<div dir="ltr"><div><div><div>Hi Marc,<br><br></div>That is correct.<br><br></div>Regards,<br><br></div>Ton<br><div class="gmail_extra"><br><div class="gmail_quote">2015-11-18 16:02 GMT+01:00 Marc Savy <span dir="ltr"><<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Ton,<br>
<br>
Just to clarify. From what I understand, you're trying to secure communications between the apiman gateway and back-end service using OAuth2/OpenID Connect?<br>
<br>
I.e. You are *not* OAuth2 simply between the client to the apiman gateway.<br>
<br>
Regards,<br>
Marc<br>
<br>
On 18/11/2015 14:34, Ton Swieb wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
I am using Apiman 1.1.8.Final and I want to use a backend service in<br>
Apiman which is secured by OAuth.<br>
So instead of securing the Apiman side of the service, using the<br>
Keycloak OAuth plugin, Apiman needs forward calls to a service<br>
implementation that is secured by OAuth. I have got an OAuth token with<br>
a very long time to live (days/weeks/months) which I can use.<br>
<br>
Currently I only see the option to configure BASIC Authentication or<br>
MTLS/Two-Way-SSL on the service implementation.<br>
Would it be possible to add the HTTP Simple Header policy to the service<br>
and set the Authorization header with "Bearer........." or will that be<br>
stripped off by Apiman when forwarding the call to the backend service?<br>
<br>
Kind regards,<br>
<br>
Ton<br>
<br>
<br>
_______________________________________________<br>
Apiman-user mailing list<br>
<a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/apiman-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/apiman-user</a><br>
<br>
</blockquote>
<br>
</blockquote></div></div></div>