Re: [keycloak-user] Application to applications using bearer token

From: "Scott Rossillo" <srossillo(a)smartling.com&gt; To: "Marek Posolda" <mposolda(a)redhat.com&gt; Cc: keycloak-user(a)lists.jboss.org Sent: Wednesday, April 15, 2015 6:34:52 PM Subject: Re: [keycloak-user] Application to applications using bearer token Thanks Marek, I will try again. I did get it working by setting the service to “bearer-only” but there was one bug with the keycloak.json generated by Keycloak 1.2.0.Beta1. It’s missing the "auth-server-url”. I get: 12:32:58.269 [http-nio-2080-exec-1] ERROR o.k.a.BearerTokenRequestAuthenticator - Failed to verify token org.keycloak.VerificationException: Realm URL is null. Make sure to add auth-server-url to the configuration of your adapter! After adding "auth-server-url” to the keycloak.json file, it works. I’ll set app back to confidential and I will keep testing.

Thanks, Scott On Wed, Apr 15, 2015 at 12:29 PM, Marek Posolda < mposolda(a)redhat.com > wrote: That's quite strange. It should already be possible to authenticate against confidential applications with bearer-token. For example if you switch demo database-service as "confidential" instead of "bearer-only", it should be still possible to authenticate to it with the bearer access token sent from customer-portal. You can try it and see if it works. If demo works for you, but your applications don't, it's probably some configuration problem on your side. Marek On 15.4.2015 17:44, Scott Rossillo wrote: Actually, I wanted to clarify one thing: In the demos the database-service is set up as bearer-only. Maybe that’s the problem I’m having. I have the dependent service set as confidential. But shouldn’t this be supported? What if the service provides both user facing features and APIs that can be accessed with bearer tokens? Thanks again, Scott On Wed, Apr 15, 2015 at 11:41 AM, Scott Rossillo < srossillo(a)smartling.com > wrote: In the demos, there’s a clear example of how a user is authenticated against an application, say the customer-portal, and then the customer-portal requests information from the database-service using the access token as a bearer token. In this example, the database-service accepts the bearer token and returns data. However, using the Keycloak Adapters and attempting to do the same thing, the authentication is rejected. Any idea what may be causing this? Thanks, Scott _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user