You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@isis.apache.org by "Dan Haywood (JIRA)" <ji...@apache.org> on 2017/09/21 21:46:00 UTC
[jira] [Updated] (ISIS-1297) Integrate with Keycloak
[ https://issues.apache.org/jira/browse/ISIS-1297?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Haywood updated ISIS-1297:
------------------------------
Fix Version/s: (was: 3.0.0)
2.0.0
> Integrate with Keycloak
> -----------------------
>
> Key: ISIS-1297
> URL: https://issues.apache.org/jira/browse/ISIS-1297
> Project: Isis
> Issue Type: New Feature
> Reporter: Dan Haywood
> Fix For: 2.0.0
>
>
> As suggested on the Apache Isis mailing list.
> http://markmail.org/message/6jwghlmyravuxfbx
> There are several approaches ...
> As described in our security guide [1] Apache Isis has a pluggable API for
> both authentication and authorization, so at the lowest level one could
> take implement either/both of these plugin points.
> Apache Isis has two integrations, one for Shiro and one called "bypass"
> (which basically disables security). So one could ignore Apache Isis'
> Shiro integration and implement everything yourself.
> However, it would probably make more sense to build
> upon the Isis Add-ons security module [2], which builds upon the Shiro
> integration by providing an implementation of a Shiro Realm. This is
> described in [3]. In fact, I would suggest that keycloak would be used as
> a delegate realm within the Isis addons' security module.
> In other words, the design that we could use is:
> Apache Isis -> Shiro -> Isis addons security realm -> Isis addons
> delegate realm
> This last realm would be implemented using Keycloak.
> The documentation in the security module [4] and [5] might also help to
> explain this.
> Note that this design would use Keycloak for authentication (validate
> credentials and lookup roles), with the security module taking
> responsibility for authorization.
> [1] http://isis.apache.org/guides/ugsec.html
> [2] https://github.com/isisaddons/isis-module-security
> [3]
> http://isis.apache.org/guides/ugsec.html#_ugsec_shiro-isisaddons-security-module-realm
> [4] https://github.com/isisaddons/isis-module-security#application-users
> [5]
> https://github.com/isisaddons/isis-module-security#shiro-configuration-shiroini
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)