Following on, I've raised ISIS-1297 for this feature request. https://issues.apache.org/jira/browse/ISIS-1297
On 24 January 2016 at 12:31, Dan Haywood <d...@haywood-associates.co.uk> wrote: > Hi Anton, > > and welcome to the users mailing list. > > Yes, it should be possible to integrate keycloak, and there are several > approaches you could take. > > As described in our security guide [1] Apache Isis has a pluggable API for > both authentication and authorization, so at the lowest level one could > take implement either/both of these plugin points. > Apache Isis has two integrations, one for Shiro and one called "bypass" > (which basically disables security). So one could ignore Apache Isis' > Shiro integration and implement everything yourself. > > However, (as David alludes to), it would probably make more sense to build > upon the Isis Add-ons security module [2], which builds upon the Shiro > integration by providing an implementation of a Shiro Realm. This is > described in [3]. In fact, I would suggest that keycloak would be used as > a delegate realm within the Isis addons' security module. > > In other words, the design that you could use is: > > Apache Isis -> Shiro -> Isis addons security realm -> Isis addons > delegate realm > > This last realm would be implemented using Keycloak. > > The documentation in the security module [4] and [5] might also help to > explain this. > > Note that this design would use Keycloak for authentication (validate > credentials and lookup roles), with the security module taking > responsibility for authorization. If you wanted authorization to be > performed by keycloak, then we'd need to look at a different design. > > ~~~ > Let me know if you're interested in helping implement this feature; I'd be > happy to provide more guidance either via mailing list or offline. > > Cheers > Dan > > > [1] http://isis.apache.org/guides/ugsec.html > [2] https://github.com/isisaddons/isis-module-security > [3] > http://isis.apache.org/guides/ugsec.html#_ugsec_shiro-isisaddons-security-module-realm > [4] https://github.com/isisaddons/isis-module-security#application-users > [5] > https://github.com/isisaddons/isis-module-security#shiro-configuration-shiroini > > PS: I noticed in the course of writing this reply that some of the images > in the security guide [1] were missing; these have now been fixed. > > > > > On 18 January 2016 at 17:56, Anton Hughes <kurren...@gmail.com> wrote: > >> Hello >> >> I am interested in knowing if it is possible to integrate keycloak, and if >> yes, how would this be done? >> >> Thanks and kind regards >> Anton >> > >
