Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-14017

Native support for OpenID Connect

    XMLWordPrintable

    Details

    • Type: Feature Request
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 25.0.0.Beta1, 25.0.0.Final
    • Component/s: None
    • Labels:
      None

      Description

      As we developed WildFly Elytron and integrated in WildFly 11 and EAP 7.1 the specifications in use by Keycloak around OpenID Connect were very much in a state of ongoing development so at the time it made sense for the Keycloak project to handle the integration. The relevant specifications are now stable and it makes sense for individual projects to handle their own OIDC integration.

      Another benefit mentioned from Stian is this would allow EAP / XP releases to be interoperable with other OIDC providers which may be required for both cloud and bare metal deployments.

      Since the original WildFly client side adaptors were written for Elytron our integration has also progressed further, at the moment the installation of these adaptors requires security domains and realms to be defined before a deployment can be deployed.

      The Keycloak adaptors support two different modes:

      • Managed
      • Deployment Configured

      The native integration should support the same, cloud use cases are really showing a trend towards deployment configured at the moment.

      In the case of deployment configured we should be able to eliminate the pre-wired configuration presently used. We have used this pattern already for microprofile-jwt by dynamically defining a virtual security domain.

      Layering is also proving important, I would suggest a feature such as this should be in a dedicated subsystem "elytron-oidc" which will follow a similar pattern to the "microprofile-jwt" subsystem.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              fjuma1@redhat.com Farah Juma
              Reporter:
              fjuma1@redhat.com Farah Juma
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: