PingFederate OAuth2 Implementation

[prabhu-r-ramasamy]

We would like to implement OAuth2 in Strimzi. Could you please direct me the right guidance to setup Oauth2 implementation using pingfederate?

[scholzj]

TBH, I'm not sure whether @mstruk knows anything about pingfederate. I never heard about it. There are many different OAuth 2 platforms and we cannot know, understand and provide detailed guidence for all of them. So unless @mstruk knows anything about it, you might need to figure this out on your own.

[mstruk]

I'm afraid we don't have specific instructions for PingFederate.

Generally, in order to integrate with an OAuth 2 authorization server you need to configure a client for Kafka broker as a resource server, and clients for your services that will act as Kafka clients, connecting to the broker. Next, you need to decide whether to validate access tokens using JWKS endpoint and signature validation (that requires your tokens to be JWT tokens), or if you'll delegate validation to authorization server's introspection endpoint. Then, one more thing you need to know is what claim to use for client's user ids - these can then have ACL records associated with them.

I suggest you take a look at the documentation, and at the examples, to get an idea of the general approach. Then try to integrate with PingFederate following the same approach, and we can try to help you along the way if you hit some issues.