[keycloak-user] Best practice: Server to Server authentication
Marek Posolda
mposolda at redhat.com
Fri Nov 20 07:48:00 EST 2015
Hi,
am I understand correctly that you have:
1) UI application, which handles redirection to keycloak login screen
etc. and have access token available
2) REST Application 1
3) REST Application 2
The user wants to send accessToken to RESTApp1 and this RESTApp1 wants
to send another REST request to RESTApp2. Is it correct? I wonder that
you can just send same accessToken used for RESTApp1 for authentication
to RESTApp2. Or am I not understand correctly your environment?
Marek
On 20/11/15 09:46, Kevin Hirschmann wrote:
>
> Hello,
>
> has anyone experience or advice how to handle the following situation:
>
> I have my application running on a keycloak secured wildfly instance.
> Another application
>
> wants to make REST calls from an IIS Server to my application. Of
> course the user is not
>
> willing to provide credentials a second time, but the calls must be
> associated with the user.
>
> It must not be a shared account in keycloak, which is used for all
> users on the IIS.
>
> What is the right way (keycloak way) to approach this?
>
> Thx for your help.
>
> Kevin Hirschmann
>
> HUEBINET Informationsmanagement GmbH & Co. KG
>
> HUEBINET Informationsmanagement GmbH & Co. KG
>
> An der Königsbach 8
>
> 56075 Koblenz
>
> Sitz und Registergericht: Koblenz HRA 5329
>
> Persönlich haftender Gesellschafter der KG:
>
> HUEBINET GmbH;
>
> Sitz und Registergericht: Koblenz HRB 6857
>
> Geschäftsführung:
>
> Frank Hüttmann; Michael Biemer
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Der Nachrichtenaustausch mit HUEBINET Informationsmanagement GmbH &
> Co. KG, Koblenz via E-Mail dient lediglich zu Informationszwecken.
> Rechtsgeschäftliche Erklärungen mit verbindlichem Inhalt können über
> dieses Medium nicht ausgetauscht werden, da die Manipulation von
> E-Mails durch Dritte nicht ausgeschlossen werden kann.
>
> Email communication with HUEBINET Informationsmanagement GmbH & Co. KG
> is only intended to provide information of a general kind, and shall
> not be used for any statement with binding contents in respect to
> legal relations. It is not totally possible to prevent a third party
> from manipulating emails and email contents.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151120/8167e239/attachment.html
More information about the keycloak-user
mailing list