Authenticate users via keycloak

integrations
help

#1

Hello,

I have a single sign on system and I’m trying to login into nexus via keycloak authentication. I’m using GitHub - keycloak/keycloak-gatekeeper: A OpenID / Keycloak Proxy service as a keycloak proxy. I’ve setup the Rut Auth capability with “X-Auth-Email” request header. I’m facing an issue here, I’m not able to authenticate my user via keycloak here. If I authenticate a user that already exists in nexus. It works. But if I try with a new user, nexus does not authenticate it.

My question is, Is there a way to achieve this. All I want is to authenticate my users via keycloak which either automatically creates a user in nexus if not already exists or just sign me in without creating a new user. I don’t want to create a user beforehand.

Thank you all in advance.


#2

A user will need to be mapped into Nexus somehow in order for RUT authorization to work. One way to do this would be to use an external role mapping to map in the users of an LDAP group:

https://help.sonatype.com/display/NXRM3/Roles#Roles-MappingExternalGroupstoNexusRoles

If you were to do that you could authenticate any member of that LDAP group using keycloak.

Rich


#3

So I assume in my scenario I can’t use RUT authorization without LDAP then? I’ve looked into below mentioned guide as well. It also mentions LDAP in step one. Does nexus provide any other type of realm that can solve my problem? Unfortunately, the use of LDAP is not an option for me.


#4

Using an external tool that is designed for user management is the best approach. Setting up OpenLDAP or ApacheDS is not difficult.

But if this isn’t an option, then my suggestion would be to use the scripting API to create these users:

https://help.sonatype.com/display/NXRM3/Script+API

This would allow you to use a REST call to create users. You can find an example of the code that would be needed for user creation and role assignment here:

[nexus-book-examples/security.groovy at nexus-3.x · sonatype/nexus-book-examples · GitHub](http://Groovy Security Examples)

Regards,

Rich