Uploaded image for project: 'Causeway'
  1. Causeway
  2. CAUSEWAY-1297

Integrate with Keycloak

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.0.0-M3
    • None
    • None

    Description

      As suggested on the Apache Isis mailing list.

      http://markmail.org/message/6jwghlmyravuxfbx

      There are several approaches ...

      As described in our security guide [1] Apache Isis has a pluggable API for
      both authentication and authorization, so at the lowest level one could
      take implement either/both of these plugin points.
      Apache Isis has two integrations, one for Shiro and one called "bypass"
      (which basically disables security). So one could ignore Apache Isis'
      Shiro integration and implement everything yourself.

      However, it would probably make more sense to build
      upon the Isis Add-ons security module [2], which builds upon the Shiro
      integration by providing an implementation of a Shiro Realm. This is
      described in [3]. In fact, I would suggest that keycloak would be used as
      a delegate realm within the Isis addons' security module.

      In other words, the design that we could use is:

      Apache Isis -> Shiro -> Isis addons security realm -> Isis addons
      delegate realm

      This last realm would be implemented using Keycloak.

      The documentation in the security module [4] and [5] might also help to
      explain this.

      Note that this design would use Keycloak for authentication (validate
      credentials and lookup roles), with the security module taking
      responsibility for authorization.

      [1] http://isis.apache.org/guides/ugsec.html
      [2] https://github.com/isisaddons/isis-module-security
      [3]
      http://isis.apache.org/guides/ugsec.html#_ugsec_shiro-isisaddons-security-module-realm
      [4] https://github.com/isisaddons/isis-module-security#application-users
      [5]
      https://github.com/isisaddons/isis-module-security#shiro-configuration-shiroini

      Attachments

        Issue Links

          Activity

            People

              danhaywood Daniel Keir Haywood
              danhaywood Daniel Keir Haywood
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: