I am a computer science student and have used Quarkus for several projects in the past year. I recently received a new project where I have to create a rest API. Because I have to do a lot in a short time, I use Quarkus to easily do the job with RESTEasy for my web services.
But this API has to authenticate the user by using Apereo with protocols CAS or SAML2. Moreover I have no experience in using Java security plugins.
I also searched about how to deal with that by using keycloak, Apereo Jboss client, Apero Spring boot client or by having a service along with Quarkus like a Tomcat that will do the authentication job. But I don't know which one would be the best and even which one would actually work.
Do you have any experience around that ? Or what could I use to make my Quarkus API work with Apereo ?
Thank you very much for your time and help,
Best regards,
Thomas
Sorry for being late to the party, but I actually did a quarkus - apareo cas integration. Basically I added quarkus-undertow extension to be able to use src/main/resources/META-INF/web.xml. Also I used org.jasig.cas.client:cas-client-core:3.6.1 to have the cas filters. And my web.xml contains something like this:
Saml integration is similar, just use the SAML filters. For more information on configuration options, please see java-cas-client
Off topic, why do you need to authenticate a API via CAS? It redirects you to that CAS login window, then it redirects you back. you cant use this API via postman or curl. Also an API doesn't store any session about the user, so this redirect dance happens every time. This is not how API's are secured. Web pages or web applications yes, but not API's.