Hello,
I’ve spent the day looking through https://github.com/strimzi/strimzi-kafka-oauth documentation and trying to get a full setup up and running to have Kafka authentication and authorization up and ready.
Most of it actually works pretty well but my company has two specific requirements:
- Authentication is done through okta
- We use active directory for permissions
So I’ve been trying to work on the first part and setup Okta as an Identity provider for my KeyCloack setup with OpenID Connect and it works really well through the UI…
That’s the catch, kafka is not a simple web app I can redirect to. In the github Kafka doc above they use a script that fetch an access_token or refresh_token with Oauth2 through keycloack rest API.
And this is where I’m getting lost. Ideally I’m trying to get a nice workflow for the user where he would login to keycloack UI realm using the Okta connect and then get redirected to a page which gives him a token he can use for a few hours to do his work.
The whole issue here is how can the user get his token ? Right now the user can login to keycloack realm using okta and gets redirect back to keycloack UI with his account info… and that’s it. The only info missing is that refresh/access token value.
I am new to Keycloack and Okta and I’m really confused on this. Is there any lead I could follow ? As anyone tried a similar setup ?
Thanks a lot