<div dir="ltr">Bill,<div><br></div><div>I redid everything and it is working now. Thanks :).<div><br></div><div>Thanks</div><div>Sam</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 5, 2014 at 3:35 PM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I doubt the version is the problem.<span class=""><br>
<br>
On 9/5/2014 3:23 PM, Red Samh wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
Bill,<br>
<br>
I have rc1 and not rc2, let me check if it works in the newer version.<br>
It may be the version.<br>
<br>
Thanks<br>
Sam<br>
<br>
<br>
On Fri, Sep 5, 2014 at 3:13 PM, Red Samh <<a href="mailto:redsamh@gmail.com" target="_blank">redsamh@gmail.com</a><br></span><span class="">
<mailto:<a href="mailto:redsamh@gmail.com" target="_blank">redsamh@gmail.com</a>>> wrote:<br>
<br>
Bill,<br>
<br>
I am able to get the example to work and it is fine if I am calling<br>
REST service to any other REST service (any number of hops). Does it<br>
work if you try to access another web application (just submit a<br>
form, access content or anything) that is authenticated by Keycloak<br>
or Are you able to make a call from the REST Service to a web<br>
application that is configured with Keycloak?<br>
<br>
See attached explanation.<br>
<br>
Thanks<br>
Sam<br>
<br>
<br>
On Fri, Sep 5, 2014 at 2:41 PM, Bill Burke <<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br></span><span class="">
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>> wrote:<br>
<br>
You're going to have to elaborate on your problem as I was<br>
unable to reproduce it.<br>
<br></span>
I took examples/preconfigured-demo/__<u></u>customer-app and added the<span class=""><br>
database/ projects Java files to it. I was able to deploy this<br>
application and do both web and bearer auth from the same war.<br>
<br>
Are you using latest Keycloak? 1.0-rc2?<br>
<br>
On 9/5/2014 1:31 PM, Red Samh wrote:<br>
<br>
<br>
Thanks Bill, much appreciated. Is there something I can do<br>
in the<br>
interim even if it is a hack?. I was looking at adapter code<br>
or even<br>
something I can hardcode in the rest service to pull out the<br>
user<br>
information and make the call to the back end application?<br>
<br>
Thanks<br>
Sam<br>
<br>
On Sep 5, 2014 1:19 PM, "Bill Burke" <<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>><br></span><span class="">
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>>> wrote:<br>
<br>
A pure servlet filter is on the roadmap, but it<br>
wouldn't be as<br>
seemlessly integrated. I'll take a look at your problem.<br>
<br>
On 9/5/2014 11:59 AM, Red Samh wrote:<br>
<br>
<br>
Eap 6.x, it would be nice if i could generalize to<br>
any war<br>
deployed to<br>
to tomcat or jetty.<br>
<br>
Thanks<br>
Sam<br>
<br>
On Sep 5, 2014 11:51 AM, "Bill Burke"<br>
<<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>><br></span><div><div class="h5">
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>>>> wrote:<br>
<br>
Wildfly or JBoss EAP 6.x or JBoss AS 7.1?<br>
<br>
<br>
On 9/5/2014 11:49 AM, Red Samh wrote:<br>
<br>
Bill,<br>
<br>
Thanks for the reply.<br>
<br>
Yes it works when I have to call REST to<br>
another REST<br>
service<br>
and any<br>
number of hops. The problem is calling a<br>
full fledged<br>
application from<br>
a REST service that I have the issue. When<br>
it is an<br>
application<br>
that is<br>
both Web App + REST and I add the<br>
authorization header<br>
(bearer)<br>
I get an<br>
unauthorized 401 (blackbox in the attachment).<br>
<br>
Thanks<br>
Sam<br>
<br>
<br>
On Fri, Sep 5, 2014 at 11:42 AM, Bill Burke<br>
<<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>>><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>> <mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a><br>
<mailto:<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>>>>> wrote:<br>
<br>
Should work. You'll have to actually<br>
describe<br>
what your<br>
problem is or I<br>
can't help you. I'll take a guess<br>
though:<br>
<br>
Keycloak doesn't propagate the<br>
Authorization<br>
bearer token<br>
header<br>
automatically when you have multiple<br>
REST "hops"<br>
between<br>
multiple<br>
servers You'll have to obtain the<br>
access token<br>
and set up<br>
the HTTP<br>
header manually. The demo<br>
customer-portal example<br>
in the<br>
distro does<br>
exactly this, so take a look at that<br>
for more details.<br>
<br>
On 9/5/2014 10:58 AM, Red Samh wrote:<br>
> Hello,<br>
><br>
> We have an application that is<br>
protected using<br>
Keycloak<br>
and a<br>
user can<br>
> access this application through a<br>
web front.<br>
After login<br>
the user can<br>
> use the functionality of the<br>
application. The<br>
application is also<br>
> exposed through REST API's and is<br>
protected via<br>
keycloak<br>
as part<br>
of the<br>
> application and accessible only<br>
after login<br>
into the main<br>
application.<br>
><br>
> We have a<br>
><br>
> (Step 1) Javascript application<br>
(retrieving<br>
data from) -><br>
><br>
> (Step 2) Business Application<br>
exposed as REST<br>
API (REST<br>
API has<br>
to make<br>
> calls to backend Application<br>
mentioned above) -><br>
><br>
> (Step 3) BackEnd Application<br>
Server + REST API.<br>
><br>
> Directly accessing the BackEnd<br>
Application<br>
Server works<br>
fine but<br>
when we<br>
> need to call the REST API from<br>
another REST<br>
service which is<br>
> authenticated via Keycloak we have<br>
issues.<br>
><br>
> We used the existing sample to try<br>
and do a POC<br>
but not<br>
sure what<br>
is the<br>
> best approach to solve this issue.<br>
The part<br>
from (Step<br>
1) to (Step 2)<br>
> works and the REST API is<br>
protected using<br>
BEARER token.<br>
The (Step<br>
2) to<br>
> (Step 3) is a problem as in (Step<br>
2) we only<br>
have the BEARER<br>
token and<br>
> the BackEnd Application is<br>
protected using the<br>
full keycloak<br>
> configuration. So The BackEnd<br>
Application<br>
service is not<br>
authenticating<br>
> by sending in only the BEARER<br>
token in the<br>
header which<br>
is a full<br>
> keycloak installation (work as<br>
