<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 1 January 2016 at 11:52, Tim Dudgeon <span dir="ltr"><<a href="mailto:tdudgeon.ml@gmail.com" target="_blank">tdudgeon.ml@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
The user docs
(<a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/Overview.html#d4e54" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/Overview.html#d4e54</a>)
describe exactly what I'm looking for: <br>
<blockquote type="cite">
<span style="color:rgb(51,51,51);font-family:'Lucida Grande',Geneva,Verdana,Arial,sans-serif;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:18px;text-align:justify;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important">Signed access tokens can also be propagated by
REST client requests within an<span> </span></span><code style="font-size:0.9em;font-family:courrier,monospace;white-space:nowrap;color:rgb(51,51,51);font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:18px;text-align:justify;text-indent:0px;text-transform:none;word-spacing:0px">Authorization</code><span style="color:rgb(51,51,51);font-family:'Lucida Grande',Geneva,Verdana,Arial,sans-serif;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:18px;text-align:justify;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important"><span> </span>header.
This is great for distributed integration as applications can
request a login from a client to obtain an access token, then
invoke any aggregated REST invocations to other services using
that access token.</span></blockquote>
I have a web app (in Tomcat) that uses the Keycloak adapter for user
authentication.<br>
This web app needs to access a REST service, running in a different
Tomcat container and I want the REST service to use the same user
authentication, but I'm not totally sure about how to go about this.<br>
Do I just grab the keycloak token in the header in the web app and
add that as a header when calling the REST service, and set the REST
service up to use the same Keycloak adapter configuration as the web
app?<br></div></blockquote><div><br></div><div>You could or you can get the token from the adapter. Take a look at:</div><div><br></div><div><a href="https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L48">https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L48</a><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">
<br>
What if I want to have other ways to authenticate the REST service
(e.g. access from multiple clients)?</div></blockquote><div><br></div><div>Not sure what you mean about this</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><span class=""><font color="#888888"><br>
<br>
Tim<br>
<br>
<br>
<br>
<br>
</font></span></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div></div>