2:03 a.m.
Hello Manuel,
Please, do not say sorry, you do not bother at all.
Me for the scenarios like that one I use the keycloak java servlet filter
adapter [1]. This allows me to use SAML2 for the user interface (web
profile) and basic authentication for APIs:
<filter-mapping>
<filter-name>Keycloak Filter</filter-name>
<url-pattern>/saml</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Keycloak Filter</filter-name>
<url-pattern>/secure/ui/*</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>ApiController</servlet-name>
<url-pattern>/secure/api/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>API</web-resource-name>
<url-pattern>/secure/api/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>
Wildcard allows any authenticated user to access
</description>
<role-name>*</role-name>
</security-role>
Hope it helps,
Luis
[1]
https://www.keycloak.org/docs/latest/securing_apps/index.html#java-servle...
El jue., 11 abr. 2019 a las 14:31, Manuel Waltschek (<
manuel.waltschek(a)prisma-solutions.at>) escribió:
Hello Luis,
sorry to bother you again, but for me it is unclear if this can coexist to
SAML authentication for the same web-app, since it needs a special
keycloak.json as seen in
https://github.com/keycloak/keycloak/tree/master/examples/basic-auth
Regards,
Manuel
*Von:* Luis Rodríguez Fernández <uo67113(a)gmail.com>
*Gesendet:* Donnerstag, 11. April 2019 14:07
*An:* Manuel Waltschek <manuel.waltschek(a)prisma-solutions.at>
*Betreff:* Re: [keycloak-user] SAML securing application via browser /
REST API via ECP on wildfly
Hello Manuel,
If your client can keep secrets I would go for good and old basic
authentication or Oauth2 with the client credentials flow [1]:
machine-to-machine authentication where a specific user’s permission to
access data is not required.
Hope it helps,
Luis
[1] https://tools.ietf.org/html/rfc6749#section-4.4
El jue., 11 abr. 2019 a las 11:14, Manuel Waltschek (<
manuel.waltschek(a)prisma-solutions.at>) escribió:
Hello KC Community!
We are currently securing our war via browser SSO with SAML. We are
deploying on wildfly 10 and are using keycloak as an IdP broker.
We have the requirement to also secure a REST endpoint which is invoked by
a thrid party. I read about ECP shortly in KC docs and some forum
discussions, but I could not find out how to set this up. It is also
unclear if keycloak even supports this feature. If not ECP, are there any
other known ways to support this behaviour?
Regards,
[Logo]
Manuel Waltschek BSc.
+43 660 86655 47<tel:+436608665547 <+436608665547>>
manuel.waltschek(a)prisma-solutions.at<mailto:
manuel.waltschek(a)prisma-solutions.at>
https://www.prisma-solutions.com
PRISMA solutions EDV-Dienstleistungen GmbH
Klostergasse 18, 2340 Mödling, Austria
Firmenbuch: FN 239449 g, Landesgericht Wiener Neustadt
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
2072
days inactive
2072
days old
0 comments
1 participants
participants (1)
-
Luis Rodríguez Fernández