So...I am getting there. 

I have Keycloak installed on the same server and running on a different port. I've gone through a similar setup for a test Tomcat app using Keycloak as auth provider but it isn't kicking into action for some reason. Not sure if anyone else has had a play around with this yet. 

In terms of user registration and management, I've tested it all and that works perfectly, a new theme would be required but that looks straight forward. 

Steps taken so far:-

- Install fresh Tomcat - set roles for manager-gui and admin-gui

- Install fresh Orbeon - tested unauthenticated access

- Install fresh Keycloak (changed ports to not conflict)

- Copied the Tomcat dist jar dependencies into the /lib folder for Keycloak

- Created a context.xml in the /orbeon/META-INF folder and added 

<Context>

        <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve" />

</Context>

- Uncommented the security settings in web.xml and set the auth provider to be KEYCLOAK

- Set a new realm, client and user in Keycloak app for testing

- Setup a new role called 'orbeon-user' in Keycloak and added the test user to this role

- Edited the local.properties.xml to include the new role information and to set the container to be in charge of the auth. 

I think there is something I am missing to push orbeon to send auth requests to Keycloak but currently I just get a 403 forbidden back from Tomcat. 

If anyone is interested in trying out I can send more detailed steps or where I am up to so far. 

Thanks, 

Eusebio

On 21 September 2016 at 05:56, Erik Bruchez <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="-4M3DeD-BwAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">ebru...@...> wrote:

Eusebio,

> I've been playing with Orbeon PE and from a forms point of view it does
> everything we need it to do and more. The form wizard layout and the
> putting of data into a PDF template once complete is excellent, I haven't
> found any other form product that comes close, especially with repeating
> rows and complex validations.

Thanks for the positive feedback!

> I have explored using Liferay portal, there are issues with Liferay 7 and
> latest Orbeon which there is a bug ticket for, either way though, it seems
> a bit clunky for just user management.

I am not sure if it is clunky, although it can certainly look a bit heavy!
But I have a feeling (which is not very scientific) that a number of Liferay
users are primarily using it for user management! So still, that might be an
option.

I recently found KeyCloak, by RedHat:

    <a href="http://www.keycloak.org/" rel="nofollow" target="_blank" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.keycloak.org%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEgRImKGoEDvKWoBoFL4IuzTUKkzQ&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.keycloak.org%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEgRImKGoEDvKWoBoFL4IuzTUKkzQ&#39;;return true;">http://www.keycloak.org/

It seems to have a number of very interesting features, but we don't have
experience with it yet.

-Erik

--
View this message in context: <a href="http://discuss.orbeon.com/Registration-Authentication-system-for-Forms-tp4661779p4661788.html" rel="nofollow" target="_blank" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fdiscuss.orbeon.com%2FRegistration-Authentication-system-for-Forms-tp4661779p4661788.html\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGjVH2dFnt0s5WvZkXD-D-JE4jb_g&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fdiscuss.orbeon.com%2FRegistration-Authentication-system-for-Forms-tp4661779p4661788.html\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGjVH2dFnt0s5WvZkXD-D-JE4jb_g&#39;;return true;">http://discuss.orbeon.com/Registration-Authentication-system-for-Forms-tp4661779p4661788.html
Sent from the Orbeon Forms community mailing list mailing list archive at Nabble.com.

--
You received this message because you are subscribed to a topic in the Google Groups "Orbeon Forms" group.
To unsubscribe from this topic, visit <a href="https://groups.google.com/d/topic/orbeon/yU8gh9ElgSU/unsubscribe" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://groups.google.com/d/topic/orbeon/yU8gh9ElgSU/unsubscribe&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/topic/orbeon/yU8gh9ElgSU/unsubscribe&#39;;return true;">https://groups.google.com/d/topic/orbeon/yU8gh9ElgSU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to <a href="javascript:" target="_blank" gdf-obfuscated-mailto="-4M3DeD-BwAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">orb...@googlegroups.com.
To post to this group, send email to <a href="javascript:" target="_blank" gdf-obfuscated-mailto="-4M3DeD-BwAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">orb...@....