[
https://issues.apache.org/jira/browse/CAMEL-8249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17809870#comment-17809870
]
Kipchumba Bett commented on CAMEL-8249:
---------------------------------------
I've been looking at the `camel-spring-security` component. From my
understanding and definition here:
{quote}The Camel Spring Security component provides role-based authorization
for Camel routes. It leverages the authentication and user services provided by
Spring Security (formerly Acegi Security) and adds a declarative, role-based
policy system to control whether a route can be executed by a given principal.
{quote}
The `camel-spring-security` component is used to control and restrict access to
Camel routes based on user roles. So adding a `camel-keycloak` similar to
`camel-spring-security` doesn't quite fit with our use case.
I'm proposing a `camel-keycloak` component that will allow developers to
interact with [Keycloak Admin's REST API
|https://www.keycloak.org/docs-api/21.1.1/rest-api/#] in a more straightforward
and Java-idiomatic way, leveraging the power of Apache Camel's integration
capabilities.
For our case, apart from the standard authentication and authorization use
cases, another significant use case is to synchronize roles from System A to
Keycloak. System A, in this context, is an external system that does not fully
utilize Keycloak for its user and role management. However, it is beneficial to
have the roles from System A available in Keycloak for assignment. This
synchronization will ensure that the roles defined in System A are consistently
available in Keycloak, providing a unified view of roles across both systems.
This synchronization can be achieved by periodically polling System A for its
roles or consuming events from System A and updating the roles in Keycloak
accordingly.
For instance; having camel-keycloak component with the syntax:
{{keycloak://role/read?clientUuid=ox&realm=ozone&roleName=SystemAdmin&keycloakClient=#keycloakClient}}
or
{{keycloak://client/create?realm=ozone&client=client-to-create&keycloakClient=#keycloakClient}}
[~acosentino], What do you think about this approach?
References:
- [https://www.keycloak.org/docs-api/21.1.1/rest-api/#]
- [https://mvnrepository.com/artifact/org.keycloak/keycloak-admin-client]
- [https://camel.apache.org/components/next/others/spring-security.html]
> camel-keycloak - A security component
> -------------------------------------
>
> Key: CAMEL-8249
> URL: https://issues.apache.org/jira/browse/CAMEL-8249
> Project: Camel
> Issue Type: New Feature
> Reporter: Claus Ibsen
> Priority: Major
> Fix For: Future
>
>
> We should have a camel-keycloak component that integrates with keycloak
> https://www.keycloak.org/
> For example similar to as camel-spring-security
> http://camel.apache.org/security
> https://camel.apache.org/components/next/others/spring-security.html
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
