-
Notifications
You must be signed in to change notification settings - Fork 35
KeyCloak integration
Integrated SSO and IDM for browser apps and RESTful web services. Built on top of the OAuth 2.0, Open ID Connect, JSON Web Token (JWT) and SAML 2.0 specifications. Keycloak has tight integration with a variety of platforms and has a HTTP security proxy service where we don't have tight integration. Options are to deploy it with an existing app server, as a black-box appliance, or as an Openshift cloud service and/or cartridge.
Current Vert.x auth supports simple local DB authentication and JWT/Oauth2 token based authN/Z. For a full user management solution vert.x project is not planning to re-invent the wheel but to integrate with existing open source projects that can provide a wider range of security mechanisms.
The vert.x community has already provided one solution: https://github.com/pac4j/vertx-pac4j. According to their site:
The vertx-pac4j project is an easy and powerful security library for Vertx 3 web applications which supports authentication and authorization, but also application logout and advanced features like CSRF protection. It's available under the Apache 2 license and based on the pac4j security engine.
We would like to have choices, the end user should be able to use what she thinks best is for their problem and having a single solution is not enough.
Implement a simple HTTP Rest client to communicate with Keycloak using the async http client from Vert.x and model the API using the vertx-auth.common.
The KeyCloak impl should provides a way to perform authenticated requests against a server which is secured by Keycloak.
This client can either authenticate on a user's behalf, or use a grant obtained through other means, e.g.:
- username
- password
or:
- existing token
Configuration should be the location of the keycloak.json file and all communication between this impl and Keycloak over the REST API.