[keycloak-dev] <kc:bearer-only> and BASIC auth
Eric Wittmann
eric.wittmann at redhat.com
Fri Aug 21 13:02:23 EDT 2015
I'm not a fan of basic auth either, but ... give the people what they
want?
We had to implement a BASIC Authentication Policy in apiman for the same
reason - lots of people use it and want it still.
On 8/21/2015 11:09 AM, Bill Burke wrote:
> BTW, I despise our Basic Auth option. One of the points of SAML/OIDC is
> that the application never has access to user credentials. Using Basic
> Auth violates that principle....But to each his own...
>
> On 8/21/2015 10:03 AM, Bill Burke wrote:
>> https://issues.jboss.org/browse/KEYCLOAK-1778
>>
>> committing a fix for this in next hour or so. Please elaborate on your
>> CORS problem though.
>>
>> On 8/21/2015 9:56 AM, Bill Burke wrote:
>>> I'm more interested in the CORS problems. What you want is an easy fix.
>>>
>>> On 8/21/2015 9:47 AM, Eric Wittmann wrote:
>>>> Can we get an option that disables the login redirect but still allows
>>>> BASIC auth to work?
>>>>
>>>> -Eric
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>
>>>
>>
>
More information about the keycloak-dev
mailing list