9:34 a.m.
Hi everyone,
Does a Keycloak secured REST Api on JBoss EAP 6.1 (access-type bearer only)
need to communicate with the Keycloak Server once the Adapter and
standalone.xml are properly configured?
Currently both servers are on the same DMZ zone, but we'd like to move the
REST Api Server in Intranet zone.
(test - the REST backend seems to be callable as long as the token is
valid, though the Keycloak Server was shutdown, but I ask myself why do I
need to specify the auth-server-url in standalone.xml, or keycloak.json
file)
Thanks
Adrian
1:45 a.m.
The REST service doesn't need to communicate directly with Keycloak. The
auth-server-url is required by a bearer only token mainly to verify the
issuer in the token (it's the full url of the realm, not just the realm
name).
On 15 July 2016 at 16:34, Adrian Matei <adrianmatei(a)gmail.com> wrote:
Hi everyone,
Does a Keycloak secured REST Api on JBoss EAP 6.1 (access-type bearer
only) need to communicate with the Keycloak Server once the Adapter and
standalone.xml are properly configured?
Currently both servers are on the same DMZ zone, but we'd like to move the
REST Api Server in Intranet zone.
(test - the REST backend seems to be callable as long as the token is
valid, though the Keycloak Server was shutdown, but I ask myself why do I
need to specify the auth-server-url in standalone.xml, or keycloak.json
file)
Thanks
Adrian
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3:20 a.m.
Hi Stian,
Thank you for the confirmation.
Kind regards,
Adrian
On Tue, Jul 19, 2016 at 8:45 AM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
The REST service doesn't need to communicate directly with
Keycloak. The
auth-server-url is required by a bearer only token mainly to verify the
issuer in the token (it's the full url of the realm, not just the realm
name).
On 15 July 2016 at 16:34, Adrian Matei <adrianmatei(a)gmail.com> wrote:
> Hi everyone,
>
> Does a Keycloak secured REST Api on JBoss EAP 6.1 (access-type bearer
> only) need to communicate with the Keycloak Server once the Adapter and
> standalone.xml are properly configured?
>
> Currently both servers are on the same DMZ zone, but we'd like to move
> the REST Api Server in Intranet zone.
>
> (test - the REST backend seems to be callable as long as the token is
> valid, though the Keycloak Server was shutdown, but I ask myself why do I
> need to specify the auth-server-url in standalone.xml, or keycloak.json
> file)
>
>
> Thanks
> Adrian
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
3077
days inactive
3081
days old
2 comments
2 participants
participants (2)
-
Adrian Matei -
Stian Thorgersen