[Apiman-user] Keycloak OAuth2 policy: Get bearer token for logged in user without using username/password

Marc Savy marc.savy at redhat.com
Tue Dec 8 11:58:26 EST 2015


To expand on that - depending on exactly what type of IdP (and specifically which technology) you were delegating to, it may be possible to do what you're asking - or you may need to write something custom.

Can you provide more detail?

Also, if you have very specific Keycloak questions you might be best served on the keycloak-user mailing list, which is extremely active (https://lists.jboss.org/mailman/listinfo/keycloak-user).

On 08/12/2015 16:53, Marc Savy wrote:
> Hi Ton,
>
> I'm not quite sure what you mean, but I think what you're asking for is
> brokerage/delegation in the form:
>
> 1. Client <-> Keycloak <-> Other IdP.
> 2. Client <-> apiman gateway
>
> Regards,
> Marc
>
> On 08/12/2015 15:28, Ton Swieb wrote:
> > Hi,
> >
> > I would like to secure my api's using the Keycloak OAuth2 policy.
> > Similair to what is described in the blog post of Marc Savy:
> > http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html
> >
> >
> > Only with the difference that Keycloak delegates the login to a third
> > party IdP. After logging in at this third party IdP I end up with an
> > active session in the Apiman UI (the apiman realm of Keycloak).
> >
> > Now I am wondering how to get the bearer token, because I do not have a
> > username/password combination I can use to make a call like:
> >
> > |curl -X POST
> > http://127.0.0.1:8080/auth/realms/stottie/protocol/openid-connect/token
> > -H "Content-Type: application/x-www-form-urlencoded" -d
> > "username=rincewind" -d 'password=apiman' -d 'grant_type=password' -d
> > 'client_id=apiman'|
> >
> > Because the username/password combination is linked to the third party
> > IdP and not to Keycloak itself.
> >
> > Is there another way to obtain the bearer token?
> >
> > Perhaps this is aquestion which I should address at the keycloak
> > mailinglist. I will try to ask the question there as well.
> >
> > Regards,
> >
> > Ton
> >
> >
> > _______________________________________________
> > Apiman-user mailing list
> > Apiman-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/apiman-user
> >
>



More information about the Apiman-user mailing list