[Apiman-user] Forwarding HTTP requests to service implementations secured by OAuth
Marc Savy
marc.savy at redhat.com
Wed Nov 18 10:02:52 EST 2015
Hi Ton,
Just to clarify. From what I understand, you're trying to secure communications between the apiman gateway and back-end service using OAuth2/OpenID Connect?
I.e. You are *not* OAuth2 simply between the client to the apiman gateway.
Regards,
Marc
On 18/11/2015 14:34, Ton Swieb wrote:
> Hi,
>
> I am using Apiman 1.1.8.Final and I want to use a backend service in
> Apiman which is secured by OAuth.
> So instead of securing the Apiman side of the service, using the
> Keycloak OAuth plugin, Apiman needs forward calls to a service
> implementation that is secured by OAuth. I have got an OAuth token with
> a very long time to live (days/weeks/months) which I can use.
>
> Currently I only see the option to configure BASIC Authentication or
> MTLS/Two-Way-SSL on the service implementation.
> Would it be possible to add the HTTP Simple Header policy to the service
> and set the Authorization header with "Bearer........." or will that be
> stripped off by Apiman when forwarding the call to the backend service?
>
> Kind regards,
>
> Ton
>
>
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>
More information about the Apiman-user
mailing list