I have a single sign on system and I’m trying to login into nexus via keycloak authentication. I’m using GitHub - keycloak/keycloak-gatekeeper: A OpenID / Keycloak Proxy service as a keycloak proxy. I’ve setup the Rut Auth capability with “X-Auth-Email” request header. I’m facing an issue here, I’m not able to authenticate my user via keycloak here. If I authenticate a user that already exists in nexus. It works. But if I try with a new user, nexus does not authenticate it.
My question is, Is there a way to achieve this. All I want is to authenticate my users via keycloak which either automatically creates a user in nexus if not already exists or just sign me in without creating a new user. I don’t want to create a user beforehand.
A user will need to be mapped into Nexus somehow in order for RUT authorization to work. One way to do this would be to use an external role mapping to map in the users of an LDAP group:
So I assume in my scenario I can’t use RUT authorization without LDAP then? I’ve looked into below mentioned guide as well. It also mentions LDAP in step one. Does nexus provide any other type of realm that can solve my problem? Unfortunately, the use of LDAP is not an option for me.
This would allow you to use a REST call to create users. You can find an example of the code that would be needed for user creation and role assignment here: