<div dir="ltr"><div><div><div><div><div><div><div>Hi There,<br><br></div>i try to use Keycloak to authenticate an EJB Remote Client Call.<br></div><br></div>Setup: <br></div>I have a working Keycloak Setup for my WebClients. <br></div>I add to my application server standalone.xml an additional security domain:<br><br>                &lt;security-domain name=&quot;keycloakjaas&quot; cache-type=&quot;default&quot;&gt;<br>                    &lt;authentication&gt;<br>                        &lt;login-module code=&quot;org.keycloak.adapters.jaas.DirectAccessGrantsLoginModule&quot; flag=&quot;required&quot;&gt;<br>                            &lt;module-option name=&quot;keycloak-config-file&quot; value=&quot;E:\Software\ApplicationServer\wildfly-10.0.0.Final\standalone\configuration\keycloak-sso1.json&quot;/&gt;<br>                        &lt;/login-module&gt;<br>                    &lt;/authentication&gt;<br>                &lt;/security-domain&gt;<br><br><br></div>and configure my ejb sub-system<br>        &lt;subsystem xmlns=&quot;urn:jboss:domain:ejb3:4.0&quot;&gt;<br>      ....<br>            &lt;default-security-domain value=&quot;keycloakjaas&quot;/&gt;<br>        &lt;/subsystem&gt;<br><br><br></div><div>My Test Connection:<br>        prop.put(Context.INITIAL_CONTEXT_FACTORY, &quot;org.jboss.naming.remote.client.InitialContextFactory&quot;);<br>        prop.put(Context.PROVIDER_URL, &quot;http-remoting://localhost:8080&quot;);<br>        prop.put(&quot;jboss.naming.client.ejb.context&quot;, true);<br>        prop.put(Context.SECURITY_PRINCIPAL, &quot;admin-user&quot;);<br>        prop.put(Context.SECURITY_CREDENTIALS, &quot;123&quot;);<br><br></div><div>fails with: &quot;Invalid User&quot; <br><br></div><div>In Keycloak Server i see the failed login:<br>Errorinvalid_user_credentials
                        
                            <br>
                            
                                
                                
                                    
                                        auth_method
                                        openid-connect
                                    
                                        grant_type
                                        password
                                    
                                        client_auth_method
                                        client-secret
                                    
                                        username
                                        admin-user<br><br>&quot;Direct Access Grants&quot; is enabeld for that application.<br><br></div><div>Somebody any idea? Or is my setup totally wrong?<br></div><div>How whould i use KeyCloak for remote EJB calls?<br></div><div><br></div><div>Thanks a lot<br></div>Chris</div>