Is it possible to authenticate against a Keycloak's Identity Provider (OpenAM) without using the Login screen?
Please note I am new to the applications I am mentioning so I might use the terminology incorrectly. I've added a few diagrams to explain myself as best I could.
I am trying to setup a web service authentication policy in APIMAN (which uses Keycloak internally)
So far I know the Identity Provider (OpenAM) I created in Keycloak is configured correctly since it is working on the Login page (see image 1 below)
I have also successfully used an access_token via Keycloak's OpenID API to access a web service; but only if the user credentials are in Keycloak (as oppossed to OpenAM) (see image 2)
What I'd like to achieve is to authenticate this web service client via Keycloak but using the Identity Provider's credentials, but I do not know how to do this or if it is even possible. (see image 3)
Please note I also tried User Federation with the LDAP behind OpenAM and it worked correctly, but I would like to know if there is a way to do it via OpenAM.
The way you used keycloak and openam is quite unusual, however if i understand correctlly your question, you want keycloak to redirect the webservice request to openam, not ldap,
You can either:
- configure openam as a identity provider using saml:
Openam would be your source of identity, and keyclaok would be his clients, you can do this by configuring keycloak: identity provider -> saml IDP -> and here you will place openam metadata.
- configure openam as OIDC provider:
In keycloak you go to identity providers -> create -> oidc v1 provider -> and you will place your openam info.
As i said, its can be done, but its not the way its suppossed to be, openam and keycloak are both Access management software, they both do exactly the same thing, in your configuration keycloak play a role of an API gateway, which is not exactly what keycloak should be doing, you can get get rid of either one of the solutions, both can provide you the same functionnalities (OIDC, OAuth2, SAML, LDAP, ...)
- How to get the popup menu to select user certificate in Tomcat 10 server?
- Enable password and unix_socket authentication for MariaDB root user?
- How to consume from an eventsource API requiring auth headers?
- How to display an Error message when logging in fails in Reactjs
- Notify navbar of authenticated status when logged in (Angular)
- Proper way to store a token retrieved client-side in nextjs 13 "App Router" version?
- Signout and login not working in auth.js in Next14 with middleware and server actions
- Laravel: Auth::user()->id trying to get a property of a non-object
- 404 page not found when running firebase deploy
- .NET 8 Blazor Server - role authorization with Windows Authentication
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- Symfony2: How to change Entity Manager just before doing login_check
- JWT signature verification failing
- SMAppService register() - How to detect launch at startup/login vs regular launch?
- AppwriteException: User (role: guest) missing scope (account), not able to get account after creating a session
- authMiddleware doesn't exist after installing clerk
- Stop request in CookieAuthenticationEvents.OnValidatePrincipal after response body has been written to
- Blazor Hosted WebAssembly with Keycloak and Basic Authentication Issue
- How to change the app name for Firebase authentication (what the user sees)
- How do I restrict Apache/SVN access to specific users (LDAP/file-based authentication)?
- Unexpected authorization behaviour in a Blazor Web App with .NET 8
- MongoDB: Understand createUser and db admin
- Update react context without refreshing page on state update
- What is the standard/modern way to use CAC/PIV card authentication in Java/Tomcat web applications?
- Keycloak retrieve custom attributes to KeycloakPrincipal
- Secure Google Cloud Functions http trigger with auth
- Cannot authenticate in fresh installed Laravel 11 with MySQL/MariaDB
- authentication with only username (id) in laravel
- Having problem Authorizing Authenticated user account in Web API
- What is the purpose of a "Refresh Token"?