[ https://issues.apache.org/jira/browse/ISIS-1297?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Haywood updated ISIS-1297: ------------------------------ Fix Version/s: (was: 3.0.0) 2.0.0 > Integrate with Keycloak > ----------------------- > > Key: ISIS-1297 > URL: https://issues.apache.org/jira/browse/ISIS-1297 > Project: Isis > Issue Type: New Feature > Reporter: Dan Haywood > Fix For: 2.0.0 > > > As suggested on the Apache Isis mailing list. > http://markmail.org/message/6jwghlmyravuxfbx > There are several approaches ... > As described in our security guide [1] Apache Isis has a pluggable API for > both authentication and authorization, so at the lowest level one could > take implement either/both of these plugin points. > Apache Isis has two integrations, one for Shiro and one called "bypass" > (which basically disables security). So one could ignore Apache Isis' > Shiro integration and implement everything yourself. > However, it would probably make more sense to build > upon the Isis Add-ons security module [2], which builds upon the Shiro > integration by providing an implementation of a Shiro Realm. This is > described in [3]. In fact, I would suggest that keycloak would be used as > a delegate realm within the Isis addons' security module. > In other words, the design that we could use is: > Apache Isis -> Shiro -> Isis addons security realm -> Isis addons > delegate realm > This last realm would be implemented using Keycloak. > The documentation in the security module [4] and [5] might also help to > explain this. > Note that this design would use Keycloak for authentication (validate > credentials and lookup roles), with the security module taking > responsibility for authorization. > [1] http://isis.apache.org/guides/ugsec.html > [2] https://github.com/isisaddons/isis-module-security > [3] > http://isis.apache.org/guides/ugsec.html#_ugsec_shiro-isisaddons-security-module-realm > [4] https://github.com/isisaddons/isis-module-security#application-users > [5] > https://github.com/isisaddons/isis-module-security#shiro-configuration-shiroini -- This message was sent by Atlassian JIRA (v6.4.14#64029)