[keycloak-user] keycloak-gatekeeper bearer-only

Geoffrey Cleaves geoff at opticks.io
Fri Nov 2 11:54:00 EDT 2018 

"Yes, it is. We did recently a collaborative work with Gluu team to check
interoperability. In fact, they used oxd to check that both Gluu and
Keycloak ASs could be used to support UMA."

That's very interesting, Pedro. oxd does appear have PHP adapters. In your
opinion, is it viable to use oxd as the missing Keycloak PHP adapter?

On Fri, 2 Nov 2018 at 16:27, Pedro Igor Silva <psilva at redhat.com> wrote:

>
>
>
>>
>>
> Yes, it is. We did recently a collaborative work with Gluu team to check
> interoperability. In fact, they used oxd to check that both Gluu and
> Keycloak ASs could be used to support UMA.
>
>
>>
>> 3. I think that normally a REST service should work with a bearer only
>> client, which expects the token and does not do authentication
>> redirection.
>> You could instruct your API consumers to get the token directly from
>> Keycloak (using a confidential client?) before hitting your Gatekeeper
>> endpoint. Once again, keep in mind that by default the token retrieved
>> from
>> one client won't work to hit a different client unless you set up the aud
>> claim properly.
>>
>> Hopefully an expert will join and correct me.
>>
>> Regards,
>> Geoffrey Cleaves
>>
>>
>>
>>
>>
>>
>>
>> On Wed, 31 Oct 2018 at 23:00, Eric Boyd Ramirez <
>> eric.ramirez.sv at gmail.com>
>> wrote:
>>
>> > Dear All,
>> > I am trying to test Keycloak-gatekeeper, have read the docs I could find
>> > (keaycloak-proxy as well) but I still have a few questions:
>> >
>> > 1- I am trying to secure a number of REST APIs, configured behind
>> > bearer-only clients. I think I need to first get a access token trough a
>> > confidential client using a 'grant-type=password' request and then do a
>> > second request to the REST client resource. Is this the right approach,
>> how
>> > would I implement this using Keycloak-Gatekeeper?.
>> >
>> > 2- Keycloak-Gatekeeper uses uri->methods->roles to manage resource
>> access.
>> > Is there a way to use Keycloak's authorization settings to manage
>> access to
>> > a client's resource  (i.e. policies, permissions, uma-ticket, etc.)?
>> >
>> > 3- How do I set up multiple clients, do I have to run and configure
>> > separate instances of Keycloak-Gatekeeper?
>> >
>> > Thanks in advance for your time and help.
>> >
>> > Regards,
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>

More information about the keycloak-user mailing list