I am currently working on a new project which uses Vue.js on the frontend and JAX-RS Webservices implemented in Java in the backend. Both, the frontend and the backend will be deployed with Docker.
The solution will need to manage customers, users and provide authentication to protect the web application and web services. It does not make any sense to build my own solution for this so I decided to base my architecture on some existing open source tools.
Open Source Identity Management Tools
There is quite an impressive list of potential Open Source Identity Management Tools. I also included LDAP based tools into the evaluation:
- Central Authentication Service (CAS)
In order to evaluate the best fitting solution I defined my evaluation criteria
- Manage our Customers with custom attributes
- Manage Users with custom attributes
- Java API to manage Customers and Users
- Basic Processes: User Registration, Password Reset
- Basic Authentication functionality with Password Policies, Brute Force Detection
- Authentication support with OpenID Connect
- Integration with LDAP
- Support of external Identity Providers (Microsoft, Google etc)
- Easy to use
- Integration with Vue.js for Authentication
- Integration with Java Webservices (JAX-RS) for Authentication
- Easy to deploy with Docker
- Integration with WordPress
- Open Source
LDAP is quite popular but it is quite painful to extend the schema and it is missing most of my defined criteria.
There is basically only one tool which turned out to be the perfect match: Keycloak. The user, roles and user groups provide dynamic key values so it is easy to store our custom attributes with the help of a Java API or with some web services.
Usually my Webservices are based on Jersey. Unfortunately it turned out that the Keycloak API was based on RestEasy and it did not feel right to have two JAX-RS frameworks in parallel so I moved my solution to RestEasy as well.
In order to simplify the deployment of the web services in Docker I usually integrate an embedded server. For RestEasy I could use the UndertowJaxrsServer and with 2 lines of code I had my embedded web server running as well
UndertowJaxrsServer server = new UndertowJaxrsServer().deploy(new Application());