...
The high-level sequence diagram for this option is as follows:
| Drawio | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
The high-level sequence diagram for this option is as follows:
| Drawio | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
The authenticator implementation example can be foulnd here:
https://github.com/folio-org/folio-keycloak-plugins/tree/feature/ecs-folio-authenticator/ecs-folio-authenticator
Keycloak Authentication flow configuration
TODO:
Summary
This option offers a secure, server-side solution that centralizes authentication logic within Keycloak, enhancing performance and scalability. However, it requires significant development effort and careful maintenance to ensure compatibility with Keycloak updates and realm configurations.
...
Both options aim to implement Automatic Tenant Selection in FOLIO to enhance the user experience. Here's a comparative analysis:
Aspect | Option 1: Custom JavaScript Functions | Option 2: Keycloak Custom Authenticator |
|---|---|---|
Security | Potential vulnerabilities due to client-side credential handling | Enhanced security with server-side processing |
User Experience | Unified login but may face delays and security warnings | Seamless and secure login experience |
Implementation | Easier initial setup, minimal backend changes | Requires custom development and in-depth Keycloak expertise |
Maintenance | Potential issues with browser compatibility and JavaScript updates | Centralized logic simplifies maintenance across all realms |
Scalability | May become unwieldy as the number of tenants increases | Better suited for scaling with multiple tenants |
Complexity | Simpler to implement but riskier in terms of security | More complex but offers a robust, secure solution |