The user docs
(http://keycloak.github.io/docs/userguide/keycloak-server/html/Overview.html#d4e54)
describe exactly what I'm looking for:
Signed access tokens can also be propagated by
REST client requests within an Authorization header.
This is great for distributed integration as applications can
request a login from a client to obtain an access token, then
invoke any aggregated REST invocations to other services using
that access token.
I have a web app (in Tomcat) that uses the Keycloak adapter for user
authentication.
This web app needs to access a REST service, running in a different
Tomcat container and I want the REST service to use the same user
authentication, but I'm not totally sure about how to go about this.
Do I just grab the keycloak token in the header in the web app and
add that as a header when calling the REST service, and set the REST
service up to use the same Keycloak adapter configuration as the web
app?
What if I want to have other ways to authenticate the REST service
(e.g. access from multiple clients)?
Tim