only a web service).<br>
><br>
> Thanks<br>
> Sam<br>
><br>
><br>
><br></div></div>
______________________________<u></u>_______________________<span class=""><br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>><br>
<mailto:<a href="mailto:keycloak-user@lists." target="_blank">keycloak-user@lists.</a>__<a href="http://jboss.org" target="_blank"><u></u>jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>>><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.<br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.>_<u></u>___<a href="http://jboss.org" target="_blank">jboss.org</a> <<a href="http://jboss.org" target="_blank">http://jboss.org</a>><br>
<mailto:<a href="mailto:keycloak-user@lists." target="_blank">keycloak-user@lists.</a>__<a href="http://jboss.org" target="_blank"><u></u>jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>>>><br></span>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>>.<br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>>.><u></u>______<a href="http://jboss.org" target="_blank">jboss.org</a><br>
<<a href="http://jboss.org" target="_blank">http://jboss.org</a>> <<a href="http://jboss.org" target="_blank">http://jboss.org</a>><span class=""><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.<br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.>_<u></u>___<a href="http://jboss.org" target="_blank">jboss.org</a> <<a href="http://jboss.org" target="_blank">http://jboss.org</a>><br>
<mailto:<a href="mailto:keycloak-user@lists." target="_blank">keycloak-user@lists.</a>__<a href="http://jboss.org" target="_blank"><u></u>jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>>>>><br>
><br></span>
<a href="https://lists.jboss.org/______mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/______<u></u>mailman/listinfo/keycloak-user</a><br>
<<a href="https://lists.jboss.org/____mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/____<u></u>mailman/listinfo/keycloak-user</a><u></u>><br>
<br>
<<a href="https://lists.jboss.org/____mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/____<u></u>mailman/listinfo/keycloak-user</a><br>
<<a href="https://lists.jboss.org/__mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/__<u></u>mailman/listinfo/keycloak-user</a><u></u>>__><span class=""><br>
<br>
<br>
<<a href="https://lists.jboss.org/____mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/____<u></u>mailman/listinfo/keycloak-user</a><br>
<<a href="https://lists.jboss.org/__mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/__<u></u>mailman/listinfo/keycloak-user</a><u></u>><br>
<br>
<<a href="https://lists.jboss.org/__mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/__<u></u>mailman/listinfo/keycloak-user</a><br></span>
<<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-user</a><u></u>>__>__><span class=""><br>
><br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
<br></span>
______________________________<u></u>_______________________<span class=""><br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>><br>
<mailto:<a href="mailto:keycloak-user@lists." target="_blank">keycloak-user@lists.</a>__<a href="http://jboss.org" target="_blank"><u></u>jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>>><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.<br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.>_<u></u>___<a href="http://jboss.org" target="_blank">jboss.org</a> <<a href="http://jboss.org" target="_blank">http://jboss.org</a>><br>
<mailto:<a href="mailto:keycloak-user@lists." target="_blank">keycloak-user@lists.</a>__<a href="http://jboss.org" target="_blank"><u></u>jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>>>><br></span>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>>.<br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>>.><u></u>______<a href="http://jboss.org" target="_blank">jboss.org</a><br>
<<a href="http://jboss.org" target="_blank">http://jboss.org</a>> <<a href="http://jboss.org" target="_blank">http://jboss.org</a>><span class=""><br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.<br>
<mailto:<a href="mailto:keycloak-user@lists" target="_blank">keycloak-user@lists</a>.>_<u></u>___<a href="http://jboss.org" target="_blank">jboss.org</a> <<a href="http://jboss.org" target="_blank">http://jboss.org</a>><br>
<mailto:<a href="mailto:keycloak-user@lists." target="_blank">keycloak-user@lists.</a>__<a href="http://jboss.org" target="_blank"><u></u>jboss.org</a><br>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.<u></u>jboss.org</a>>>>><br></span>
<a href="https://lists.jboss.org/______mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/______<u></u>mailman/listinfo/keycloak-user</a><br>
<<a href="https://lists.jboss.org/____mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/____<u></u>mailman/listinfo/keycloak-user</a><u></u>><br>
<br>
<<a href="https://lists.jboss.org/____mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/____<u></u>mailman/listinfo/keycloak-user</a><br>
<<a href="https://lists.jboss.org/__mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/__<u></u>mailman/listinfo/keycloak-user</a><u></u>>__><span class=""><br>
<br>
<br>
<<a href="https://lists.jboss.org/____mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/____<u></u>mailman/listinfo/keycloak-user</a><br>
<<a href="https://lists.jboss.org/__mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/__<u></u>mailman/listinfo/keycloak-user</a><u></u>><br>
<br>
<<a href="https://lists.jboss.org/__mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/__<u></u>mailman/listinfo/keycloak-user</a><br></span>
<<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/<u></u>mailman/listinfo/keycloak-user</a><u></u>>__>__><span class=""><br>
<br>
<br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
<br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
<br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
<br>
<br>
<br>
</span></blockquote><div class="HOEnZb"><div class="h5">
<br>
-- <br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
</div></div></blockquote></div><br></div>