[keycloak-dev] keycloak authentication with session id instead of the token

Stian Thorgersen sthorger at redhat.com
Fri Dec 18 03:00:45 EST 2015


Once you've authenticated with Keycloak the application can setup its own
HTTP session that contains the token details. Keycloak uses its own session
cookie to maintain the SSO session. Keycloak won't authenticate with a
application cookie though.

On 13 December 2015 at 20:30, sabir <sss2174 at columbia.edu> wrote:

>
> Hello,
>
> I am working on integration keycloak authentication and setting up
> authorization on endpoints in Dropwizard application.
>
> I've looked into existing project here:
> https://github.com/ahus1/keycloak-dropwizard-integration/
> Also, I looked into
> https://github.com/keycloak/keycloak/blob/c9e0a7a97dd98b31836195df167684a42dae4d3c/services/src/main/java/org/keycloak/authentication/authenticators/browser/CookieAuthenticator.java
>
> I am able to authenticate by username/password or passing keycloak token.
> It is crucial for us to authenticate existing session without credentials
> or keycloak token.
>
> Does keycloak expose endpoints to authenticate via Cookie like:
>
> KEYCLOAK_SESSION, KEYCLOAK_IDENTITY and/or KEYCLOAK_STATE_CHECKER
>
> I'm not sure if this is the correct place for questions like these. Please
> direct me otherwise.
>
> Thanks,
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151218/04de665f/attachment.html 


More information about the keycloak-dev mailing list