Re: [Apiman-user] Forwarding HTTP requests to service implementations secured by OAuth

Hi Marc, That is correct. Regards, Ton 2015-11-18 16:02 GMT+01:00 Marc Savy <marc.savy(a)redhat.com <mailto:marc.savy@redhat.com>>: Hi Ton, Just to clarify. From what I understand, you're trying to secure communications between the apiman gateway and back-end service using OAuth2/OpenID Connect? I.e. You are *not* OAuth2 simply between the client to the apiman gateway. Regards, Marc On 18/11/2015 14:34, Ton Swieb wrote: Hi, I am using Apiman 1.1.8.Final and I want to use a backend service in Apiman which is secured by OAuth. So instead of securing the Apiman side of the service, using the Keycloak OAuth plugin, Apiman needs forward calls to a service implementation that is secured by OAuth. I have got an OAuth token with a very long time to live (days/weeks/months) which I can use. Currently I only see the option to configure BASIC Authentication or MTLS/Two-Way-SSL on the service implementation. Would it be possible to add the HTTP Simple Header policy to the service and set the Authorization header with "Bearer........." or will that be stripped off by Apiman when forwarding the call to the backend service? Kind regards, Ton _______________________________________________ Apiman-user mailing list Apiman-user(a)lists.jboss.org <mailto:Apiman-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/apiman-user