Is it feasible to use Keycloak as simply a login provider? My use-case has a different provider for both human and machine tokens, so I simply need it to allow logins, via password or social media.
In this case Keycloak would only be needed to authenticate the user and then provide a session cookie or similar mechanism to verify identity.
Can Keyclock operate in this situation, or am I barking up the wrong tree here?
If I’m understanding the question correctly, yes, you can use Keycloak as only an authentication platform and ignore all of the user management functionality, provided you do some steps to side-step Keycloak’s built-in behaviors.
Keycloak still wants to keep a copy of all user profiles for session management so you’ll need to provide a custom user provider and a custom authenticator to create the profiles without making the user go through the built-in keycloak prompts.
For external IDPs you’ll also need a custom authenticator to do the logic to link/create profiles between realms if you don’t want the user to be prompted to do anything.
We’re doing this exact flow as our existing platform already manages users - Keycloak is only used for login and we exchange the OIDC token for an application session.
Our implementation required several custom Java services implementing Keycloak’s SPIs.
Thank you for the response!
Are you happy with your setup or do you wish you had picked something other than Keycloak?
Hah, well I’m not authorized to speak on behalf of my employer but I personally think it’s gone pretty well.
Yes you can, go ahead an deploy keycloak and integrate with it.
For me, setting up keycloak was the best thing, lifting up the weight of user management from my side and deploy a ready solution with some custom changes is something you should go for. Keycloak is easy, well documented, rich community … that’s a green flag right there.
@claym