Re: [keycloak-user] How Basic Authentication is implemented for Java adapters?

We use SpringSecurity adapter ________________________________ From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org&gt; on behalf of Michael Furman <michael_furman(a)hotmail.com&gt; Sent: Wednesday, December 14, 2016 8:59 AM To: keycloak-user(a)lists.jboss.org Subject: [keycloak-user] How Basic Authentication is implemented for Java adapters? Hi, We need to implement authentication for our REST APIs. The issue is not simple since same APIs used for UI and for the CLI clients. CLI clients access REST API using Basic Authentication. For UI we want to access REST APIs after OIDC authentication. Therefore we need to achieve the following: * If a request comes without any authentication the server should respond with HTTP 401. * If a request comes with the Basic Authentication header it is authenticated. * If a request comes with Keycloak cookies it is authenticated (and HTTP 401 is not appear). Is it possible to do it? I will happy to clarify how Basic Authentication is implemented for Keycloak Java adapters. I found the enable-basic-auth configuration here: https://keycloak.gitbooks.io/securing-client-applications-guide/content/t... Questions: 1. Will Keycloak Java adapter prompt with HTTP 401 if a request without any authentication? (we can not allow OIDC redirection in this case) 2. What happens a request comes with Basic Authentication header it is authenticated? How Keycloak Java adapter validates the user name and password? 3. What happens a request comes with Keycloak cookies? Best regards, Michael _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user