-
Feature Request
-
Resolution: Done
-
Major
-
None
-
None
-
None
As we developed WildFly Elytron and integrated in WildFly 11 and EAP 7.1 the specifications in use by Keycloak around OpenID Connect were very much in a state of ongoing development so at the time it made sense for the Keycloak project to handle the integration. The relevant specifications are now stable and it makes sense for individual projects to handle their own OIDC integration.
Another benefit mentioned from Stian is this would allow EAP / XP releases to be interoperable with other OIDC providers which may be required for both cloud and bare metal deployments.
Since the original WildFly client side adaptors were written for Elytron our integration has also progressed further, at the moment the installation of these adaptors requires security domains and realms to be defined before a deployment can be deployed.
The Keycloak adaptors support two different modes:
- Managed
- Deployment Configured
The native integration should support the same, cloud use cases are really showing a trend towards deployment configured at the moment.
In the case of deployment configured we should be able to eliminate the pre-wired configuration presently used. We have used this pattern already for microprofile-jwt by dynamically defining a virtual security domain.
Layering is also proving important, I would suggest a feature such as this should be in a dedicated subsystem "elytron-oidc" which will follow a similar pattern to the "microprofile-jwt" subsystem.
- is cloned by
-
WFCORE-5178 Native support for OpenID Connect
- Resolved
- is related to
-
ELY-2199 Migrate org.jboss.spec.javax.json:jboss-json-api_1.0_spec to jakarta.json:jakarta.json-api
- Resolved
-
ELY-2202 Make it possible to handle opaque access tokens for OIDC
- Open
-
ELY-2203 Update OidcAuthenticationMechanism#keycloakPreActions to handle additional pre-authentication actions
- Open
-
ELY-2204 Investigate recent OIDC failures on MacOS on GitHub Actions
- Open
-
ELY-2201 HS and PS algorithms are not supported by elytron-oidc-client
- Reopened