[keycloak-dev] SOAP security with Keycloak

Ryvlin, Andrey aryvlin at morphotrust.com
Wed Feb 18 10:49:45 EST 2015 

I don't know what the SOAP consumer will be. What I was thinking is to create a request interceptor where I can get user credentials from SOAP Header.
Then I need access to the realm to authenticate user, get roles and do authorization. 

Thanks‼
-----------------




-----Original Message-----
From: Pedro Igor Silva [mailto:psilva at redhat.com] 
Sent: Wednesday, February 18, 2015 9:36 AM
To: Ryvlin, Andrey
Cc: Bill Burke; keycloak-dev at lists.jboss.org
Subject: Re: SOAP security with Keycloak

If your application (eg.: client consuming your SOAP layer) is using our adapters, you can obtain the token from either typecasting the user Principal to KeycloakPrincipal and navigating to the KeycloakSecurityContext interface.  The KeycloakSecurityContext interface is also available within the HttpServletRequest attribute

     KeycloakSecurityContext session = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName());

----- Original Message -----
From: "Andrey Ryvlin" <aryvlin at morphotrust.com>
To: "Bill Burke" <bburke at redhat.com>, "Pedro Igor Silva" <psilva at redhat.com>
Cc: keycloak-dev at lists.jboss.org
Sent: Wednesday, February 18, 2015 1:06:23 PM
Subject: RE: SOAP security with Keycloak

That'll work,
 and what's endpoint to obtain token?

Thanks!!



-----Original Message-----
From: Bill Burke [mailto:bburke at redhat.com]
Sent: Wednesday, February 18, 2015 9:03 AM
To: Pedro Igor Silva; Ryvlin, Andrey
Cc: keycloak-dev at lists.jboss.org
Subject: Re: SOAP security with Keycloak

For plain Java org.keycloak.RSATokenVerifier.verifyToken API works too.

On 2/18/2015 9:41 AM, Pedro Igor Silva wrote:
> There is a
>
> /auth/realms/{realm}/protocol/openid-connect/validate?access_token={yo
> ur_token}
>
> endpoint. You can try it out.
>
> However, I can not see it in Admin Client. I think we should add this endpoint there.
>
> ----- Original Message -----
> From: "Andrey Ryvlin" <aryvlin at morphotrust.com>
> To: "Pedro Igor Silva" <psilva at redhat.com>, "Bill Burke" 
> <bburke at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Wednesday, February 18, 2015 12:24:32 PM
> Subject: RE: SOAP security with Keycloak
>
> What Keycloak API can use to do login programmatically  and validate token? Do you have any examples?
>
> Thanks‼
> -----------------
>
>
> -----Original Message-----
> From: keycloak-dev-bounces at lists.jboss.org
> [mailto:keycloak-dev-bounces at lists.jboss.org] On Behalf Of Pedro Igor 
> Silva
> Sent: Wednesday, February 18, 2015 6:09 AM
> To: Bill Burke
> Cc: keycloak-dev at lists.jboss.org
> Subject: Re: [keycloak-dev] SOAP security with Keycloak
>
> As Bill said, there is no OOTB support for SOAP security.
>
> However, I think you can use WS-Security to communicate tokens to your services and have some JAX-WS handler or something that knows how to validate this token and create a security context for the user before actually invoking your services.
>
> ----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Monday, February 16, 2015 2:24:01 PM
> Subject: Re: [keycloak-dev] SOAP security with Keycloak
>
> We don't have anything yet.  It will probably be awhile unless the community helps out.  You might be able to use it like you would any other REST service.  SOAP still is sent over HTTP...I guess it depends on your SOAP stack.
>
> On 2/16/2015 11:13 AM, Ryvlin, Andrey wrote:
>> Hi,
>>
>> I am evaluating Keycloak server for my project and securing REST APIs 
>> and Web applications was very easy.
>>
>> Now I have a task to secure some SOAP endpoints
>>
>> Is it possible to do it with Keycloak? If so, what’s the best practice?
>>
>> Thanks‼
>>
>> -----------------
>>
>> Andrey Ryvlin
>>
>> Principal Software Engineer
>>
>> Phone: 952-979-8492
>>
>> 5705 W Old Shakopee Road, Suite 100
>>
>> Bloomington, MN 55437 USA
>>
>> ARyvlin at MorphoTrust.com <mailto:ARyvlin at MorphoTrust.com>
>>
>> www.MorphoTrust.com <http://www.morphotrust.com/>
>>
>> cid:image003.jpg at 01CFF75A.60542BC0
>>
>>
>> ---------------------------------------------------------------------
>> -
>> --
>>
>> This message is only for the use of the intended recipient and may 
>> contain information that is CONFIDENTIAL and PROPRIETARY to 
>> MorphoTrust USA, Inc. If you are not the intended recipient, please 
>> erase all copies of the message and its attachments and notify the sender immediately.
>>
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
> ________________________________
>
> This message is only for the use of the intended recipient and may contain information that is CONFIDENTIAL and PROPRIETARY to MorphoTrust USA, Inc. If you are not the intended recipient, please erase all copies of the message and its attachments and notify the sender immediately.
>

--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-dev mailing list