With basic auth, you have zero control over the client and you're
handing over credentials to that client. Simple and easy for "hello
world" apps sure.
On 11/10/2014 3:20 AM, Gary Brown wrote:
Currently its for backward compatibility, maintaining the same simple
authentication approach for existing clients using the REST services.
However basic auth is a standard (and simple) approach, so I could see some cases where
it would be preferred by app developers rather than accessing a keycloak specific service
to obtain a token. One relevant case would be API management - if a backend service was
protected by keycloak, I believe it would require a specific authentication module to
obtain a token per request (unless the token could be cached somewhere).
So I think having the basic auth support will provide flexibility.
Regards
Gary
----- Original Message -----
> If you are using Keycloak, I don't understand why you would want to do
> basic auth.
>
> Eventually I'm going to write a JAAS plugin for simple username/password
> with Keycloak, but I have other stuff in my queue at the moment. For
> your application, you'd have to write something that obtained a admin
> token and verified username password and downloaded role mappings.
>
> On 11/7/2014 9:16 AM, Gary Brown wrote:
>> Hi
>>
>> I've just started looking at KeyCloak to use with the Overlord governance
>> projects.
>>
>> I have tried the examples, and see how we could leverage KeyCloak to
>> protect the UI apps and the backend REST services they use. However we
>> also need to provide the REST services as independent services using basic
>> auth - but would like the basic auth to be performed against the users
>> managed by KeyCloak.
>>
>> Is there any recommendations on how this can be achieved?
>>
>> Do we need to provide our own filter - is there any example code to do
>> this?
>>
>> Is it possible to do something via the KeyCloak subsystem configuration
>> approach, in case we wanted to secure the REST service without modifying
>> the war?
>>
>> Thanks in advance.
>>
>> Regards
>> Gary
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
>
http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>