[keycloak-dev] Queries on Keycloak

Bill Burke bburke at redhat.com
Wed Aug 5 08:40:25 EDT 2015 

Why don't you just try it out or read the documentation? :)

Yes, you can use the token to invoke on other rest services so long as 
the token has the appropriate permissions each rest service requires for 
access.  The token is actually a Json Web Signature (JWS).  The rest 
endpoints validate the signature using the public key of the realm. 
Tokens have a timeout, but are automatically updated for web apps. 
Otherwise you ahve to use the refresh token to obtain a new access token.
On 8/5/2015 2:35 AM, Satyajit Das wrote:
> Hi Bill,
>
> Thanks a lot  for the quick response. Just one more query on the
> webservice side.
>
> As per the instruction , I made the webservice access type as bearer.
>
> Lets say. I have a service called http://localhost:8082/candidates/.
>
> This in turn has many webservice operation such as
> post: http://localhost:8082/candidates/{candidate}
> put: http://localhost:8082/candidates/candidate/{id}
> get:http://localhost:8082/candidates/candidate/{id}.
>
> after a successful token verification:
>   HttpGet get = new
> HttpGet(AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(),
> session) + "/candidate/{some id}");
>              get.addHeader("Authorization", "Bearer " +
> session.getTokenString());
>              try {
>                  HttpResponse response = client.execute(get);
>                  if (response.getStatusLine().getStatusCode() != 200) {
>                      throw new
> Failure(response.getStatusLine().getStatusCode());
>                  }
>                  HttpEntity entity = response.getEntity();
>                  InputStream is = entity.getContent();
>                  try {
>                    //  return JsonSerialization.readValue(is, String.class);
> return "hello";
>                  } finally {
>                      is.close();
>                  }
>
> do i need to further authenticate each call via the same method for
> other restful call.
>
> Do we have any option where in we can say authenticate once and go ahead
> with multiple webservice call without further token verification.
>
> Regards,
> Satya.
>
> On Tue, Aug 4, 2015 at 7:25 PM, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
>
>
>     On 8/4/2015 9:48 AM, Satyajit Das wrote:
>     > Hi Team,
>     >
>     > Kindly respond to the below queries.
>     >
>     > 1)What is the limit to the number of realms, roles per realm, and users
>     > per realm or users per role in key cloak.
>     >
>
>     We haven't really tested the limits.  Should be pretty large.  I know
>     one keycloak user has a database of around 1 million users.
>
>     > 2)what is the expire time of a token id generated in key
>     > cloak.(session.getTokenString()).
>     >
>
>     Its configurable in admin console
>
>     > 3) is there any authentication done after successfull login ,if I visit
>     > subsequent pages.
>     >
>
>     Do you mean is there any authentication with the Keycloak server?
>     Once a user is logged in, they do not see any more authentication
>     screens.  Once you visit one application, you are authenticated for that
>     application.  If you visit another application, you are redirected to
>     keycloak auth server, auth server will validate the SSO cookie, then
>     generate a token for the aplication and send you back there.
>
>
>
>
>     --
>     Bill Burke
>     JBoss, a division of Red Hat
>     http://bill.burkecentral.com
>     _______________________________________________
>     keycloak-dev mailing list
>     keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-dev mailing list