I've written a software system that uses Spring Cloud Netflix. Due to Spring Security 5 not offering support for writing an Authorization Server (pls shout out here https://github.com/spring-projects/spring-security/issues/6320) I need to write my own Authorization server. I want my application to permit Social login and username/password registration, have a custom login page but also use keycloack. I don't even know from where to start, if you have any documentations or code samples please provide.
Asked
Active
Viewed 147 times
1
-
Why do you need to create your own Authorization Server? Keycloak can handle social as well as first-party login in the same instance. – jzheaux Apr 10 '20 at 21:55
-
You really don't want to write your own authorization server. Use Keycloak and you are good to go. – Marco Behler Apr 11 '20 at 06:37
-
What if I want my first-party login to happen from a web app and social login just from mobile (admin from web, clients from mobile). Do I need two Keycloak servers? How do I customize the login page? – 2dor Apr 11 '20 at 07:01
1 Answers
1
You can use the cas project. By using the overlay it is easy to set up and to customize: https://github.com/apereo/cas-overlay-template/blob/master/README.md
It serves a frontend where your user can be redirected to and can login. After successful login, the user is redirected back to your web page. The frontend is completely customizable.
It supports all kinda of authentication providers like keycloak, database or Google/Facebook.
After basic setup you just add the dependency inside the gradle file, configure your keycloak/database/... in the application.properties and can start using it as authentication server.
It fits perfect into a microservice landscape and is curated by professionals implementing security best practice.
https://apereo.github.io/cas/6.1.x/planning/Getting-Started.html
Chris
- 5,109
- 3
- 19
- 40