I don't know what the SOAP consumer will be. What I was thinking is to create a
request interceptor where I can get user credentials from SOAP Header.
Then I need access to the realm to authenticate user, get roles and do authorization.
Thanks‼
-----------------
-----Original Message-----
From: Pedro Igor Silva [mailto:psilva@redhat.com]
Sent: Wednesday, February 18, 2015 9:36 AM
To: Ryvlin, Andrey
Cc: Bill Burke; keycloak-dev(a)lists.jboss.org
Subject: Re: SOAP security with Keycloak
If your application (eg.: client consuming your SOAP layer) is using our adapters, you can
obtain the token from either typecasting the user Principal to KeycloakPrincipal and
navigating to the KeycloakSecurityContext interface. The KeycloakSecurityContext
interface is also available within the HttpServletRequest attribute
KeycloakSecurityContext session = (KeycloakSecurityContext)
request.getAttribute(KeycloakSecurityContext.class.getName());
----- Original Message -----
From: "Andrey Ryvlin" <aryvlin(a)morphotrust.com>
To: "Bill Burke" <bburke(a)redhat.com>, "Pedro Igor Silva"
<psilva(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Wednesday, February 18, 2015 1:06:23 PM
Subject: RE: SOAP security with Keycloak
That'll work,
and what's endpoint to obtain token?
Thanks!!
-----Original Message-----
From: Bill Burke [mailto:bburke@redhat.com]
Sent: Wednesday, February 18, 2015 9:03 AM
To: Pedro Igor Silva; Ryvlin, Andrey
Cc: keycloak-dev(a)lists.jboss.org
Subject: Re: SOAP security with Keycloak
For plain Java org.keycloak.RSATokenVerifier.verifyToken API works too.
On 2/18/2015 9:41 AM, Pedro Igor Silva wrote:
There is a
/auth/realms/{realm}/protocol/openid-connect/validate?access_token={yo
ur_token}
endpoint. You can try it out.
However, I can not see it in Admin Client. I think we should add this endpoint there.
----- Original Message -----
From: "Andrey Ryvlin" <aryvlin(a)morphotrust.com>
To: "Pedro Igor Silva" <psilva(a)redhat.com>, "Bill Burke"
<bburke(a)redhat.com>
Cc: keycloak-dev(a)lists.jboss.org
Sent: Wednesday, February 18, 2015 12:24:32 PM
Subject: RE: SOAP security with Keycloak
What Keycloak API can use to do login programmatically and validate token? Do you have
any examples?
Thanks‼
-----------------
-----Original Message-----
From: keycloak-dev-bounces(a)lists.jboss.org
[mailto:keycloak-dev-bounces@lists.jboss.org] On Behalf Of Pedro Igor
Silva
Sent: Wednesday, February 18, 2015 6:09 AM
To: Bill Burke
Cc: keycloak-dev(a)lists.jboss.org
Subject: Re: [keycloak-dev] SOAP security with Keycloak
As Bill said, there is no OOTB support for SOAP security.
However, I think you can use WS-Security to communicate tokens to your services and have
some JAX-WS handler or something that knows how to validate this token and create a
security context for the user before actually invoking your services.
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Monday, February 16, 2015 2:24:01 PM
Subject: Re: [keycloak-dev] SOAP security with Keycloak
We don't have anything yet. It will probably be awhile unless the community helps
out. You might be able to use it like you would any other REST service. SOAP still is
sent over HTTP...I guess it depends on your SOAP stack.
On 2/16/2015 11:13 AM, Ryvlin, Andrey wrote:
> Hi,
>
> I am evaluating Keycloak server for my project and securing REST APIs
> and Web applications was very easy.
>
> Now I have a task to secure some SOAP endpoints
>
> Is it possible to do it with Keycloak? If so, what’s the best practice?
>
> Thanks‼
>
> -----------------
>
> Andrey Ryvlin
>
> Principal Software Engineer
>
> Phone: 952-979-8492
>
> 5705 W Old Shakopee Road, Suite 100
>
> Bloomington, MN 55437 USA
>
> ARyvlin(a)MorphoTrust.com <mailto:ARyvlin@MorphoTrust.com>
>
>
www.MorphoTrust.com <
http://www.morphotrust.com/>
>
> cid:image003.jpg@01CFF75A.60542BC0
>
>
> ---------------------------------------------------------------------
> -
> --
>
> This message is only for the use of the intended recipient and may
> contain information that is CONFIDENTIAL and PROPRIETARY to
> MorphoTrust USA, Inc. If you are not the intended recipient, please
> erase all copies of the message and its attachments and notify the sender
immediately.
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
________________________________
This message is only for the use of the intended recipient and may contain information
that is CONFIDENTIAL and PROPRIETARY to MorphoTrust USA, Inc. If you are not the intended
recipient, please erase all copies of the message and its attachments and notify the
sender immediately.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com