<div dir="ltr">Thanks Marek,<div><br></div><div>I will try again. I did get it working by setting the service to “bearer-only” but there was one bug with the keycloak.json generated by Keycloak 1.2.0.Beta1. It’s missing the "auth-server-url”.</div><div><br></div><div>I get:</div><div><div>12:32:58.269 [http-nio-2080-exec-1] ERROR o.k.a.BearerTokenRequestAuthenticator - Failed to verify token</div><div>org.keycloak.VerificationException: Realm URL is null. Make sure to add auth-server-url to the configuration of your adapter!</div></div><div><br></div><div>After adding "auth-server-url” to the keycloak.json file, it works.</div><div><br></div><div>I’ll set app back to confidential and I will keep testing.</div><div><br></div><div>Thanks,</div><div>Scott</div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Apr 15, 2015 at 12:29 PM, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>That's quite strange. It should already
be possible to authenticate against confidential applications with
bearer-token. For example if you switch demo database-service as
"confidential" instead of "bearer-only", it should be still
possible to authenticate to it with the bearer access token sent
from customer-portal. You can try it and see if it works.<br>
<br>
If demo works for you, but your applications don't, it's probably
some configuration problem on your side.<br>
<br>
Marek<div><div class="h5"><br>
<br>
On 15.4.2015 17:44, Scott Rossillo wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div class="h5">
<div dir="ltr">Actually, I wanted to clarify one thing:
<div><br>
</div>
<div>In the demos the database-service is set up as bearer-only.
Maybe that’s the problem I’m having. I have the dependent
service set as confidential. But shouldn’t this be supported?</div>
<div><br>
</div>
<div>What if the service provides both user facing features and
APIs that can be accessed with bearer tokens?</div>
<div><br>
</div>
<div>Thanks again,</div>
<div>Scott</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Apr 15, 2015 at 11:41 AM, Scott
Rossillo <span dir="ltr"><<a href="mailto:srossillo@smartling.com" target="_blank">srossillo@smartling.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">In the demos, there’s a clear example of how
a user is authenticated against an application, say
the customer-portal, and then the customer-portal requests
information from the database-service using the access
token as a bearer token.
<div><br>
</div>
<div>In this example, the database-service accepts the
bearer token and returns data.</div>
<div><br>
</div>
<div>However, using the Keycloak Adapters and attempting
to do the same thing, the authentication is rejected.
Any idea what may be causing this?</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Scott</div>
</div>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div>