[keycloak-user] Securing RemoteEJBs with KeyCloak tokens
Eric B
ebenzacar at gmail.com
Wed Apr 25 17:19:20 EDT 2018
Has anyone successfully been able to secure and/or call RemoteEJBs using
KeyCloak tokens for authentication & authorization?
I've looked at several quickstarts that show how to inject the KC Token in
the EJB context at the client side, and retrieve it at the server side. So
the call to the EJB can be secured/validated with the KC token.
However, when the RemoteEJB proxy calls the server EJB, it sets up a
remoting connection and needs to authenticate itself. The quickstarts I've
seen use either JBOSS-LOCAL-USER or a user inserted into the
application-users.properties file. In either case, they are not using the
KC token for authentication.
How do I authenticate that connection handshaking using the KeyCloak
tokens?
Thanks,
Eric
More information about the keycloak-user
mailing list