[Apiman-user] Forwarding HTTP requests to service implementations secured by OAuth
Ton Swieb
ton at finalist.nl
Wed Nov 18 10:11:45 EST 2015
Hi Marc,
That is correct.
Regards,
Ton
2015-11-18 16:02 GMT+01:00 Marc Savy <marc.savy at redhat.com>:
> Hi Ton,
>
> Just to clarify. From what I understand, you're trying to secure
> communications between the apiman gateway and back-end service using
> OAuth2/OpenID Connect?
>
> I.e. You are *not* OAuth2 simply between the client to the apiman gateway.
>
> Regards,
> Marc
>
> On 18/11/2015 14:34, Ton Swieb wrote:
>
>> Hi,
>>
>> I am using Apiman 1.1.8.Final and I want to use a backend service in
>> Apiman which is secured by OAuth.
>> So instead of securing the Apiman side of the service, using the
>> Keycloak OAuth plugin, Apiman needs forward calls to a service
>> implementation that is secured by OAuth. I have got an OAuth token with
>> a very long time to live (days/weeks/months) which I can use.
>>
>> Currently I only see the option to configure BASIC Authentication or
>> MTLS/Two-Way-SSL on the service implementation.
>> Would it be possible to add the HTTP Simple Header policy to the service
>> and set the Authorization header with "Bearer........." or will that be
>> stripped off by Apiman when forwarding the call to the backend service?
>>
>> Kind regards,
>>
>> Ton
>>
>>
>> _______________________________________________
>> Apiman-user mailing list
>> Apiman-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20151118/6f493563/attachment-0001.html
More information about the Apiman-user
mailing list