11:52 a.m.
The user docs
(http://keycloak.github.io/docs/userguide/keycloak-server/html/Overview.ht...)
describe exactly what I'm looking for:
Signed access tokens can also be propagated by REST client requests
within an|Authorization|header. This is great for distributed
integration as applications can request a login from a client to
obtain an access token, then invoke any aggregated REST invocations to
other services using that access token.
I have a web app (in Tomcat) that uses the
Keycloak adapter for user
authentication.
This web app needs to access a REST service, running in a different
Tomcat container and I want the REST service to use the same user
authentication, but I'm not totally sure about how to go about this.
Do I just grab the keycloak token in the header in the web app and add
that as a header when calling the REST service, and set the REST service
up to use the same Keycloak adapter configuration as the web app?
What if I want to have other ways to authenticate the REST service (e.g.
access from multiple clients)?
Tim
8:36 a.m.
On 1 January 2016 at 11:52, Tim Dudgeon <tdudgeon.ml(a)gmail.com> wrote:
The user docs (
http://keycloak.github.io/docs/userguide/keycloak-server/html/Overview.ht...)
describe exactly what I'm looking for:
Signed access tokens can also be propagated by REST client requests within
an Authorization header. This is great for distributed integration as
applications can request a login from a client to obtain an access token,
then invoke any aggregated REST invocations to other services using that
access token.
I have a web app (in Tomcat) that uses the Keycloak adapter for user
authentication.
This web app needs to access a REST service, running in a different Tomcat
container and I want the REST service to use the same user authentication,
but I'm not totally sure about how to go about this.
Do I just grab the keycloak token in the header in the web app and add
that as a header when calling the REST service, and set the REST service up
to use the same Keycloak adapter configuration as the web app?
You could or you can get the token from the adapter. Take a look at:
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/c...
What if I want to have other ways to authenticate the REST service (e.g.
access from multiple clients)?
Not sure what you mean about this
Tim
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
10:19 a.m.
On 05/01/2016 07:36, Stian Thorgersen wrote:
On 1 January 2016 at 11:52, Tim Dudgeon <tdudgeon.ml(a)gmail.com
<mailto:tdudgeon.ml@gmail.com>> wrote:
The user docs
(http://keycloak.github.io/docs/userguide/keycloak-server/html/Overview.ht...)
describe exactly what I'm looking for:
> Signed access tokens can also be propagated by REST client
> requests within an|Authorization|header. This is great for
> distributed integration as applications can request a login from
> a client to obtain an access token, then invoke any aggregated
> REST invocations to other services using that access token.
I have a web app (in Tomcat) that uses the Keycloak adapter for
user authentication.
This web app needs to access a REST service, running in a
different Tomcat container and I want the REST service to use the
same user authentication, but I'm not totally sure about how to go
about this.
Do I just grab the keycloak token in the header in the web app and
add that as a header when calling the REST service, and set the
REST service up to use the same Keycloak adapter configuration as
the web app?
You could or you can get the token from the adapter. Take a look at:
https://github.com/keycloak/keycloak/blob/master/examples/demo-template/c...
Thanks. That's useful.
What if I want to have other ways to authenticate the REST service
(e.g. access from multiple clients)?
Not sure what you mean about this
For example, lets assume we have 2 apps, authenticating against the same
Keycloak realm, but as separate clients.
Both hit the same REST service and pass through their token to that service.
How is the REST service to authenticate the requests?
All it really needs to to is check that the tokens are valid and come
from the expected (keycloak) source, even though the tokens were
generated for different clients.
Is there an adapter that handles this?
Tim
Tim
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
3311
days inactive
3315
days old
2 comments
2 participants
participants (2)
-
Stian Thorgersen -
Tim Dudgeon