Jeanette, I was able to get it working for both javascript and iOS clients. I'm doing both client id/secret and username/password based OAuth2. If that's what you are looking for, please email me privately and I'll send along info about how I got it working. Joel Schuster Guest Team Member 719-445-8789 joel.schuster@davita.com<mailto:joel.schuster@davita.com> From: apiman-user-bounces(a)lists.jboss.org [mailto:apiman-user-bounces@lists.jboss.org] On Behalf Of Cabardo, Jeanette Sent: Monday, March 21, 2016 8:10 AM To: apiman-user(a)lists.jboss.org Subject: [Apiman-user] Securing back-end API endpoints with keycloak renders apis inaccessible via Apiman WARNING: This email originated outside of DaVita. DO NOT CLICK links or attachments unless you recognize the sender and know the content is safe. Hi. Not sure if there are already posting similar to the issue I'm having (or maybe the feature may not be in place yet). My requirement is to secure the back-end API endpoints with keycloak. It was a bit of a pain because the apis were developed in node.js and there was really not a whole lot of examples or library on how to accomplish this. Anyway, I think I was finally able to do this, however, once I had put the protection in place, the endpoints stopped working in Apiman. I'm not quite sure how to forward the credentials to allow it to access the endpoints. I think the closest posting I found that may be similar to what I need is: http://lists.jboss.org/pipermail/apiman-user/2015-March/000030.html I guess what I wanted to find out is whether or not what I'm trying to do is possible at this time as I have researching and trying to search for more info on how to accomplish this and haven't had any luck doing so. I appreciate any help you can extend. Thanks in advance. Jeanette Notice: This e-mail message, together with any attachments, contains information of Merck & Co., Inc. (2000 Galloping Hill Road, Kenilworth, New Jersey, USA 07033), and/or its affiliates Direct contact information for affiliates is available at http://www.merck.com/contact/contacts.html) that may be confidential, proprietary copyrighted and/or legally privileged. It is intended solely for the use of the individual or entity named on this message. If you are not the intended recipient, and have received this message in error, please notify us immediately by reply e-mail and then delete it from your system. CONFIDENTIALITY NOTICE: THIS MESSAGE IS CONFIDENTIAL, INTENDED FOR THE NAMED RECIPIENT(S) AND MAY CONTAIN INFORMATION THAT IS (I) PROPRIETARY TO THE SENDER, AND/OR, (II) PRIVILEGED, CONFIDENTIAL, AND/OR OTHERWISE EXEMPT FROM DISCLOSURE UNDER APPLICABLE STATE AND FEDERAL LAW, INCLUDING, BUT NOT LIMITED TO, PRIVACY STANDARDS IMPOSED PURSUANT TO THE FEDERAL HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 ("HIPAA"). IF YOU ARE NOT THE INTENDED RECIPIENT, OR THE EMPLOYEE OR AGENT RESPONSIBLE FOR DELIVERING THE MESSAGE TO THE INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY DISSEMINATION, DISTRIBUTION OR COPYING OF THIS COMMUNICATION IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS TRANSMISSION IN ERROR, PLEASE (I) NOTIFY US IMMEDIATELY BY REPLY E-MAIL OR BY TELEPHONE AT (855.472.9822), (II) REMOVE IT FROM YOUR SYSTEM, AND (III) DESTROY THE ORIGINAL TRANSMISSION AND ITS ATTACHMENTS WITHOUT READING OR SAVING THEM. THANK YOU. -DaVita Healthcare Partners Inc.-