Oauth2 / JWT / OIDC authentication on API


Can somebody confirm that they got token based authentication working in combination with a OIDC provider (in our case keycloak)? We want to integrate this with our process tools and I’d like to forward the JWT of the authenticated user to Foreman and further validate authority to create objects there…

Currently I only know of a pre-shared secret; but I wouldn’t want to have that in my scripts in cleartext anywhere :frowning:

I’m using Foreman 1.24.2

Kindest of regards,

In Foreman 2.1 we’ll add (partial) installer support for it. The actual commit

The relevant code has some inline documentation:

Hi, @ekohl,

Thanks for the quick reply! I actually managed to set-up keycloak integration via the current method (and it seems to work great!) I just couldn’t figure out if this approach also reflects on the API itself?

Meaning; will it just be as simple as passing along my JWT as a BEARER authentication token in the header? Or won’t that work as expected?