Re: [keycloak-user] Migration to Keycloak

Hi all, I have a question about migrating my application to keycloak. My application is based on : - some EJB components - a main REST interface driving the EJB components, - a HTML5/Angular GUI client - some remote REST api acting as clients of the main REST api. According to the documentation, I plane to use the adapters according to my components but I'm facing a problame for the main REST interface. By default, the main REST interface handles requests using a dedicated GUEST account. It's a kind of default account that is propagated to the EJB container using a classic login mechanism. This is handle in a ServletFilter that looks for HTTP Authentication headers. If headers are not found, authentication on the container is done using the default login 'guest'. For this special account, a dedicated login-module is used in the wildfly security domain (<login-module code="Identity" flag="required">) I'm trying to migrate to keycloak using the undertow adapter but I'm not able to handle a default login propagated to the EJB layer. The use case is that a simpe call to the REST api without authentication token header should result as a container authenticated user guest whereas requests with token included should try to perform the token base authentication. In that way, unauthenticated usage of HTML5/JS interface should result as guest requests and login process only required when main REST api throws AccessDeniedException. Is there is any way to perform this using the KEYCLOAK auth-method or do I have to write a specific Filter handling a kind of dual auth mechanism (guest and keycloak) ? Best regards, Jérôme. _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user