[Apiman-user] Keycloak OAuth2 policy: Get bearer token for logged in user without using username/password

Marc Savy marc.savy at redhat.com
Tue Dec 8 11:53:36 EST 2015


Hi Ton,

I'm not quite sure what you mean, but I think what you're asking for is
brokerage/delegation in the form:

1. Client <-> Keycloak <-> Other IdP.
2. Client <-> apiman gateway

Regards,
Marc

On 08/12/2015 15:28, Ton Swieb wrote:
> Hi,
>
> I would like to secure my api's using the Keycloak OAuth2 policy.
> Similair to what is described in the blog post of Marc Savy:
> http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html
>
> Only with the difference that Keycloak delegates the login to a third
> party IdP. After logging in at this third party IdP I end up with an
> active session in the Apiman UI (the apiman realm of Keycloak).
>
> Now I am wondering how to get the bearer token, because I do not have a
> username/password combination I can use to make a call like:
>
> |curl -X POST
> http://127.0.0.1:8080/auth/realms/stottie/protocol/openid-connect/token
> -H "Content-Type: application/x-www-form-urlencoded" -d
> "username=rincewind" -d 'password=apiman' -d 'grant_type=password' -d
> 'client_id=apiman'|
>
> Because the username/password combination is linked to the third party
> IdP and not to Keycloak itself.
>
> Is there another way to obtain the bearer token?
>
> Perhaps this is aquestion which I should address at the keycloak
> mailinglist. I will try to ask the question there as well.
>
> Regards,
>
> Ton
>
>
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>



More information about the Apiman-user mailing list