We want to migrate legacy systems to keycloak without disruption to legacy clients not in our control (e.g. 3rd party). The current framework is a username+password type user store which is used to create something equivalent to a session token/access token. These are used for both online and offline transactions where only the token is supplied.
How do we solve the offline processing scenario where we have a token and authenticate the token, validate it, and get the groups associated with the user. We do not have the username.
How do we take existing tokens and somehow load them into keycloak with an unlimited expiry but these must be expired once the user generates a newer access token with a newer algorithm & method.
Some access tokens are supplied in the body of XML documents submitted as part of webservices. What is the correct way to use spring to enable application manual authentication.
I looked at the federated user store however we are happy to retire this. It is really the existing tokens and legacy webservices we want to migrate so that all new dev leverages contemporary protocols but legacy apps are unaffected.