search

apache / incubator-kie-kogito-apps

Kogito Apps - Kogito is a cloud-native business automation technology for building cloud-ready business applications.
http://kogito.kie.org
Apache License 2.0
60 stars 128 forks source link

Google/Custom OIDC /OAuth2 setup with Kogito Dataindex/management console/task console and configuring graphql security without keycloak #1178

Open debu999 opened 2 years ago

debu999 commented 2 years ago

Hi Team, In our organisation we use internal active directory and federation services. We do not manage via keycloak. Both Task Console and Management Console need keycloak setups. Is there any informaiton on how we can customize the same with quarkus security. Do we need to embedded our platfomr with that for the quarkus oidc or there is sample example to do this.

p.s. we cant use keycloak as our organisation have its own version of OAuth and OIDC setups. Please advise on this. Its blocking us from doing custom security.

pefernan commented 2 years ago

Hi Debabrata, you're right. Currently both consoles depend on keycloak. Older versions where relying on quarkus oidc but we did the move in v1.13 if I recall correctly.

I'll be back from PTO on January the 10th and will take a look to see what you can do.

Cheers!

El ds., 1 de gen. 2022, 13:05, Debabrata Patnaik @.***> va escriure:

Hi Team, In our organisation we use internal active directory and federation services. We do not manage via keycloak. Both Task Console and Management Console need keycloak setups. Is there any informaiton on how we can customize the same with quarkus security. Do we need to embedded our platfomr with that for the quarkus oidc or there is sample example to do this.

p.s. we cant use keycloak as our organisation have its own version of OAuth and OIDC setups. Please advise on this. Its blocking us from doing custom security.

— Reply to this email directly, view it on GitHub https://github.com/kiegroup/kogito-apps/issues/1178, or unsubscribe https://github.com/notifications/unsubscribe-auth/AASRHCF6TMCGEHPDDCSM6PTUT3UWZANCNFSM5LCNP7EA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

debu999 commented 2 years ago

Thanks. We are thinking to customize with OIDC. The only solution is to use the source and customize the same and build local image. If we get any luck with it will share. But it can definitely help to have option for add in capabilities for 3rd party OIDC providers. That can be custom parameters to customize the solution. The Data index Domain queries in graphql can be made secured dependent on clients. Happy New year and thanks for the awsome work in this space.

StephenOTT commented 2 years ago

This we would very nice to have. OIDC throughout without the key cloak requirement!!

debu999 commented 2 years ago

Any update. We have pulled the content and made it work with default oidc. But how can we do graphql domains protected by oidc. I need to and re roles and subscription roles @rolesallowed or some mechanism fir graphql. @evacchi kogito is awsome. We are just looking at data level access controls. Please guide.

debu999 commented 2 years ago

Anything on this yet. @pefernan @evacchi

debu999 commented 2 years ago

@nmirasch Can you help provide some help on this ask

debu999 commented 2 years ago

@cristianonicolai @sberyozkin @jmartisk can you please advise on this.

debu999 commented 2 years ago

its been there for over 7 months now in open state.

ricardozanini commented 8 months ago

@pefernan @nmirasch is this still valid or has it been solved?

pefernan commented 8 months ago

I think it's still valid, so far consoles still rely in Keycloak for auth. @ricardozanini