[keycloak-user] Securing war project with webservice (JAX-WS) using keycloak.

Pedro Igor Silva psilva at redhat.com
Mon Feb 23 08:44:58 EST 2015

Hey Emil,

It is possible, but you would need to write some code in order to protect your soap endpoints based on KC tokens.

Basically, what you need is a JAX-WS handler on the server that knows how to extract a token from a WS-Security header. Once you have the token you may use KC's API to validate it or even invoke a specific REST endpoint in a KC instance.

What PicketLink STS provides is a WS-Trust compliant Security Token Service. Which is basically a JAX-WS endpoint that uses WS-Trust to issue/renew/validate/revoke SAML assertions. Although it is flexible enough to support other types of tokens as well. It also provides some OOTB client and server side components that you can use to protect SOAP endpoints.

I think we can consider this as a RFE in order to support OOTB protection for soap endpoints based on JAX-WS.

Pedro Igor

----- Original Message -----
From: "Emil Posmyk" <emil.posmyk at gmail.com>
To: keycloak-user at lists.jboss.org
Sent: Friday, February 20, 2015 4:40:15 AM
Subject: [keycloak-user] Securing war project with webservice (JAX-WS) using	keycloak.

Hello all 

It is possible to secure project with webservice using keycloak ? I saw Picketlink STS but I'm not sure it's the best solution becouse this is SAML. 

Emil Posmyk 

keycloak-user mailing list
keycloak-user at lists.jboss.org

More information about the keycloak-user mailing list