I have a requirement like below.
-
Authentication : I want to use corp AD/SSO (Azure AD) for authentication. I have setup this with OIDC/IdP with KeyCloak and able to get this working. My API’s exposed via Spring-Boot are not able to authenticate via this on user request redirecting to the Azure Login/MS page and able to get this working.
-
Authorization: On Authentication I want to create access tokens (JWT) that needs to fetch the roles from a custom oracle managed database.
Not sure if this will be solved via user-federation, I dont want to authenticate the user against the ext database - all I want is the user once authenticated to fetch the roles from another provider (oracle database) and then create a JWT token and send so that JWT token then be used for all authorization based on roles on all API’s exposed.
The idea is client will login, get the JWT token then keeping calling the API using the JWT token.
Hope this is possible and can any of you give me what is the best way to acheive this? I dont know if User federation is the way or if there is any other way to acheive this.
Any pointers is highly appreciated amd pls let me know if you need any more info and apologies if I used any auth terminology that is mis-leading or confusing.