12:59 a.m.
Hi,
We need to implement authentication for our REST APIs.
The issue is not simple since same APIs used for UI and for the CLI clients.
CLI clients access REST API using Basic Authentication.
For UI we want to access REST APIs after OIDC authentication.
Therefore we need to achieve the following:
* If a request comes without any authentication the server should respond with HTTP
401.
* If a request comes with the Basic Authentication header it is authenticated.
* If a request comes with Keycloak cookies it is authenticated (and HTTP 401 is not
appear).
Is it possible to do it?
I will happy to clarify how Basic Authentication is implemented for Keycloak Java
adapters.
I found the enable-basic-auth configuration here:
https://keycloak.gitbooks.io/securing-client-applications-guide/content/t...
Java Adapters Config | Securing Applications and Services
...<https://keycloak.gitbooks.io/securing-client-applications-guide/content/topics/oidc/java/java-adapter-config.html>
keycloak.gitbooks.io
Each Java adapter supported by Keycloak can be configured by a simple JSON file. This is
what one might look like: {
<https://keycloak.gitbooks.io/securing-client-applications-guide/content/t...
Questions:
1. Will Keycloak Java adapter prompt with HTTP 401 if a request without any
authentication?
(we can not allow OIDC redirection in this case)
2. What happens a request comes with Basic Authentication header it is authenticated?
How Keycloak Java adapter validates the user name and password?
3. What happens a request comes with Keycloak cookies?
Best regards,
Michael
1:07 a.m.
New subject: How Basic Authentication is implemented for Java adapters?
We use SpringSecurity adapter
________________________________
From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org>
on behalf of Michael Furman <michael_furman(a)hotmail.com>
Sent: Wednesday, December 14, 2016 8:59 AM
To: keycloak-user(a)lists.jboss.org
Subject: [keycloak-user] How Basic Authentication is implemented for Java adapters?
Hi,
We need to implement authentication for our REST APIs.
The issue is not simple since same APIs used for UI and for the CLI clients.
CLI clients access REST API using Basic Authentication.
For UI we want to access REST APIs after OIDC authentication.
Therefore we need to achieve the following:
* If a request comes without any authentication the server should respond with HTTP
401.
* If a request comes with the Basic Authentication header it is authenticated.
* If a request comes with Keycloak cookies it is authenticated (and HTTP 401 is not
appear).
Is it possible to do it?
I will happy to clarify how Basic Authentication is implemented for Keycloak Java
adapters.
I found the enable-basic-auth configuration here:
https://keycloak.gitbooks.io/securing-client-applications-guide/content/t...
Questions:
1. Will Keycloak Java adapter prompt with HTTP 401 if a request without any
authentication?
(we can not allow OIDC redirection in this case)
2. What happens a request comes with Basic Authentication header it is authenticated?
How Keycloak Java adapter validates the user name and password?
3. What happens a request comes with Keycloak cookies?
Best regards,
Michael
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
1:38 a.m.
Not sure SpringSec adapter supports basic auth, I need to check this out.
Why do you need basic auth ? Is that just for your CLI client so it can log
in ? Why don't you setup a CLI client in the KC console that has direct
grant enabled ?? That would make the things easier, your CLI request a
token to KC and the use it to make the API calls.
On Wed, Dec 14, 2016 at 8:07 AM, Michael Furman <michael_furman(a)hotmail.com>
wrote:
We use SpringSecurity adapter
________________________________
From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces@lists.
jboss.org> on behalf of Michael Furman <michael_furman(a)hotmail.com>
Sent: Wednesday, December 14, 2016 8:59 AM
To: keycloak-user(a)lists.jboss.org
Subject: [keycloak-user] How Basic Authentication is implemented for Java
adapters?
Hi,
We need to implement authentication for our REST APIs.
The issue is not simple since same APIs used for UI and for the CLI
clients.
CLI clients access REST API using Basic Authentication.
For UI we want to access REST APIs after OIDC authentication.
Therefore we need to achieve the following:
* If a request comes without any authentication the server should
respond with HTTP 401.
* If a request comes with the Basic Authentication header it is
authenticated.
* If a request comes with Keycloak cookies it is authenticated (and
HTTP 401 is not appear).
Is it possible to do it?
I will happy to clarify how Basic Authentication is implemented for
Keycloak Java adapters.
I found the enable-basic-auth configuration here:
https://keycloak.gitbooks.io/securing-client-applications-
guide/content/topics/oidc/java/java-adapter-config.html
Questions:
1. Will Keycloak Java adapter prompt with HTTP 401 if a request without
any authentication?
(we can not allow OIDC redirection in this case)
2. What happens a request comes with Basic Authentication header it is
authenticated?
How Keycloak Java adapter validates the user name and password?
3. What happens a request comes with Keycloak cookies?
Best regards,
Michael
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3476
days inactive
3476
days old
2 comments
2 participants
participants (2)
-
Michael Furman -
Sebastien Blanc