10:41 a.m.
In the demos, there’s a clear example of how a user is authenticated
against an application, say the customer-portal, and then the
customer-portal requests information from the database-service using the
access token as a bearer token.
In this example, the database-service accepts the bearer token and returns
data.
However, using the Keycloak Adapters and attempting to do the same thing,
the authentication is rejected. Any idea what may be causing this?
Thanks,
Scott
10:44 a.m.
Actually, I wanted to clarify one thing:
In the demos the database-service is set up as bearer-only. Maybe that’s
the problem I’m having. I have the dependent service set as confidential.
But shouldn’t this be supported?
What if the service provides both user facing features and APIs that can be
accessed with bearer tokens?
Thanks again,
Scott
On Wed, Apr 15, 2015 at 11:41 AM, Scott Rossillo <srossillo(a)smartling.com>
wrote:
In the demos, there’s a clear example of how a user is authenticated
against an application, say the customer-portal, and then the
customer-portal requests information from the database-service using the
access token as a bearer token.
In this example, the database-service accepts the bearer token and returns
data.
However, using the Keycloak Adapters and attempting to do the same thing,
the authentication is rejected. Any idea what may be causing this?
Thanks,
Scott
11:29 a.m.
That's quite strange. It should already be possible to authenticate
against confidential applications with bearer-token. For example if you
switch demo database-service as "confidential" instead of
"bearer-only",
it should be still possible to authenticate to it with the bearer access
token sent from customer-portal. You can try it and see if it works.
If demo works for you, but your applications don't, it's probably some
configuration problem on your side.
Marek
On 15.4.2015 17:44, Scott Rossillo wrote:
Actually, I wanted to clarify one thing:
In the demos the database-service is set up as bearer-only. Maybe
that’s the problem I’m having. I have the dependent service set as
confidential. But shouldn’t this be supported?
What if the service provides both user facing features and APIs that
can be accessed with bearer tokens?
Thanks again,
Scott
On Wed, Apr 15, 2015 at 11:41 AM, Scott Rossillo
<srossillo(a)smartling.com <mailto:srossillo@smartling.com>> wrote:
In the demos, there’s a clear example of how a user is
authenticated against an application, say the customer-portal, and
then the customer-portal requests information from the
database-service using the access token as a bearer token.
In this example, the database-service accepts the bearer token and
returns data.
However, using the Keycloak Adapters and attempting to do the same
thing, the authentication is rejected. Any idea what may be
causing this?
Thanks,
Scott
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
11:34 a.m.
Thanks Marek,
I will try again. I did get it working by setting the service to
“bearer-only” but there was one bug with the keycloak.json generated by
Keycloak 1.2.0.Beta1. It’s missing the "auth-server-url”.
I get:
12:32:58.269 [http-nio-2080-exec-1] ERROR
o.k.a.BearerTokenRequestAuthenticator - Failed to verify token
org.keycloak.VerificationException: Realm URL is null. Make sure to add
auth-server-url to the configuration of your adapter!
After adding "auth-server-url” to the keycloak.json file, it works.
I’ll set app back to confidential and I will keep testing.
Thanks,
Scott
On Wed, Apr 15, 2015 at 12:29 PM, Marek Posolda <mposolda(a)redhat.com> wrote:
That's quite strange. It should already be possible to
authenticate
against confidential applications with bearer-token. For example if you
switch demo database-service as "confidential" instead of
"bearer-only", it
should be still possible to authenticate to it with the bearer access token
sent from customer-portal. You can try it and see if it works.
If demo works for you, but your applications don't, it's probably some
configuration problem on your side.
Marek
On 15.4.2015 17:44, Scott Rossillo wrote:
Actually, I wanted to clarify one thing:
In the demos the database-service is set up as bearer-only. Maybe that’s
the problem I’m having. I have the dependent service set as confidential.
But shouldn’t this be supported?
What if the service provides both user facing features and APIs that can
be accessed with bearer tokens?
Thanks again,
Scott
On Wed, Apr 15, 2015 at 11:41 AM, Scott Rossillo <srossillo(a)smartling.com>
wrote:
> In the demos, there’s a clear example of how a user is authenticated
> against an application, say the customer-portal, and then the
> customer-portal requests information from the database-service using the
> access token as a bearer token.
>
> In this example, the database-service accepts the bearer token and
> returns data.
>
> However, using the Keycloak Adapters and attempting to do the same
> thing, the authentication is rejected. Any idea what may be causing this?
>
> Thanks,
> Scott
>
_______________________________________________
keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
2:16 a.m.
----- Original Message -----
From: "Scott Rossillo" <srossillo(a)smartling.com>
To: "Marek Posolda" <mposolda(a)redhat.com>
Cc: keycloak-user(a)lists.jboss.org
Sent: Wednesday, April 15, 2015 6:34:52 PM
Subject: Re: [keycloak-user] Application to applications using bearer token
Thanks Marek,
I will try again. I did get it working by setting the service to
“bearer-only” but there was one bug with the keycloak.json generated by
Keycloak 1.2.0.Beta1. It’s missing the "auth-server-url”.
I get:
12:32:58.269 [http-nio-2080-exec-1] ERROR
o.k.a.BearerTokenRequestAuthenticator - Failed to verify token
org.keycloak.VerificationException: Realm URL is null. Make sure to add
auth-server-url to the configuration of your adapter!
After adding "auth-server-url” to the keycloak.json file, it works.
I’ll set app back to confidential and I will keep testing.
https://issues.jboss.org/browse/KEYCLOAK-1213 - fixing now
Thanks,
Scott
On Wed, Apr 15, 2015 at 12:29 PM, Marek Posolda < mposolda(a)redhat.com >
wrote:
That's quite strange. It should already be possible to authenticate against
confidential applications with bearer-token. For example if you switch demo
database-service as "confidential" instead of "bearer-only", it
should be
still possible to authenticate to it with the bearer access token sent from
customer-portal. You can try it and see if it works.
If demo works for you, but your applications don't, it's probably some
configuration problem on your side.
Marek
On 15.4.2015 17:44, Scott Rossillo wrote:
Actually, I wanted to clarify one thing:
In the demos the database-service is set up as bearer-only. Maybe that’s the
problem I’m having. I have the dependent service set as confidential. But
shouldn’t this be supported?
What if the service provides both user facing features and APIs that can be
accessed with bearer tokens?
Thanks again,
Scott
On Wed, Apr 15, 2015 at 11:41 AM, Scott Rossillo < srossillo(a)smartling.com >
wrote:
In the demos, there’s a clear example of how a user is authenticated against
an application, say the customer-portal, and then the customer-portal
requests information from the database-service using the access token as a
bearer token.
In this example, the database-service accepts the bearer token and returns
data.
However, using the Keycloak Adapters and attempting to do the same thing, the
authentication is rejected. Any idea what may be causing this?
Thanks,
Scott
_______________________________________________
keycloak-user mailing list keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3819
days inactive
3820
days old
4 comments
3 participants
participants (3)
-
Marek Posolda -
Scott Rossillo -
Stian Thorgersen