Reputation: 1852
Tomcat realm for oauth2?
I want to use tomcat's realm mechanism for authorization, but I want to allow users to either login directly (say JDBCRealm) or login via OAuth2 (say through LinkedIn). I found out that in principle, one could use CombinedRealm to combine two different methods of authentication, but I cannot find anything about any realm implementation for OAuth2.
PS: I am also open to completely different way to allow the dual authentication requirement.
Upvotes: 2
Views: 5825
Answers (2)
Reputation: 20862
There is no out-of-the-box implementation of an OAuth Realm for Tomcat. There is, however, a JASPIC adapter for Tomcat can be used for arbitrary authentication back-ends.
There is a community-contributed back-end that provider OAuth2.
Your mileage may vary ... greatly.
Upvotes: 3
Reputation: 919
I would have a look at the Keycloak OIDC Tomcat adapter We are using it and even extend it for different use cases, for instance: Integrating ORDS with 3rd-party SSO
Hope it helps,
Luis
Upvotes: 0
Related Questions
- How to set OAuth realm in RestAssured
- Is it possible to create custom realm in tomcat without adding jar to lib folder?
- Implement a Tomcat Realm with LDAP authentication and JDBC authorization
- Tomcat Realm Authentication - After login
- apache tomcat 7 combined Realm
- Implement OAuth2.0 in the web application
- Java library to implement oauth2.0
- Websphere 7 simple realm (like tomcat-users.xml)
- Java, Realm, Tomcat, login.
- Tomcat - SSO Without Realm?