admin管理员组

文章数量:1317898

We are writing a user management service wrapping Keycloak. We need to have a wrapper to simplify the interface and the data models, and to have a software layer for user management, authentication and authorization independent from the used identity provider.

Now we are trying to implement single sign-on, and we are facing some challenges...

As far as I understood, the normal flow should be:

  1. The frontend calls a Keycloak API to initialize the SSO session. In this API a redirect_uri is specified.
  2. If there's no active SSO sessions, Keycloak will redirect to its own Login page. The user will login with his credentials, and Keycloak will save information about the just initialized SSO session into the browser's cookies. If there's already an active SSO session, authentication is not needed and just jump to next step.
  3. After the authentication, Keycloak will finally redirect to the redirect_uri specified in the point 1, passing as query parameter the authorization_code
  4. When receiving the authorization_code, the endpoint listening at the redirect_uri can use it to call a Keycloak API and exchange the authorization code for a valid access token.

Now, here are my problems:

  • Since we are trying to hide Keycloak in a wrapper, we don't like the frontend to call directly the keycloak API at point 1. But if I create an API in my wrapper to just redirect the call to Keycloak this seems to not work, because in this case Keycloak can't open its login page and interact with the user, since the API has been called by a backend service (hope it's clear what I mean)
  • Again, since we are trying to hide Keycloak in a wrapper, we don't like to have the Keycloak login page at the step 2, we would like to use our custom login page.

We are using multiple clients defined in Keycloak, one for each application, so we can't just share among all the applications the access token received with the first login (as copilot suggested...), and OpenId Connect as authentication protocol.

Thank you everybody.

本文标签: Implement Single SignOn with ASPNET Core backend service wrapping KeycloakStack Overflow

版权声明:本文标题:Implement Single Sign-On with ASP.NET Core backend service wrapping Keycloak - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742034613a2417103.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。