[keycloak-user] propagating authentication to REST layer
The user docs
(http://keycloak.github.io/docs/userguide/keycloak-server/html/Overview.ht...)
describe exactly what I'm looking for:
Signed access tokens can also be propagated by REST client requests
within an|Authorization|header. This is great for distributed
integration as applications can request a login from a client to
obtain an access token, then invoke any aggregated REST invocations to
other services using that access token.
I have a web app (in Tomcat) that uses the
Keycloak adapter for user
authentication.
This web app needs to access a REST service, running in a different
Tomcat container and I want the REST service to use the same user
authentication, but I'm not totally sure about how to go about this.
Do I just grab the keycloak token in the header in the web app and add
that as a header when calling the REST service, and set the REST service
up to use the same Keycloak adapter configuration as the web app?
What if I want to have other ways to authenticate the REST service (e.g.
access from multiple clients)?
Tim
Attachments:
- attachment.html (text/html — 3.1 KB)