Re: [keycloak-user] Recommendations for protecting REST service with bearer token and basic auth

Friday, 7 November 2014

If you are using Keycloak, I don't understand why you would want to do 
basic auth.

Eventually I'm going to write a JAAS plugin for simple username/password 
with Keycloak, but I have other stuff in my queue at the moment.  For 
your application, you'd have to write something that obtained a admin 
token and verified username password and downloaded role mappings.

On 11/7/2014 9:16 AM, Gary Brown wrote:
...
 Hi

 I've just started looking at KeyCloak to use with the Overlord governance projects.

 I have tried the examples, and see how we could leverage KeyCloak to protect the UI apps
and the backend REST services they use. However we also need to provide the REST services
as independent services using basic auth - but would like the basic auth to be performed
against the users managed by KeyCloak.

 Is there any recommendations on how this can be achieved?

 Do we need to provide our own filter - is there any example code to do this?

 Is it possible to do something via the KeyCloak subsystem configuration approach, in case
we wanted to secure the REST service without modifying the war?

 Thanks in advance.

 Regards
 Gary
 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] Recommendations for protecting REST service with bearer token and basic auth