<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">Is KeycloakConfigResolver coming in 1.6?</div> <br> <div id="bloop_sign_1444224545736465920" class="bloop_sign"><div style="font-family:helvetica,arial;font-size:13px">-- <br>Tair Sabirgaliev</div><div style="font-family:helvetica,arial;font-size:13px">Bee Software, LLP</div></div> <br><p class="airmail_on">On October 6, 2015 at 11:32:44, Stian Thorgersen (<a href="mailto:sthorger@redhat.com">sthorger@redhat.com</a>) wrote:</p> <blockquote type="cite" class="clean_bq"><span><div><div></div><div>
<title></title>
<div dir="ltr">I'm afraid it's not possible at the moment. The only
option now is to have two different clients and either split your
application into two, or you can use the KeycloakConfigResolver to
select the client based on the content type yourself. See the multi
tenancy example for an idea on how to use it.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 2 October 2015 at 18:24, Tair
Sabirgaliev <span dir="ltr"><<a href="mailto:tair.sabirgaliev@bee.kz" target="_blank">tair.sabirgaliev@bee.kz</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Hi,<br>
<br>
Yes, it can be done with nginx, but I still hope this could be
accomplished natively :)<br>
<br>
The general idea is this: <br>
<br>
a) if browser asks for "text/html" => act as confidential/public
client, that is <br>
start keycloak login protocol<br>
<br>
b) if browser asks for "application/json” => act as bearer only
client, and in<br>
case of authorization error, respond with proper 40x status<br>
<br>
This would let me build an ‘isomorphic’ JavaScript application
(<a href="http://isomorphic.net" rel="noreferrer" target="_blank">http://isomorphic.net</a>)<br>
<br>
With keycloak-1.5.0 I see that there is no difference whether I
accept text/html or application/json:<br>
<br>
tair$ curl -v -H 'Accept: text/html' <a href="http://localhost:9080/hello-world/rest/something" rel="noreferrer" target="_blank">http://localhost:9080/hello-world/rest/something</a><br>
* Trying ::1...<br>
* connect to ::1 port 9080 failed: Connection refused<br>
* Trying 127.0.0.1...<br>
* Connected to localhost (127.0.0.1) port 9080 (#0)<br>
> GET /hello-world/rest/something HTTP/1.1<br>
> Host: localhost:9080<br>
> User-Agent: curl/7.43.0<br>
> Accept: text/html<br>
><br>
< HTTP/1.1 302 Found<br>
< Expires: 0<br>
< Cache-Control: no-cache, no-store, must-revalidate<br>
< X-Powered-By: Undertow/1<br>
< Set-Cookie:
OAuth_Token_Request_State=72/c51bad76-7236-486e-aae6-9ec58c725666<br>
< Server: WildFly/9<br>
< Pragma: no-cache<br>
< Location: <a href="http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth?response_type=code&client_id=hello-world-backend&redirect_uri=http%3A%2F%2Flocalhost%3A9080%2Fhello-world%2Frest%2Fsomething&state=72%2Fc51bad76-7236-486e-aae6-9ec58c725666&login=true" rel="noreferrer" target="_blank">http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth?response_type=code&client_id=hello-world-backend&redirect_uri=http%3A%2F%2Flocalhost%3A9080%2Fhello-world%2Frest%2Fsomething&state=72%2Fc51bad76-7236-486e-aae6-9ec58c725666&login=true</a><br>
< Date: Fri, 02 Oct 2015 15:53:32 GMT<br>
< Connection: keep-alive<br>
< Content-Length: 0<br>
<<br>
* Connection #0 to host localhost left intact<br>
<br>
tair$ curl -v -H 'Accept: application/json' <a href="http://localhost:9080/hello-world/rest/something" rel="noreferrer" target="_blank">http://localhost:9080/hello-world/rest/something</a><br>
* Trying 127.0.0.1...<br>
* Connected to localhost (127.0.0.1) port 9080 (#0)<br>
> GET /hello-world/rest/something HTTP/1.1<br>
> Host: localhost:9080<br>
> User-Agent: curl/7.43.0<br>
> Accept: application/json<br>
><br>
< HTTP/1.1 302 Found<br>
< Expires: 0<br>
< Cache-Control: no-cache, no-store, must-revalidate<br>
< X-Powered-By: Undertow/1<br>
< Set-Cookie:
OAuth_Token_Request_State=73/a8f13860-a35c-455a-9963-434c17e00a65<br>
< Server: WildFly/9<br>
< Pragma: no-cache<br>
< Location: <a href="http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth?response_type=code&client_id=hello-world-backend&redirect_uri=http%3A%2F%2Flocalhost%3A9080%2Fhello-world%2Frest%2Fsomething&state=73%2Fa8f13860-a35c-455a-9963-434c17e00a65&login=true" rel="noreferrer" target="_blank">http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth?response_type=code&client_id=hello-world-backend&redirect_uri=http%3A%2F%2Flocalhost%3A9080%2Fhello-world%2Frest%2Fsomething&state=73%2Fa8f13860-a35c-455a-9963-434c17e00a65&login=true</a><br>
< Date: Fri, 02 Oct 2015 15:53:41 GMT<br>
< Connection: keep-alive<br>
< Content-Length: 0<br>
<<br>
* Connection #0 to host localhost left intact<br>
<br>
Any workarounds there?<br>
<span class=""><br>
--<br>
Tair Sabirgaliev<br>
Bee Software, LLP<br>
<br>
<br>
<br></span><span class="">On October 2, 2015 at 20:54:01, Giriraj
Sharma (<a href="mailto:giriraj.sharma27@gmail.com">giriraj.sharma27@gmail.com</a>(mailto:<a href="mailto:giriraj.sharma27@gmail.com">giriraj.sharma27@gmail.com</a>))
wrote:<br>
<br>
> Hi,<br>
><br>
> One possible way is to put nginx as a reverse proxy in between
browser and Keycloak server instance. You can dig around using
$content_type embedded variable of nginx ngx_http_core_module or
may be nginx_rewrite module and a simple tweak (may be an if
statement in nginx server/location block config) will help you in
achieving the required. Based on the value of content-type header,
you can proxy-pass the requests to a different upstream server via
nginx.<br>
><br>
> Cheers,<br>
><br>
><br></span><span class="">> On Fri, Oct 2, 2015 at 2:19
PM, Tair Sabirgaliev wrote:<br>
> ><br>
> > Hi,<br>
> ><br>
> > Is it possible to setup login redirection only for
certain content types?<br>
> > I want to redirect only when the browser asks for
text/html. For other types<br>
> > either 40x or Authorization challenge.<br>
> ><br>
> > --<br>
> > Tair Sabirgaliev<br>
> > Bee Software, LLP<br>
> ><br>
> ><br>
> ><br>
> > _______________________________________________<br>
> > keycloak-user mailing list<br></span>> > <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>(mailto:<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>)<br>
<span class="im HOEnZb">> > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
> --<br>
><br>
> Giriraj Sharma<br>
> <a href="http://about.me/girirajsharma" rel="noreferrer" target="_blank">about.me/girirajsharma</a><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br></span><span class="im HOEnZb">> Giriraj Sharma,<br>
> Department of Computer Science<br>
> National Institute of Technology Hamirpur<br>
> Himachal Pradesh, India 177005<br>
<br>
<br></span>
<div class="HOEnZb">
<div class="h5">
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></div>
</div>
</blockquote>
</div>
<br></div>
</div></div></span></blockquote></body></html>