Loading...

XML

Word

Printable

Details

Type: Task
Resolution: Won't Do
Priority: Major
Fix Version/s: 1.0.0.Final
Affects Version/s: None
Component/s: Core Engine
Labels:
- Cloud
- Operators
- SSO

Epic Link:
SSO on Kogito Architecture
Estimated Difficulty:
Medium

SFDC Cases Counter:
SFDC Cases Links:

Description

We're using Keycloak as the SSO infrastructure on Kogito Architecture. All Kogito REST services should implement the Keycloak adapters to make this possible:

1. Validate token against a Keycloak instance
2. Send JWT Tokens during calls to inner services

This adapter can be implemented as:

1. A jar library. Spring Boot offers a nice integration with Keycloak Adapters. On Quarkus some research is needed
2. As a Mesh with Istio. The Envoy proxy can validate coming tokens (ingress) and add tokens to inner calls (egress)
3. Likely #2, a Kubernetes Ingress Controller can integrate with Keycloak as well

Options #2 and #3 won't need any implementation on Kogito Runtimes side. It's preferable since we can distinguish infrastructure code from business

Attachments

Activity

People

Assignee:: Ricardo Zanini Fernandes

Reporter:: Ricardo Zanini Fernandes

Involved:: Karel Suta, Maciej Swiderski (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2019/07/29 9:21 PM

Updated:: 2020/01/07 2:45 PM

Resolved:: 2020/01/07 2:45 PM