It is possible, but you would need to write some code in order to protect your soap
endpoints based on KC tokens.
Basically, what you need is a JAX-WS handler on the server that knows how to extract a
token from a WS-Security header. Once you have the token you may use KC's API to
validate it or even invoke a specific REST endpoint in a KC instance.
What PicketLink STS provides is a WS-Trust compliant Security Token Service. Which is
basically a JAX-WS endpoint that uses WS-Trust to issue/renew/validate/revoke SAML
assertions. Although it is flexible enough to support other types of tokens as well. It
also provides some OOTB client and server side components that you can use to protect SOAP
I think we can consider this as a RFE in order to support OOTB protection for soap
endpoints based on JAX-WS.
----- Original Message -----
From: "Emil Posmyk" <emil.posmyk(a)gmail.com>
Sent: Friday, February 20, 2015 4:40:15 AM
Subject: [keycloak-user] Securing war project with webservice (JAX-WS) using keycloak.
It is possible to secure project with webservice using keycloak ? I saw Picketlink STS but
I'm not sure it's the best solution becouse this is SAML.
keycloak-user mailing list