Openboxes & IAM integration

I really appreciate your help to advance the implementation of openboxes.
Now that I have passed the installation and configuration of the required modules, I want to know if it is possible to integrate Openboxes with an “identity and access management” and thereby cover one of the company’s requirements: Integrate Openboxes with the IAM that it uses (Keycloak) .
I have read in the documentation that with openboxes you have the ability to authenticate through the directory service and even that you are planning to integrate with third party systems using the REST API.
I seek your advice to identify the best way to integrate Openboxes with some “identity and access management” like this without having to “reinvent the wheel”
thanks in advance for your support.

I’ve added a proof of concept OIDC implementation. I’ll share more information in the next day or two.

brilliant! Thank you so much

Ok so here’s the information I promised.

The code is still in development and has been pushed to the following branch / PR

We don’t use Sprint Security at the moment (we’re waiting until after our migration to Grails 3 / 4 which is in progress). So this OIDC implementation is admittedly a bit hacky. However, it seems to work for more than one identity provider so there’s that.

It works with Google and I’ve had it working with Azure for a period of time, but i’ve recently encountered an issue where Azure stopped sending me the email claim in the callback. I haven’t had time to debug that but essentially we are unable to properly complete the user registration / authentication process without performing some gymnastics.

FWIW I would be psyched to integrate with Keycloak so let’s keep in touch regarding your efforts there.

The code has been deployed to one of our test servers, but is currently broken due to a related auth issue. I’ll try to fix that in the next few days to weeks. Remind me if you don’t hear from me by next Friday.

Justin