<div dir="ltr"><p dir="ltr"><br>
Eap 6.x, it would be nice if i could generalize to any war deployed to to tomcat or jetty. </p>
<p dir="ltr">Thanks<br>
Sam</p>
<div class="gmail_quote">On Sep 5, 2014 11:51 AM, "Bill Burke" <<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Wildfly or JBoss EAP 6.x or JBoss AS 7.1?<br>
<br>
<br>
On 9/5/2014 11:49 AM, Red Samh wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Bill,<br>
<br>
Thanks for the reply.<br>
<br>
Yes it works when I have to call REST to another REST service and any<br>
number of hops. The problem is calling a full fledged application from<br>
a REST service that I have the issue. When it is an application that is<br>
both Web App + REST and I add the authorization header (bearer) I get an<br>
unauthorized 401 (blackbox in the attachment).<br>
<br>
Thanks<br>
Sam<br>
<br>
<br>
On Fri, Sep 5, 2014 at 11:42 AM, Bill Burke <<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>> wrote:<br>
<br>
Should work. You'll have to actually describe what your problem is or I<br>
can't help you. I'll take a guess though:<br>
<br>
Keycloak doesn't propagate the Authorization bearer token header<br>
automatically when you have multiple REST "hops" between multiple<br>
servers You'll have to obtain the access token and set up the HTTP<br>
header manually. The demo customer-portal example in the distro does<br>
exactly this, so take a look at that for more details.<br>
<br>
On 9/5/2014 10:58 AM, Red Samh wrote:<br>
> Hello,<br>
><br>
> We have an application that is protected using Keycloak and a<br>
user can<br>
> access this application through a web front. After login the user can<br>
> use the functionality of the application. The application is also<br>
> exposed through REST API's and is protected via keycloak as part<br>
of the<br>
> application and accessible only after login into the main<br>
application.<br>
><br>
> We have a<br>
><br>
> (Step 1) Javascript application (retrieving data from) -><br>
><br>
> (Step 2) Business Application exposed as REST API (REST API has<br>
to make<br>
> calls to backend Application mentioned above) -><br>
><br>
> (Step 3) BackEnd Application Server + REST API.<br>
><br>
> Directly accessing the BackEnd Application Server works fine but<br>
when we<br>
> need to call the REST API from another REST service which is<br>
> authenticated via Keycloak we have issues.<br>
><br>
> We used the existing sample to try and do a POC but not sure what<br>
is the<br>
> best approach to solve this issue. The part from (Step 1) to (Step 2)<br>
> works and the REST API is protected using BEARER token. The (Step<br>
2) to<br>
> (Step 3) is a problem as in (Step 2) we only have the BEARER<br>
token and<br>
> the BackEnd Application is protected using the full keycloak<br>
> configuration. So The BackEnd Application service is not<br>
authenticating<br>
> by sending in only the BEARER token in the header which is a full<br>
> keycloak installation (work as only a web service).<br>
><br>
> Thanks<br>
> Sam<br>
><br>
><br>
> ______________________________<u></u>_________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a> <mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-user</a><br>
><br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
______________________________<u></u>_________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a> <mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-user</a><br>
<br>
<br>
</blockquote>
<br>
-- <br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
</blockquote></div>
</div>