[keycloak-user] REST -> Backend App

Red Samh redsamh at gmail.com
Fri Sep 5 11:49:14 EDT 2014 

Bill,

Thanks for the reply.

Yes it works when I have to call REST to another REST service and any
number of hops. The problem is calling a full  fledged application from a
REST service that I have the issue. When it is an application that is both
Web App + REST and I add the authorization header (bearer) I get an
unauthorized 401 (blackbox in the attachment).

Thanks
Sam


On Fri, Sep 5, 2014 at 11:42 AM, Bill Burke <bburke at redhat.com> wrote:

> Should work.  You'll have to actually describe what your problem is or I
> can't help you.  I'll take a guess though:
>
> Keycloak doesn't propagate the Authorization bearer token header
> automatically when you have multiple REST "hops" between multiple
> servers  You'll have to obtain the access token and set up the HTTP
> header manually.  The demo customer-portal example in the distro does
> exactly this, so take a look at that for more details.
>
> On 9/5/2014 10:58 AM, Red Samh wrote:
> > Hello,
> >
> > We have an application that is protected using Keycloak and a user can
> > access this application through a web front. After login the user can
> > use the functionality of the application. The application is also
> > exposed through REST API's and is protected via keycloak as part of the
> > application and accessible only after login into the main application.
> >
> > We have a
> >
> > (Step 1) Javascript application (retrieving data from) ->
> >
> > (Step 2) Business Application exposed as REST API (REST API has to make
> > calls to backend Application mentioned above) ->
> >
> > (Step 3) BackEnd Application Server + REST API.
> >
> > Directly accessing the BackEnd Application Server works fine but when we
> > need to call the REST API from another REST service which is
> > authenticated via Keycloak we have issues.
> >
> > We used the existing sample to try and do a POC but not sure what is the
> > best approach to solve this issue. The part from (Step 1) to (Step 2)
> > works and the REST API is protected using BEARER token. The (Step 2) to
> > (Step 3) is a problem as in (Step 2) we only have the BEARER token and
> > the BackEnd Application is protected using the full keycloak
> > configuration. So The BackEnd Application service is not authenticating
> > by sending in only the BEARER token in the header which is a full
> > keycloak installation (work as only a web service).
> >
> > Thanks
> > Sam
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140905/6a9ffd7d/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: keycloak-issue.png
Type: image/png
Size: 40822 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20140905/6a9ffd7d/attachment-0001.png

More information about the keycloak-user mailing list