Depends what you intend to do - the "keycloak" part of login handling
might be just complicating things. A long time ago (~2018) I made a
*standard* JAAS login module which does token validation using nimbus-ds
sdk. Sources are online:
https://github.com/apifocal/activemix/blob/master/jaas/activemix-auth-token/src/main/java/org/apifocal/activemix/jaas/token/TokenLoginModule.java
It works in very similar way to above. As far I remember token should be
placed in a password field (user is reserved for tenancy context).
There is support for plugging in extra token validators based on their
class name.
The signer validator keys parameter might point JWK file, but with
little effort you can swap it with a remote jwk set.
TokenLogin {
org.apifocal.activemix.jaas.token.TokenLoginModule required
debug=true
userAsTenant=true
verifiers.package="org.apifocal.activemix.jaas.commons.verifiers"
verifiers.classes="TokenSignatureValidator,TokenSignerValidator"
claimMappers.package="org.apifocal.activemix.jaas.commons.mappers"
claimMappers.classes="SubjectMapper, IssuerMapper"
verifiers.TokenSignerValidator.keys="src/test/resources/keys";
};
Best,
Łukasz
On 24.02.2022 18:02, CASAUX Nicolas wrote:
Hello !
I'm trying to use latest version of Artemis 2.20.0 to connect to a remote
keycloak, but so far I did not succeed. It seems that my keycloak is never
requested by Artemis.
I looked at the example provided here
https://github.com/apache/activemq-artemis/tree/main/examples/features/standard/security-keycloak
and managed to make it work successfully.
So I started to look after differences between the provided example and my
configuration. I noticed this log entry when running the provided example:
[org.keycloak.adapters.KeycloakDeployment] Loaded URLs from
http://localhost:8080/auth/realms/artemis-keycloak-demo/.well-known/openid-configuration
This log entry never appears when I start Artemis with my own configuration.
* Is there some configuration I am missing ? A jar to add maybe?
* Is it a correct solution to use a remote Keycloak instead of a embedded
one ?
Thanks in advance for your help!
Nicolas
C2 - Usage restreint
