You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@isis.apache.org by "Dan Haywood (JIRA)" <ji...@apache.org> on 2016/01/24 13:45:39 UTC

[jira] [Created] (ISIS-1297) Integrate with Keycloak

Dan Haywood created ISIS-1297:
---------------------------------

             Summary: Integrate with Keycloak
                 Key: ISIS-1297
                 URL: https://issues.apache.org/jira/browse/ISIS-1297
             Project: Isis
          Issue Type: New Feature
            Reporter: Dan Haywood
            Assignee: Dan Haywood
             Fix For: 2.0.0


As suggested on the Apache Isis mailing list.

http://markmail.org/message/6jwghlmyravuxfbx

There are several approaches ...

As described in our security guide [1] Apache Isis has a pluggable API for
both authentication and authorization, so at the lowest level one could
take implement either/both of these plugin points.
Apache Isis has two integrations, one for Shiro and one called "bypass"
(which basically disables security).  So one could ignore Apache Isis'
Shiro integration and implement everything yourself.

However, it would probably make more sense to build
upon the Isis Add-ons security module [2], which builds upon the Shiro
integration by providing an implementation of a Shiro Realm.  This is
described in [3].  In fact, I would suggest that keycloak would be used as
a delegate realm within the Isis addons' security module.

In other words, the design that we could use is:

        Apache Isis -> Shiro -> Isis addons security realm -> Isis addons
delegate realm

This last realm would be implemented using Keycloak.

The documentation in the security module [4] and [5] might also help to
explain this.

Note that this design would use Keycloak for authentication (validate
credentials and lookup roles), with the security module taking
responsibility for authorization. 

[1] http://isis.apache.org/guides/ugsec.html
[2] https://github.com/isisaddons/isis-module-security
[3]
http://isis.apache.org/guides/ugsec.html#_ugsec_shiro-isisaddons-security-module-realm
[4] https://github.com/isisaddons/isis-module-security#application-users
[5]
https://github.com/isisaddons/isis-module-security#shiro-configuration-shiroini




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)