[keycloak-user] Authentication from spring security without redirection

Wed Jan 25 09:35:39 EST 2017

We have an app which up until now receives the credentials. We want to keep it that way (for backward compatability), but instead of authenticating with our db, authenticate with Keycloak.

In the solution you’re proposing (not sure it suits us but let’s assume), will the user have to call another service to receive the token, and then send it to us in the header?
How will he know when to refresh it?

Dekel.

From: Sebastien Blanc [mailto:sblanc at redhat.com]
Sent: Wednesday, January 25, 2017 4:24 PM
To: Dekel Aslan <dekela at perfectomobile.com>
Cc: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Authentication from spring security without redirection

Hi,

Not sure I understand, have you set bearer-only for your Spring REST service ? With this you should not have a redirection and it should just check for a token on the header of the request.

On Wed, Jan 25, 2017 at 2:39 PM, Dekel Aslan <dekela at perfectomobile.com<mailto:dekela at perfectomobile.com>> wrote:
Hi,
I'm looking for a way of exposing REST services with Keycloak authentication.

Does Keycloak have a bean that handles authentication for spring security without filter / redirection?

Further details: I use spring security adapter, but I can't use it for http calls because it redirects to Keycloak login page.
I want to get the user credentials and invoke Keycloak service in the server (with REST "/token"), but then I won't have an authentication object as the processing filter creates.

Thanks,
Dekel.

The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user<https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.jboss.org%2Fmailman%2Flistinfo%2Fkeycloak-user&data=01%7C01%7Cdekela%40perfectomobile.com%7C997ac55060904b03064d08d4452dd439%7Cceb4c662d6994e7da0bd272619a46977%7C1&sdata=7VWVBj69tlvOE%2FNEzi2TfEKIzp51RS8v%2Fi%2B8YGjrBII%3D&reserved=0>

The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.