But this is not what I would like to achieve. In your situation, I think your frontend
could easily use Keycloak’s endpoints for authentication and authorization instead of
calling your backend for such things.
I would like to avoid writing proxy endpoints to Keycloak’s endpoints myself.
From: Irtiza Ali [mailto:iali@an10.io]
Sent: Wednesday, July 18, 2018 5:08 PM
To: Nikola Malenic <nikola.malenic(a)netsetglobal.rs>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Subject: Re: [keycloak-user] Frontend and backend on separate servers
I am not using keycloak frontend instead i am using my own app frontend to pass requests
to my own app backend, that backend communicates with keycloak backend using keycloak
rest endpoints.
On Wed, 18 Jul 2018, 20:01 Nikola Malenic, <nikola.malenic(a)netsetglobal.rs
<mailto:nikola.malenic@netsetglobal.rs> > wrote:
If I understand correctly, what you proposed is to create one proxy backend application
which would have same endpoints as Keycloak does and which would just pass requests from
Keycloak frontend app to the Keycloak backend?
From: Irtiza Ali [mailto:iali@an10.io <mailto:iali@an10.io> ]
Sent: Wednesday, July 18, 2018 4:55 PM
To: Nikola Malenic <nikola.malenic(a)netsetglobal.rs
<mailto:nikola.malenic@netsetglobal.rs> >
Cc: keycloak-user <keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org> >
Subject: Re: [keycloak-user] Frontend and backend on separate servers
It is difficult to integrate keycloak frontend flow with application. It work around is to
use the keycloak rest endpoints.
My use case:
I have an app with frontend and backend running on different servers. I have a login
endpoint in backend, once called with user credentials from frontend. That endpoint make
another rest call to the keyclock auth endpoint, if authenticated it returns a json
containing user's basic info and jwt based access_token. I used than token in
subsequent requests to app backend.
Feel free to ask if not clear.
IA
On Wed, 18 Jul 2018, 19:45 Nikola Malenic, <nikola.malenic(a)netsetglobal.rs
<mailto:nikola.malenic@netsetglobal.rs> > wrote:
Can you explain how? Just to be clear, when I said Frontend (Angular app) I had Keycloak’s
frontend in mind.
From: Irtiza Ali [mailto:iali@an10.io <mailto:iali@an10.io> ]
Sent: Wednesday, July 18, 2018 4:42 PM
To: Nikola Malenic <nikola.malenic(a)netsetglobal.rs
<mailto:nikola.malenic@netsetglobal.rs> >
Cc: keycloak-user <keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org> >
Subject: Re: [keycloak-user] Frontend and backend on separate servers
One way to acheive this is by using the keycloak's rest endpoints.
On Wed, 18 Jul 2018, 19:36 Nikola Malenic, <nikola.malenic(a)netsetglobal.rs
<mailto:nikola.malenic@netsetglobal.rs> > wrote:
Is it possible to achieve this with Keycloak Security Proxy and how?
Also, I've seen it is deprecated now.
Many thanks,
Nikola
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org
<mailto:keycloak-user-bounces@lists.jboss.org>
[mailto:keycloak-user-bounces@lists.jboss.org
<mailto:keycloak-user-bounces@lists.jboss.org> ] On Behalf Of Nikola Malenic
Sent: Friday, July 13, 2018 9:49 AM
To: keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
Subject: [keycloak-user] Frontend and backend on separate servers
I would like to host backend on secured network, i.e. it would be accessible
only from certain IPs.
Frontend (Angular application) would be served by different server in public
zone, which would have access to the secured network because requests from
it's IP would be allowed to go through firewall.
Is it possible to achieve this in an easy way? I wouldn't like to implement
proxy endpoints for all backend services in secured zone.
Many thanks,
Nikola
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user