I have a Library that is use to authenticate my user and get roles. In my library I must call the LDAP, the Database and merge the result to get my user role. Is it possible to call my library with RH-SSO? Before I use picketlink and I define in my standalone the login-module to call my lib
Thank you
Based on the upstream project (Keycloak) documentation, you need to implement the User Storage SPI.
Related
I develop Spring Boot Rest API project using JDBC and the database is PostgreSQL. I added authorization with Keycloak. I wanna use User Federation because I would like to use Users in my PostgreSQL DB. How can I use it and other ways not to use User Federation?
I have faced the same problem recently. I have different clients with different RDBMS, so I have decided to address this problem so that I could reuse my solution across multiple clients.
I published my solution as a multi RDBMS implementation (oracle, mysql, postgresl, sqlserver) to solve simple database federation needs, supporting bcrypt and several types of hashes.
Just build and deploy this solution on keycloak and configure it through the admin console providing jdbc connection string, login, password, the required SQL queries and the type of hash used.
Feel free to clone, fork or do whatever you need to solve your issue.
GitHub repo:
https://github.com/opensingular/singular-keycloak-database-federation
I'm doing similar development but with Oracle and JSF.
I created a project with three classes:
one implementing UserStorageProvider, UserLookupProvider and CredentialInputValidator
one implementing UserStorageProviderFactory
one extending AbstractUserAdapter
Then I created another project which creates an ear file containing the jar file generated in the previous project plus the driver jar file (of PostgreSQL in your case) inside a lib folder.
Finally the ear file is copied in the /opt/jboss/keycloak/standalone/deployments/ folder of the Keycloak server and it gets autodeployed as a SPI. It's necessary to add this provider in the User federation section of the administration application of Keycloak.
My organization has decided to use Drools as a decision management framework. We are using the new UI business-central which is deployed as a WAR file in WildFly server for managing the rules and the assets related to the rules.
We have licensed Gsuite for our emails and other activities. We want to use Google login for the users of the business-central system instead of the username and password-based auth provided.
One way to do it is by using a Keycloak server which will provide us a way to manage users and authentication. But we do not want to maintain an extra server just for authentication.
Can someone please help me in achieving this authentication? Also, it would be helpful if I can know in advance the pitfalls of such a type of authentication approach.
Here are the version details for the drools system:
Java: openjdk version "1.8.0_242"
Drools: 7.33.0.Final
After doing a lot of trial and error and quite a bit of googling around. I have reached the conclusion that providing social login in business-central should be done via Keycloak if you are using Wildfly.
There are a lot of security-related features that you will get out of the box and you won't have to tweak around the drools code and later on finding out that you have missed a use case.
Atlassian Crowd supports authenticating through remote directories, using LDAP, OpenID, Google Apps, Active Directory, etc. It also supports Custom Directories, for creating your own authenticator. Is it possible to use this interface to implement a CAS client that can authenticate towards an external CAS server?
I don't know much or anything about Atlassian Crowd, but it seems like they have a connector available for Spring Security, and Spring Security does already have CAS support. So you might be able to use what they have and what Spring Security has to connect it to your CAS instance. See https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Spring+Security
My company is using shibboleth to perform Single sign on.
The applications we use to sign in are wordpress and Owncloud. Now, We are planning to include Tuleap Open ALM (Application Lifecycle Management) to use shibboleth to do single sign on.
So is there a plug-in to do it, A way it can be done or is it possible or impossible, Could you provide your views and thoughts to help me?
There is no explicit plugin for Tuleap to use shibboleth. However, I think shibboleth can be used with openId and that Tuleap can also be configured to use openId. The other Tuleap authentication methods are native and ldap.
I've seen samples that connect an on premises IdSrv instance to ADFS, but I can't find one that connects to a LDAP IP (AD, not ADFS).
Is there a sample or documentation somewhere on this?
Thanks.
There is a contrib project for IdentityServer v1 here. Maybe you can make it work in v2 (the latest stable version).
I have found an example of using Windows Integrated Authentication in Authorization Server which is an implementation of the OAuth2 authorization framework. It was developed after v2.
But if I were you I would try to persuade your customer to install ADFS. It should be possible. Then you can use it directly as you IdP or you can set it up with IdentityServer.