What are the Slack Archives?
Itβs a history of our time together in the Slack Community! Thereβs a ton of knowledge in here, so feel free to search through the archives for a possible answer to your question.
Because this space is not active, you wonβt be able to create a new post or comment here. If you have a question or want to start a discussion about something, head over to our categories and pick one to post in! You can always refer back to a post from Slack Archives if needed; just copy the link to use it as a reference..
Hi, I'm trying to configure Spryker to use our own oauth server (keycloak). I could not find any doc
Comments
-
Hi Matthias can you describe what exactly is the use case? Are you getting user identity from external server?
0 -
Yes, we already have a keycloak server for handling identities.
0 -
Are you performing authentication or authorization or both? Or in simple words are you just checking identity while user data is still in Spryker?
0 -
What is your starting point? (How old is the project?)
0 -
User data would stay in Spryker. Project just started,
0 -
Hi,
I did SSO with keycloak in Spryker. Iβm not sure if this will work with newest Spryker, but I did it using Symfonyβs Guard Authenticator.
In version which I was using, Spryker used Silex authentication which is taken from Symfony, but I had to register GuardAuthenticationProvider, because it was not configured by default.Btw if you want to use Keycloakβs backchannel to log out users, take care of
client_session_stateparameter during logging in.If you need more help - write
0 -
Sounds interesting. Can you elaborate a bit on that? How did you register GuardAuthenticationProvider? And how (and where) is the communication with keycloak working?
0 -
to register GuardAuthenticationProvider I created ServiceProvider which is registered in YvesBootstrap.
In this custom Service provider, I added function to$app['security.authentication_listener.factory.guard'], which registers Guard classes:GuardAuthenticationProviderto$app['security.authentication_provider.' . $name . '.guard']
andGuardAuthenticationListenerto$app['security.authentication_listener.' . $name . '.guard']Rest of registration code is similar to registering default authenticators in Spryker (check Spryker code code)
I also added fake routes there (also similar to core)
After this I created another custom ServiceProvider to register SsoGuardAuthenticator to Guard system (you can check how agent authenticator is configured)
communication with Keycloak is mostly in SsoGuardAuthenticator - itβs almost same as in Symfony - https://symfony.com/doc/current/security/guard_authentication.html
0 -
Ancient Spryker -> you have to write your own security provider
Less ancient Spryker -> you can implement guard interface
Recent Spryker -> you need to do a Security plugin0 -
We have a recent Spryker. Is there a sample on how to write a Security Plugin?
0 -
You can take a look at existing ones: RememberMeSecurityPlugin, AgentPageSecurityPlugin, AgentPageSecurityPlugin
0
Categories
- All Categories
- 42 Getting Started & Guidelines
- 7 Getting Started in the Community
- 8 Additional Resources
- 7 Community Ideas and Feedback
- 76 Spryker News
- 929 Developer Corner
- 787 Spryker Development
- 89 Spryker Dev Environment
- 362 Spryker Releases
- 3 Oryx frontend framework
- 35 Propel ORM
- 68 Community Projects
- 3 Community Ideation Board
- 30 Hackathon
- 3 PHP Bridge
- 6 Gacela Project
- 26 Job Opportunities
- 3.2K π Slack Archives
- 116 Academy
- 5 Business Users
- 370 Docker
- 551 Slack General
- 2K Help
- 75 Knowledge Sharing
- 6 Random Stuff
- 4 Code Testing
- 32 Product & Business Questions
- 70 Spryker Safari Questions
- 50 Random