentication result as the OData case.
I had a hard time wiring the AuthenticationManager. There seem to be some existing spring issues about that (https://github.com/spring-projects/spring-security-oauth2-boot/issues/30). I ended up using the post processor. The db security can be used in conjunction with or apart from the odata security.
When odata is also included, however I see that hibernate validator is part of spring-boot-starter-web and is trying to do something against the default teiid connection pool. With db security this now fails as there is no identity associated.
> Support Keycloak based OpenID authentication for pg/jdbc
> --------------------------------------------------------
>
> Key: TEIIDSB-81
> URL: https://issues.jboss.org/browse/TEIIDSB-81
> Project: Teiid Spring Boot
> Issue Type: Feature Request
> Reporter: Ramesh Reddy
> Assignee: Steven Hawkins
> Priority: Major
> Fix For: 1.1.0
>
>
> Support authentication for pg/jdbc through keycloak/rh-sso. Needs to use the authorization paradigm as TEIIDSB-63.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the teiid-issues
mailing list