Vault integration with KeyCloak

[Mário Batista]

Hello all,

I have a question. Vault was selected as a tool for secret management within my company although since we use KeyCloak as our authentication and authorization server i would like to ask if someone already integrate Vault with Keycloak.

I know that there isn't yet a Auth backend for OpenId connect so since Keycloak uses OpenId connect protocol or SAML how can i use it?

Thank you.

Best regards.

[Jeff Mitchell]

Hi Mario,

I don't believe there's an integration story for KeyCloak at this time.

Best,
Jeff

> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/5248e3ec-b1e0-4c06-910e-21aa0cddf3a7%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Mário Batista]

Hello Jeff,

thank you for your fast reply. Would not be nice to develop an authentication backend generic for OpenId connect Providers? 

in that case you could use any from your choice and even if you want to use an external authentication source like Google, Facebook etc you could do it by configuring the OpenId connect Provider as a Brocker and it will allow you to do it.

Just an ideia:)

thanks.

Mario

[jul...@nodeable.io]

did anyone get any further with this idea ? I am looking for similar functionality

thanks

[Vinayak Bhat]

Hey, 

    It would help if there is an integration of Vault with Keycloak.

    Is there any plan for or implementation in place??

[Michel Vocks]

Hi there,

I think a specific Keycloak auth backend is not planned.

However, we support now OIDC (OpenID connect) which seems to be also supported by Keycloak:

https://www.vaultproject.io/docs/auth/jwt.html#oidc-authentication

https://www.keycloak.org/docs/2.5/server_admin/topics/sso-protocols/oidc.html

Please let us know if you have trouble to setup the authentication.

Cheers,

Michel

[Jim Kalafut]

Yep, and it was tested for basic functionality too. Here are some setup steps: 

https://www.vaultproject.io/docs/auth/jwt_oidc_providers.html#keycloak

Regards,

Jim

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/bde352ce-5356-4563-89b4-30cab8c9fdcd%40googlegroups.com.