Hello All,
I’m very new to Keycloak (and SSO) so apologies if these are too much of newbie questions.
We have a frontend React app and a few Spring Boot apis. We set up the React app as a ‘public’ client and the apis as ‘bearer-only’. This was relatively easy to achieve with the JS and Spring Boot plugins though it did require a bunch of rewriting of our Spring Security configuration.
This is where I get confused, we’d like to integrate with a 3rd party website who is also using a JS framework for the UI and Spring/Spring Boot for the apis.
Since a full implementation like we did would be a very hard sell, could they add the JS plugin dependency but only initiate it on a specific landing page they provide for our users?. Is there a better way?
For the backend, they have their own user store and we have ours. When configuring KeycloakWebSecurityConfigurerAdapter, This does require Keycloak but it’s instance agnostic though the properties in application.yml ARE specific to an instance. This would cause any user that didn’t have a token that originated from our Keycloak instance to fail authentication. It’s seems they’d need to create a Keycloak proxy where our user’s requests would get channeled to, get authenticated, and do a back channel call to their main api.
Is there a better way? Can you configure two auth providers on 1 spring boot app? Am I missing something fundamental? Any advice or help would be very appreciated.