Hi There,

i try to use Keycloak to authenticate an EJB Remote Client Call.

Setup:

I have a working Keycloak Setup for my WebClients.

I add to my application server standalone.xml an additional security domain:

                <security-domain name="keycloakjaas" cache-type="default">
                    <authentication>
                        <login-module code="org.keycloak.adapters.jaas.DirectAccessGrantsLoginModule" flag="required">
                            <module-option name="keycloak-config-file" value="E:\Software\ApplicationServer\wildfly-10.0.0.Final\standalone\configuration\keycloak-sso1.json"/>
                        </login-module>
                    </authentication>
                </security-domain>

and configure my ejb sub-system
        <subsystem xmlns="urn:jboss:domain:ejb3:4.0">
      ....
            <default-security-domain value="keycloakjaas"/>
        </subsystem>

My Test Connection:
        prop.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
        prop.put(Context.PROVIDER_URL, "http-remoting://localhost:8080");
        prop.put("jboss.naming.client.ejb.context", true);
        prop.put(Context.SECURITY_PRINCIPAL, "admin-user");
        prop.put(Context.SECURITY_CREDENTIALS, "123");

fails with: "Invalid User"

In Keycloak Server i see the failed login:
Errorinvalid_user_credentials
auth_method openid-connect grant_type password client_auth_method client-secret username admin-user

"Direct Access Grants" is enabeld for that application.

Somebody any idea? Or is my setup totally wrong?

How whould i use KeyCloak for remote EJB calls?

Thanks a lot

Chris