Hi,
We have example in documentation for EJB propagation from web
application where Keycloak. See
https://keycloak.gitbooks.io/documentation/securing_apps/topics/oidc/java...
and especially the last paragraph "Security domain" .
We have unofficial example I've written to propagate identity from fat
client through remote EJB calls:
https://github.com/mposolda/keycloak-remote-ejb
Marek
On 04/07/17 18:42, Tech wrote:
Dear experts,
I want to bring you this use case to understand if you might be able to
support me.
Our architecture is based in java, where we might have two kind of clients:
* Fat java clients
* Browsers
Application servers with:
* Web containers performing local and remote EJB calls + remote WS calls
* EJB container performing local and remote EJB calls + remote WS calls
* A remote EJB server performing local and remote EJB calls + remote
WS calls
* Ws implemeting SOAP or REST
* Server SSO able to protect what described above
The goal is to allow the clients (thin and fat) to authenticate on the
SSO server and to propagate the user identity on these requests:
* Fat client authenticated -> EJB secure -> WS secure
* Browser authenticated -> Web container -> EJB secure -> WS secure
The solution could use a secure token OAuth, OIDC or SAML.
The token propagation should be based on standards JAAS and WS-Security.
We saw that is possible to implement something similar in some SAML
Login Modules on JBoss Enterprise server, but we are not finding
anything equivalent in Keycloak.
We cannot neither find, for example, not neither for a STS server, that
are the required elements to transform this kind of tokens.
Did anybody faced a similar experience?
Thanks for your support!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user