You need to do the redirect based authentication and not use direct grant
if you want an SSO session.
Why are you not just using the registration form on the Keycloak server? It
can be changed to match exactly what you need?
On 10 October 2016 at 15:30, Chris Savory <chris.savory(a)edlogics.com> wrote:
I actually had a similar question for our register user workflow. We
are
registering users on our site using our own custom registration form; in
this flow we use the Admin client to create the user in keycloak. Since
the user just gave us their un/pw it doesn’t make sense for us to send them
over to Keycloak to login, but rather we would like to passively log them
in either via the backend or via some ajax call.
I know I can get a token if I do something like this, but I’m not sure if
it’s going to drop all the right cookies back to the user’s browser to
consider them logged in across all the clients:
curl -d "client_id=admin-cli" -d
"username=chris.savory(a)edlogics.com"
-d "password=password" -d "grant_type=password"
"<domain>/auth/realms/<realm>/protocol/openid-connect/token"
--
On 10/10/16, 3:23 AM, "keycloak-user-bounces(a)lists.jboss.org on behalf of
Stian Thorgersen" <keycloak-user-bounces(a)lists.jboss.org on behalf of
sthorger(a)redhat.com> wrote:
By using token directly I assume you mean exchanging username/password
for
a token directly. I'd strongly recommend against this and it's not
something our adapters support directly.
On 4 October 2016 at 15:36, Mariusz Chruscielewski - Info.nl <
mariusz(a)info.nl> wrote:
> Hi. We are using Keycloak Tomcat Adapter to secure our webapp, after
we
> access protected resource we are redirected to keycloak and after
login we
> go back to our app. After that, we can get KeycloakPrincipal object
from
> web context (request).
>
> Is there a way to create / get this object without using Tomcat
Adapter ?
> We want to make API call (like
http://keycloak/auth/realms/
> vi/protocol/openid-connect/token) and get (or create manually) this
> object using AccessTokenResponse (or any other object we can get
from API).
>
> Ultimate goal is to login to keycloak like adapter does, but
directly from
> Java, without any interaction from user on keycloak forms.
>
> Is it even possible?
>
> Kind Regards,
>
> Mariusz Chruscielewski
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user