[keycloak-user] EJB Remote Calls and KeyCloak

[da.dom]

Hi There,

i try to use Keycloak to authenticate an EJB Remote Client Call.

Setup:
I have a working Keycloak Setup for my WebClients.
I add to my application server standalone.xml an additional security domain:

                <security-domain name="keycloakjaas" cache-type="default">
                    <authentication>
                        <login-module
code="org.keycloak.adapters.jaas.DirectAccessGrantsLoginModule"
flag="required">
                            <module-option name="keycloak-config-file"
value="E:\Software\ApplicationServer\wildfly-10.0.0.Final\standalone\configuration\keycloak-sso1.json"/>
                        </login-module>
                    </authentication>
                </security-domain>


and configure my ejb sub-system
        <subsystem xmlns="urn:jboss:domain:ejb3:4.0">
      ....
            <default-security-domain value="keycloakjaas"/>
        </subsystem>


My Test Connection:
        prop.put(Context.INITIAL_CONTEXT_FACTORY,
"org.jboss.naming.remote.client.InitialContextFactory");
        prop.put(Context.PROVIDER_URL, "http-remoting://localhost:8080");
        prop.put("jboss.naming.client.ejb.context", true);
        prop.put(Context.SECURITY_PRINCIPAL, "admin-user");
        prop.put(Context.SECURITY_CREDENTIALS, "123");

fails with: "Invalid User"

In Keycloak Server i see the failed login:
Errorinvalid_user_credentials
auth_method openid-connect grant_type password client_auth_method
client-secret username admin-user

"Direct Access Grants" is enabeld for that application.

Somebody any idea? Or is my setup totally wrong?
How whould i use KeyCloak for remote EJB calls?

Thanks a lot
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160525/edaf5dd1/attachment.html