Have a look at basic-auth example, it's included in the examples dl.
----- Original Message -----
From: "John Casey" <jdcasey(a)commonjava.org>
To: "Bill Burke" <bburke(a)redhat.com>, keycloak-user(a)lists.jboss.org
Sent: Tuesday, 14 July, 2015 9:23:46 PM
Subject: Re: [keycloak-user] help with bearer + basic auth
Well, when I use "enable-basic-auth" this works fine:
$ curl -u test -i
http://localhost:8081/api/admin/remote
Enter host password for user 'test':
HTTP/1.1 200 OK
...
However, that configuration causes the UI use a 'code' query param and
encounter 400 responses. In the keycloak server output I see:
19:19:07,524 WARN [org.keycloak.events] (default task-7)
type=REFRESH_TOKEN_ERROR, realmId=master,
clientId=security-admin-console, userId=null, ipAddress=127.0.0.1,
error=invalid_token
I'm looking through the code keycloak uses to supply an authentication
mechanism to undertow now, to hopefully come with a way to handle basic
auth...maybe through a wrapper auth mech around keycloak?
Do you have any samples / hints I might be able to follow? I'll admit,
this is the first time I've had to look this closely at servlet/web auth
mechanisms.
On 07/14/2015 11:16 AM, Bill Burke wrote:
> IIRC, the basic auth switch is so that you can send the token via basic
> auth rather than as bearer auth. This is really only useful when you
> can't use a keycloak adapter, but can implement a LoginModule or
> something. It has nothing to do with basic auth.
>
> On 7/14/2015 12:04 PM, John Casey wrote:
>> On 07/14/2015 10:49 AM, Juraci Paixão Kröhling wrote:
>>> On 07/14/2015 05:32 PM, John Casey wrote:
>>>> ...but it doesn't seem to have a javascript UI or anything using
bearer
>>>> tokens to verify that it works that way.
>>>
>>> Not sure I understood your question, but removing the
"bearer-only" and
>>> adding "enable-basic-auth" should be enough to have your server
adapter
>>> to accept both bearer tokens and basic auth.
>>>
>>
>> This is exactly what I'm trying to do. I've tried removing
"bearer-only"
>> and replaced it with "enable-basic-auth"...which has two effects:
>>
>> - basic auth via curl works (it didn't before the change)
>>
>> - the UI (using javascript adapter + bearer token) gets 400 Bad Request
>>
>>
>> Are you using the javascript adapter to login for your UI, passing the
>> bearer token to the server? I guess what I'm asking is if your
>> application actually uses both methods (basic auth and bearer token)?
>>
>> I'm not sure how to filter my realm json to pare out the unnecessary
>> stuff, but here's a gist containing the full file (it's on a test
docker
>> container, so no worries about security):
>>
>>
https://gist.github.com/jdcasey/3f934fcd4967b99ebb05
>>
>
--
John Casey
---
GitHub:
https://github.com/jdcasey/
Twitter:
http://twitter.com/buildchimp
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user