Help: Rest Client authentication through Keycloak having external Identity provider as SAML

Pravesh Saini

unread,

Jul 22, 2020, 3:07:42 AM7/22/20

to Keycloak User

Hi,

Currently, my application has its own login page where we authenticate the user through REST APIs ( a spring boot application). This Spring boot application connects with Keycloak for authentication and returns the access and refresh tokens. In Keycloak console, the client is configured over the open-id protocol.
In our application, we also support the multitenancy through keycloak.

Now, we have a requirement to get the user authenticated outside the keycloak by redirecting the user to the client provided IDP ( through SSO). The client provided IDP will return the SAML response.

We have tried multiple approaches but could not get any success. All the references available on internet, they talk about the keycloak and SAML SSO integration but as we are not using keycloak’s login page so it is getting very difficult to get the my application(Rest Client) authenticated in this scenerio.

Can someone help me here to solve this use case?

FYR:: The current application components:

Front End application: An Angular application
Back End Application: A Spring REST application
Authentication: Keycloak over the REST APIs

Thanks

Abhishek Koserwal

unread,

Jul 22, 2020, 3:18:12 AM7/22/20

to Pravesh Saini, Keycloak User

Hi Pravesh,

You can read the following blog post:

1) Secure Angular app with Keycloak: https://medium.com/keycloak/secure-angular-app-with-keycloak-63ec934e5093

2) Secure spring-boot 2 using Keycloak https://medium.com/keycloak/secure-spring-boot-2-using-keycloak-f755bc255b68Secure spring-boot 2 using Keycloak

it will help you with integration.

You are mixing SAML & OpenId-connect, both are different protocols. You can read about them. For your use-case, you need both clients configured with ` OpenId-connect`.

Thanks

Abhishek

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/eca138e3-309b-49b1-9e77-019a504c104fn%40googlegroups.com.

--

Regards,
Abhishek Koserwal
Senior Software Engineer
R&D Solutions Engineering
Red Hat (Pune, India)

@redhatnews Red Hat Red Hat

The capacity to learn is a gift; The ability to learn is a skill; The willingness to learn is a choice -- Brian Herbert

Pravesh Saini

unread,

Jul 22, 2020, 4:51:16 AM7/22/20

to Abhishek Koserwal, Keycloak User, Meraj Alam, Ankit Agarwal

Hi Abhishek,

Thank you for your email.

We have already referred to the links which you have provided in the email but our problem is slightly different. Let me try to explain it again

1. We have a rest client which is talking to keycloak via the provided rest APIs to get the access tokens. Keycloak provides its rest APIs for getting the tokens on openid connect protocol only

2. We need to use keycloak as an Identity Broker on SAML protocol where I don't have any mechanism to get the tokens over the rest APIs.

3. We are not using keycloak's login page in our use case

I hope I am able to explain my requirement. Please let me know if you need more information.

Thanks

Best Regards,
Pravesh Saini
Technical Manager
TO THE NEW

www.tothenew.com

Reply all

Reply to author

Forward