Eap 6.x, it would be nice if i could generalize to any war deployed to to tomcat or jetty. 

Thanks
Sam

On Sep 5, 2014 11:51 AM, "Bill Burke" <bburke@redhat.com> wrote:
Wildfly or JBoss EAP 6.x or JBoss AS 7.1?


On 9/5/2014 11:49 AM, Red Samh wrote:
Bill,

Thanks for the reply.

Yes it works when I have to call REST to another REST service and any
number of hops. The problem is calling a full  fledged application from
a REST service that I have the issue. When it is an application that is
both Web App + REST and I add the authorization header (bearer) I get an
unauthorized 401 (blackbox in the attachment).

Thanks
Sam


On Fri, Sep 5, 2014 at 11:42 AM, Bill Burke <bburke@redhat.com
<mailto:bburke@redhat.com>> wrote:

    Should work.  You'll have to actually describe what your problem is or I
    can't help you.  I'll take a guess though:

    Keycloak doesn't propagate the Authorization bearer token header
    automatically when you have multiple REST "hops" between multiple
    servers  You'll have to obtain the access token and set up the HTTP
    header manually.  The demo customer-portal example in the distro does
    exactly this, so take a look at that for more details.

    On 9/5/2014 10:58 AM, Red Samh wrote:
     > Hello,
     >
     > We have an application that is protected using Keycloak and a
    user can
     > access this application through a web front. After login the user can
     > use the functionality of the application. The application is also
     > exposed through REST API's and is protected via keycloak as part
    of the
     > application and accessible only after login into the main
    application.
     >
     > We have a
     >
     > (Step 1) Javascript application (retrieving data from) ->
     >
     > (Step 2) Business Application exposed as REST API (REST API has
    to make
     > calls to backend Application mentioned above) ->
     >
     > (Step 3) BackEnd Application Server + REST API.
     >
     > Directly accessing the BackEnd Application Server works fine but
    when we
     > need to call the REST API from another REST service which is
     > authenticated via Keycloak we have issues.
     >
     > We used the existing sample to try and do a POC but not sure what
    is the
     > best approach to solve this issue. The part from (Step 1) to (Step 2)
     > works and the REST API is protected using BEARER token. The (Step
    2) to
     > (Step 3) is a problem as in (Step 2) we only have the BEARER
    token and
     > the BackEnd Application is protected using the full keycloak
     > configuration. So The BackEnd Application service is not
    authenticating
     > by sending in only the BEARER token in the header which is a full
     > keycloak installation (work as only a web service).
     >
     > Thanks
     > Sam
     >
     >
     > _______________________________________________
     > keycloak-user mailing list
     > keycloak-user@lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
     > https://lists.jboss.org/mailman/listinfo/keycloak-user
     >

    --
    Bill Burke
    JBoss, a division of Red Hat
    http://bill.burkecentral.com
    _______________________________________________
    keycloak-user mailing list
    keycloak-user@lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
    https://lists.jboss.org/mailman/listinfo/keycloak-user



--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com