<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 05/01/2016 07:36, Stian Thorgersen wrote:<br>
<blockquote
cite="mid:CAJgngAdzntPwkuQOC=gYsX1=BM_Q2jiY+EHWOOhYmRxcKiUz4w@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 1 January 2016 at 11:52, Tim
Dudgeon <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:tdudgeon.ml@gmail.com" target="_blank">tdudgeon.ml@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> The user docs (<a
moz-do-not-send="true"
href="http://keycloak.github.io/docs/userguide/keycloak-server/html/Overview.html#d4e54"
target="_blank"><a class="moz-txt-link-freetext" href="http://keycloak.github.io/docs/userguide/keycloak-server/html/Overview.html#d4e54">http://keycloak.github.io/docs/userguide/keycloak-server/html/Overview.html#d4e54</a></a>)
describe exactly what I'm looking for: <br>
<blockquote type="cite"> <span
style="color:rgb(51,51,51);font-family:'Lucida
Grande',Geneva,Verdana,Arial,sans-serif;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:18px;text-align:justify;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important">Signed
access tokens can also be propagated by REST client
requests within an<span> </span></span><code
style="font-size:0.9em;font-family:courrier,monospace;white-space:nowrap;color:rgb(51,51,51);font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:18px;text-align:justify;text-indent:0px;text-transform:none;word-spacing:0px">Authorization</code><span
style="color:rgb(51,51,51);font-family:'Lucida
Grande',Geneva,Verdana,Arial,sans-serif;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:18px;text-align:justify;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important"><span> </span>header.
This is great for distributed integration as
applications can request a login from a client to
obtain an access token, then invoke any aggregated
REST invocations to other services using that access
token.</span></blockquote>
I have a web app (in Tomcat) that uses the Keycloak
adapter for user authentication.<br>
This web app needs to access a REST service, running in
a different Tomcat container and I want the REST
service to use the same user authentication, but I'm not
totally sure about how to go about this.<br>
Do I just grab the keycloak token in the header in the
web app and add that as a header when calling the REST
service, and set the REST service up to use the same
Keycloak adapter configuration as the web app?<br>
</div>
</blockquote>
<div><br>
</div>
<div>You could or you can get the token from the adapter.
Take a look at:</div>
<div><br>
</div>
<div><a moz-do-not-send="true"
href="https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L48">https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L48</a><br>
</div>
</div>
</div>
</div>
</blockquote>
Thanks. That's useful.<br>
<br>
<blockquote
cite="mid:CAJgngAdzntPwkuQOC=gYsX1=BM_Q2jiY+EHWOOhYmRxcKiUz4w@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <br>
What if I want to have other ways to authenticate the
REST service (e.g. access from multiple clients)?</div>
</blockquote>
<div><br>
</div>
<div>Not sure what you mean about this</div>
</div>
</div>
</div>
</blockquote>
<br>
For example, lets assume we have 2 apps, authenticating against the
same Keycloak realm, but as separate clients.<br>
Both hit the same REST service and pass through their token to that
service.<br>
How is the REST service to authenticate the requests?<br>
All it really needs to to is check that the tokens are valid and
come from the expected (keycloak) source, even though the tokens
were generated for different clients.<br>
Is there an adapter that handles this?<br>
<br>
Tim<br>
<blockquote
cite="mid:CAJgngAdzntPwkuQOC=gYsX1=BM_Q2jiY+EHWOOhYmRxcKiUz4w@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span class=""><font
color="#888888"><br>
<br>
Tim<br>
<br>
<br>
<br>
<br>
</font></span></div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
<br>
</body>
</html>