adapt-to logo

Technical challenges


Use an external IAM

Deploy  → Integrate  → Delegate


Live Demo

What was that?

 +   + 

IAM Solutions

Why Keycloak?

...and it's free  

SSO Protocols


SSO Protocols

SSO Protocols: SAML

SSO Protocols: OpenID Connect

SSO Protocols: CAS


Keycloak servlet filter

						    immediate = true,
						    service = Filter.class,
						    property = {
						      CONFIG_FILE_PARAM + "=" + "keycloak.json",
						      SKIP_PATTERN_PARAM + "=" + "/public/.*",
						      HTTP_WHITEBOARD_FILTER_PATTERN + "=" + "/",
						    + "("
						public class KeycloakFilter extends KeycloakOIDCFilter { }

Keycloak Sling AuthenticationHandler

							public class KeycloakAuthenticationHandler implements {
								// ....
							public AuthenticationInfo extractCredentials(
						      HttpServletRequest req, HttpServletResponse res) {
						    KeycloakSecurityContext ctx = (KeycloakSecurityContext)
						    return new AuthenticationInfo("KEYCLOAK",
								     "admin", "admin".toCharArray());
							// ....

User provisioning? What is it?

User provisioning? What is it?

User provisioning? What is it?

Do I really need it?

  • You’re relying on the users’ existence in the underlying JCR;
  • If you make heavy use of JCR ACLs.
  • You connect the underlying DB using a service account;
  • Access control is on the application level
  • You’re OK to go with a single account for JCR

User provisioning: approaches

User provisioning: push

User provisioning: pull

User provisioning: shared store

Can I have push/pull now?

LDAP to the rescue (present)