Bill,I am able to get the example to work and it is fine if I am calling REST service to any other REST service (any number of hops). Does it work if you try to access another web application (just submit a form, access content or anything) that is authenticated by Keycloak or Are you able to make a call from the REST Service to a web application that is configured with Keycloak?See attached explanation.ThanksSamOn Fri, Sep 5, 2014 at 2:41 PM, Bill Burke <bburke@redhat.com> wrote:You're going to have to elaborate on your problem as I was unable to reproduce it.
I took examples/preconfigured-demo/customer-app and added the database/ projects Java files to it. I was able to deploy this application and do both web and bearer auth from the same war.
Are you using latest Keycloak? 1.0-rc2?
On 9/5/2014 1:31 PM, Red Samh wrote:
Thanks Bill, much appreciated. Is there something I can do in the
interim even if it is a hack?. I was looking at adapter code or even
something I can hardcode in the rest service to pull out the user
information and make the call to the back end application?
Thanks
Sam
On Sep 5, 2014 1:19 PM, "Bill Burke" <bburke@redhat.com
<mailto:bburke@redhat.com>> wrote:
A pure servlet filter is on the roadmap, but it wouldn't be as
seemlessly integrated. I'll take a look at your problem.
On 9/5/2014 11:59 AM, Red Samh wrote:
Eap 6.x, it would be nice if i could generalize to any war
deployed to
to tomcat or jetty.
Thanks
Sam
On Sep 5, 2014 11:51 AM, "Bill Burke" <bburke@redhat.com
<mailto:bburke@redhat.com>> ___________________________________________________<mailto:bburke@redhat.com <mailto:bburke@redhat.com>>> wrote:
Wildfly or JBoss EAP 6.x or JBoss AS 7.1?
On 9/5/2014 11:49 AM, Red Samh wrote:
Bill,
Thanks for the reply.
Yes it works when I have to call REST to another REST
service
and any
number of hops. The problem is calling a full fledged
application from
a REST service that I have the issue. When it is an
application
that is
both Web App + REST and I add the authorization header
(bearer)
I get an
unauthorized 401 (blackbox in the attachment).
Thanks
Sam
On Fri, Sep 5, 2014 at 11:42 AM, Bill Burke
<bburke@redhat.com <mailto:bburke@redhat.com>
<mailto:bburke@redhat.com <mailto:bburke@redhat.com>>
<mailto:bburke@redhat.com <mailto:bburke@redhat.com>
<mailto:bburke@redhat.com <mailto:bburke@redhat.com>>>> wrote:
Should work. You'll have to actually describe
what your
problem is or I
can't help you. I'll take a guess though:
Keycloak doesn't propagate the Authorization
bearer token
header
automatically when you have multiple REST "hops"
between
multiple
servers You'll have to obtain the access token
and set up
the HTTP
header manually. The demo customer-portal example
in the
distro does
exactly this, so take a look at that for more details.
On 9/5/2014 10:58 AM, Red Samh wrote:
> Hello,
>
> We have an application that is protected using
Keycloak
and a
user can
> access this application through a web front.
After login
the user can
> use the functionality of the application. The
application is also
> exposed through REST API's and is protected via
keycloak
as part
of the
> application and accessible only after login
into the main
application.
>
> We have a
>
> (Step 1) Javascript application (retrieving
data from) ->
>
> (Step 2) Business Application exposed as REST
API (REST
API has
to make
> calls to backend Application mentioned above) ->
>
> (Step 3) BackEnd Application Server + REST API.
>
> Directly accessing the BackEnd Application
Server works
fine but
when we
> need to call the REST API from another REST
service which is
> authenticated via Keycloak we have issues.
>
> We used the existing sample to try and do a POC
but not
sure what
is the
> best approach to solve this issue. The part
from (Step
1) to (Step 2)
> works and the REST API is protected using
BEARER token.
The (Step
2) to
> (Step 3) is a problem as in (Step 2) we only
have the BEARER
token and
> the BackEnd Application is protected using the
full keycloak
> configuration. So The BackEnd Application
service is not
authenticating
> by sending in only the BEARER token in the
header which
is a full
> keycloak installation (work as only a web service).
>
> Thanks
> Sam
>
>
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
<mailto:keycloak-user@lists.__jboss.org
<mailto:keycloak-user@lists.jboss.org>>
<mailto:keycloak-user@lists.
<mailto:keycloak-user@lists.>____jboss.org <http://jboss.org>
<mailto:keycloak-user@lists.__jboss.org
<mailto:keycloak-user@lists.jboss.org>>>
>
https://lists.jboss.org/____mailman/listinfo/keycloak-user
<https://lists.jboss.org/__mailman/listinfo/keycloak-user>
<https://lists.jboss.org/__mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>__>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
___________________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
<mailto:keycloak-user@lists.__jboss.org
<mailto:keycloak-user@lists.jboss.org>>
<mailto:keycloak-user@lists.
<mailto:keycloak-user@lists.>____jboss.org <http://jboss.org>
<mailto:keycloak-user@lists.__jboss.org
<mailto:keycloak-user@lists.jboss.org>>>
https://lists.jboss.org/____mailman/listinfo/keycloak-user
<https://lists.jboss.org/__mailman/listinfo/keycloak-user>
<https://lists.jboss.org/__mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>__>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com