It's been there for a long time, take a look at the multi tenancy example
On 7 October 2015 at 15:30, Tair Sabirgaliev <tair.sabirgaliev(a)bee.kz>
wrote:
Is KeycloakConfigResolver coming in 1.6?
--
Tair Sabirgaliev
Bee Software, LLP
On October 6, 2015 at 11:32:44, Stian Thorgersen (sthorger(a)redhat.com)
wrote:
I'm afraid it's not possible at the moment. The only option now is to have
two different clients and either split your application into two, or you
can use the KeycloakConfigResolver to select the client based on the
content type yourself. See the multi tenancy example for an idea on how to
use it.
On 2 October 2015 at 18:24, Tair Sabirgaliev <tair.sabirgaliev(a)bee.kz>
wrote:
>
> Hi,
>
> Yes, it can be done with nginx, but I still hope this could be
> accomplished natively :)
>
> The general idea is this:
>
> a) if browser asks for "text/html" => act as confidential/public
> client, that is
> start keycloak login protocol
>
> b) if browser asks for "application/json” => act as bearer only client,
> and in
> case of authorization error, respond with proper 40x status
>
> This would let me build an ‘isomorphic’ JavaScript application (
>
http://isomorphic.net)
>
> With keycloak-1.5.0 I see that there is no difference whether I accept
> text/html or application/json:
>
> tair$ curl -v -H 'Accept: text/html'
>
http://localhost:9080/hello-world/rest/something
> * Trying ::1...
> * connect to ::1 port 9080 failed: Connection refused
> * Trying 127.0.0.1...
> * Connected to localhost (127.0.0.1) port 9080 (#0)
> > GET /hello-world/rest/something HTTP/1.1
> > Host: localhost:9080
> > User-Agent: curl/7.43.0
> > Accept: text/html
> >
> < HTTP/1.1 302 Found
> < Expires: 0
> < Cache-Control: no-cache, no-store, must-revalidate
> < X-Powered-By: Undertow/1
> < Set-Cookie:
> OAuth_Token_Request_State=72/c51bad76-7236-486e-aae6-9ec58c725666
> < Server: WildFly/9
> < Pragma: no-cache
> < Location:
>
http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth?respo...
> < Date: Fri, 02 Oct 2015 15:53:32 GMT
> < Connection: keep-alive
> < Content-Length: 0
> <
> * Connection #0 to host localhost left intact
>
> tair$ curl -v -H 'Accept: application/json'
>
http://localhost:9080/hello-world/rest/something
> * Trying 127.0.0.1...
> * Connected to localhost (127.0.0.1) port 9080 (#0)
> > GET /hello-world/rest/something HTTP/1.1
> > Host: localhost:9080
> > User-Agent: curl/7.43.0
> > Accept: application/json
> >
> < HTTP/1.1 302 Found
> < Expires: 0
> < Cache-Control: no-cache, no-store, must-revalidate
> < X-Powered-By: Undertow/1
> < Set-Cookie:
> OAuth_Token_Request_State=73/a8f13860-a35c-455a-9963-434c17e00a65
> < Server: WildFly/9
> < Pragma: no-cache
> < Location:
>
http://localhost:8080/auth/realms/demo/protocol/openid-connect/auth?respo...
> < Date: Fri, 02 Oct 2015 15:53:41 GMT
> < Connection: keep-alive
> < Content-Length: 0
> <
> * Connection #0 to host localhost left intact
>
> Any workarounds there?
>
> --
> Tair Sabirgaliev
> Bee Software, LLP
>
>
>
> On October 2, 2015 at 20:54:01, Giriraj Sharma (
> giriraj.sharma27@gmail.com(mailto:giriraj.sharma27@gmail.com)) wrote:
>
> > Hi,
> >
> > One possible way is to put nginx as a reverse proxy in between browser
> and Keycloak server instance. You can dig around using $content_type
> embedded variable of nginx ngx_http_core_module or may be nginx_rewrite
> module and a simple tweak (may be an if statement in nginx server/location
> block config) will help you in achieving the required. Based on the value
> of content-type header, you can proxy-pass the requests to a different
> upstream server via nginx.
> >
> > Cheers,
> >
> >
> > On Fri, Oct 2, 2015 at 2:19 PM, Tair Sabirgaliev wrote:
> > >
> > > Hi,
> > >
> > > Is it possible to setup login redirection only for certain content
> types?
> > > I want to redirect only when the browser asks for text/html. For
> other types
> > > either 40x or Authorization challenge.
> > >
> > > --
> > > Tair Sabirgaliev
> > > Bee Software, LLP
> > >
> > >
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user@lists.jboss.org(mailto:keycloak-user@lists.jboss.org)
> > >
https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> > --
> >
> > Giriraj Sharma
> > about.me/girirajsharma
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Giriraj Sharma,
> > Department of Computer Science
> > National Institute of Technology Hamirpur
> > Himachal Pradesh, India 177005
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>