[keycloak-user] Issue with Bearer only auth

Stian Thorgersen sthorger at redhat.com
Fri Nov 6 07:59:38 EST 2015 

Did you put any security constraints on the endpoints?

On 6 November 2015 at 12:36, Tero Ahonen <Tero.Ahonen at cybercom.com> wrote:

> Hi,
>
> I have a rest endpoint running on wildfly 9.
>
> Wildfly and application is setup to use Keycloak and request to endpoints
> are intercepted with keycloak adapter. But is seems to be that it is not
> working. If auth header is not present keycloak just skips authentication
> and lets all request thru. It doesn’t matter do I use curl or browser.
>
> Wilfly logs says (last line comes from servlet filter)
>
> 2015-11-06 13:10:23,962 DEBUG
> [org.keycloak.adapters.PreAuthActionsHandler] (default task-17)
> adminRequest https://localhost:8443/foobar/endpoint
> 2015-11-06 13:10:23,969 TRACE [org.keycloak.adapters.RequestAuthenticator]
> (default task-17) --> authenticate()
> 2015-11-06 13:10:23,969 TRACE [org.keycloak.adapters.RequestAuthenticator]
> (default task-17) try bearer
> 2015-11-06 13:10:23,969 DEBUG [org.keycloak.adapters.RequestAuthenticator]
> (default task-17) NOT_ATTEMPTED: bearer only
> 2015-11-06 13:10:23,970 DEBUG
> [org.keycloak.adapters.AuthenticatedActionsHandler] (default task-17)
> AuthenticatedActionsValve.invoke https://localhost:8443/foobar/endpoint
> 2015-11-06 13:10:23,970 INFO  [stdout] (default task-17)
> GET:/foobar/endpoint
>
>
> If I add Authorization headar like this
>
> Authorization: Bearer 123
>
> I get HTTP/1.1 401 Unauthorized
>
> WWW-Authenticate: Bearer realm="saas-pilot", error="invalid_token",
> error_description="Couldn't parse token”
>
>
> Is there something that I dont understand?
>
> I have tried with web.xml/keycloak.json and keycloak subsystem
> configuration methods, same outcome.
>
> Br,
> Tero
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151106/fbbbd1ac/attachment-0001.html

More information about the keycloak-user mailing list