[keycloak-user] Best practice: Server to Server authentication

Hello, has anyone experience or advice how to handle the following situation: I have my application running on a keycloak secured wildfly instance. Another application wants to make REST calls from an IIS Server to my application. Of course the user is not willing to provide credentials a second time, but the calls must be associated with the user. It must not be a shared account in keycloak, which is used for all users on the IIS. What is the right way (keycloak way) to approach this? Thx for your help. Kevin Hirschmann HUEBINET Informationsmanagement GmbH & Co. KG HUEBINET Informationsmanagement GmbH & Co. KG An der Königsbach 8 56075 Koblenz Sitz und Registergericht: Koblenz HRA 5329 Persönlich haftender Gesellschafter der KG: HUEBINET GmbH; Sitz und Registergericht: Koblenz HRB 6857 Geschäftsführung: Frank Hüttmann; Michael Biemer ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------- Der Nachrichtenaustausch mit HUEBINET Informationsmanagement GmbH & Co. KG, Koblenz via E-Mail dient lediglich zu Informationszwecken. Rechtsgeschäftliche Erklärungen mit verbindlichem Inhalt können über dieses Medium nicht ausgetauscht werden, da die Manipulation von E-Mails durch Dritte nicht ausgeschlossen werden kann. Email communication with HUEBINET Informationsmanagement GmbH & Co. KG is only intended to provide information of a general kind, and shall not be used for any statement with binding contents in respect to legal relations. It is not totally possible to prevent a third party from manipulating emails and email contents.