Hi,

am I understand correctly that you have:
1) UI application, which handles redirection to keycloak login screen etc. and have access token available
2) REST Application 1
3) REST Application 2

The user wants to send accessToken to RESTApp1 and this RESTApp1 wants to send another REST request to RESTApp2. Is it correct? I wonder that you can just send same accessToken used for RESTApp1 for authentication to RESTApp2. Or am I not understand correctly your environment?

Marek

On 20/11/15 09:46, Kevin Hirschmann wrote:

Hello,

 

has anyone experience or advice how to handle the following situation:

 

I have my application running on a keycloak secured wildfly instance. Another application

wants to make REST calls from an IIS Server to my application.  Of course the user is not

willing to provide credentials a second time, but the calls must be associated with the user.

It must not be a shared account in keycloak, which is used for all users on the IIS.

 

What is the right way (keycloak way) to approach this?

 

Thx for your help.

 

Kevin Hirschmann

 

HUEBINET Informationsmanagement GmbH & Co. KG

 

 

HUEBINET Informationsmanagement GmbH & Co. KG

An der Königsbach 8

56075 Koblenz

 

Sitz und Registergericht: Koblenz HRA 5329

 

Persönlich haftender Gesellschafter der KG:

HUEBINET GmbH;

Sitz und Registergericht: Koblenz HRB 6857

 

Geschäftsführung:

Frank Hüttmann; Michael Biemer

 

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Der Nachrichtenaustausch mit HUEBINET Informationsmanagement GmbH & Co. KG, Koblenz via E-Mail dient lediglich zu Informationszwecken. Rechtsgeschäftliche Erklärungen mit verbindlichem Inhalt können über dieses Medium nicht ausgetauscht werden, da die Manipulation von E-Mails durch Dritte nicht ausgeschlossen werden kann.

 

Email communication with HUEBINET Informationsmanagement GmbH & Co. KG is only intended to provide information of a general kind, and shall not be used for any statement with binding contents in respect to legal relations. It is not totally possible to prevent a third party from manipulating emails and email contents.

 

 

 



_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user