11:41 a.m.
Thanks Geoffrey,
I believe this will solve my problem. However, I tried creating the mapper,
but maybe I missed something cause I am still getting 401 if I login with
front end.
In the attached image, I have shared my config, can you give it a quick
look and confirm this is how it is supposed to be?
Name of my backend client in keycloak JettyApp:
I have created Token claim name as - clientId and value as JettyApp.
[image: image.png]
On Sat, Nov 3, 2018 at 1:36 PM Geoffrey Cleaves <geoff(a)opticks.io> wrote:
Bruce, here's how I fixed the issue you're describing. I
think it's a
unfortunate omission in the docs (which are generally quite good). You need
to include the backend client ID in the front end clients aud claim.
https://bitbucket.org/snippets/gcleaves/5ebB58/sso-keycloak
On Sat, Nov 3, 2018, 01:45 Bruce Wings <testoauth55(a)gmail.com wrote:
> Thanks Eric for the reply.
>
> But If I use a separate public client for my angular app, I am not able to
> access my Rest Api with the generated token, that's why I had to use
> confidential client Json that I used to secure my server. Any idea, what
> is
> the right approach in case of server client architecture?
>
> ( My project contains Rest Apis that I have secured with jetty adapter
> and
> confidential client ( as keycloak Authorization works only for
> confidential
> client and not public clients). My angular app is accessing these rest
> api.
> Therefore I used the same confidential client oidc Json in my angular app
> too. )
>
>
>
> On Friday, November 2, 2018, Eric Boyd Ramirez <eric.ramirez.sv(a)gmail.com
> >
> wrote:
>
> > Hi Bruce,
> > I am fairly new to Keycloak myself, so I am giving my opinion in hopes
> > some else can double check.
> > The JS adapter is designed to work with Public clients, siting on the
> the
> > client side, the idea is that the a user/person would have to enter
> his/her
> > credentials to in order to login.
> >
> > Confidential clients generate an installation JSON or XML configuration
> > object which is meant to be installed on the server side/ Application
> > server. The user accessing this application does not receive this
> > configuration.
> >
> > Hope this helps.
> >
> > > On Nov 2, 2018, at 1:28 AM, Bruce Wings <testoauth55(a)gmail.com>
> wrote:
> > >
> > > I am referring to Keycloak Javascript adapter as mentioned in :
> > > https://www.keycloak.org/docs/4.5/securing_apps/index.html#_
> > javascript_adapter
> > >
> > > I have a confidential client and I have downloaded keycloak-oidc.json
> > > containing client secret. Now I am not sure how secure is it to keep
> this
> > > file containing client-secret at the client side.
> > >
> > > Am I being over concerned?
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user(a)lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
