Re: [keycloak-user] Client options for authenticating against Keycloak-secured services
----- Original Message -----
From: "Guy Davis" <guydavis.ca(a)gmail.com>
To: keycloak-user(a)lists.jboss.org
Sent: Monday, 2 March, 2015 11:38:43 PM
Subject: [keycloak-user] Client options for authenticating against Keycloak-secured
services
Good day,
I'm hoping to summarize the methods for a client Java program to authenticate
against a Keycloak-secured service endpoint. Please correct any
misunderstandings I have in the summary below:
1. Client program can issue a KC REST API call to get a token and then
use it as "Authorization" header of type "Bearer" as per example
2. Client program (such as Apache HttpClient lib) can use Basic
Authorization if KC secured-deployment has been configured to allow.
3. Client program can negotiate a SAML v2.0 SP-initiated SSO session
directly against KC if the service is so configured.
4. Client program can negotiate a OpenID Connect SSO session directly
against KC if the service is so configured.
I have working Java examples now for #1 and #2, but was wondering if there
were any Java examples of #3 and #4. Is my understanding of the
authentication options for clients correct?
1 is a good option and it's just oauth resource owner password credentials. If
possible embedding a webview (or using external browser to login) and using the standard
login flow is a good option as well.
I'm not sure what you mean about 3 and 4. Both SAML and OpenID Connect are web based
flows.
By the way, I am greatly impressed by the progress being made on the master
branch around Kerberos/SPNEGO and Identity Brokering. Kudos to the team.
Thanks in advance,
Guy
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user