geosolutions-it
OPEN ID - Adding support for Keycloak authentication
Description
Keycloak is an open source IDM that, among other flows, supports OpenId Connect. Since the Keyclok configuration support for OPEN ID will be different than the one designed for MapStore, we need to design a dedicated implementation of the Keycloak workflow using its specific Java libraries with a clean and dedicated configuration tier in line with the standard Keycloak guidelines.
Acceptance criteria
- [ ] Design a dedicated Keycloak Java backend module in MapStore using Keycloak Java library
- [x] Design a configuration support for the MapStore specific configuration that will be provided
- [x] Design a configuration support for a new Geostore build profile, that will build Geostore with OPEN ID via Keycloak authentication/authorization
Other useful information
Issue for the security Keycloak filter is #8189
As for the last AC in the ticket. As things stand security wise for Geostore, it will not be possible to build geostore with a separate profile. We will initially provide a configuration within Geostore that will be used to add/remove security modules (acting on the XML configuration). OPEN ID will be one of these modules. Once a future refactoring is done on Geostore we will be able to include different building profile.
@taba90 is this the associated PR ? https://github.com/geosolutions-it/geostore/pull/282 Then can this be closed?
As of today 04/08/2022, the testing of this feature on our dev environment is dependent on time constraints dictated by our resources availability, estimation on the setup of the testing environment has been given by @offtherailz, we are now waiting for any free MapStore resource who can work on this.
see https://github.com/geosolutions-it/MapStore2/issues/8429
As confirmed by the Client, after dev environment successfully testing on their end. They confirmed the feature is working as expected and the MapStore => Keyckloak integration responds to the client agreed ACs