[keycloak-user] Recommendations for protecting REST service with bearer token and basic auth

Gary Brown gbrown at redhat.com
Mon Nov 10 03:20:41 EST 2014


Currently its for backward compatibility, maintaining the same simple authentication approach for existing clients using the REST services.

However basic auth is a standard (and simple) approach, so I could see some cases where it would be preferred by app developers rather than accessing a keycloak specific service to obtain a token. One relevant case would be API management - if a backend service was protected by keycloak, I believe it would require a specific authentication module to obtain a token per request (unless the token could be cached somewhere).

So I think having the basic auth support will provide flexibility.

Regards
Gary

----- Original Message -----
> If you are using Keycloak, I don't understand why you would want to do
> basic auth.
> 
> Eventually I'm going to write a JAAS plugin for simple username/password
> with Keycloak, but I have other stuff in my queue at the moment.  For
> your application, you'd have to write something that obtained a admin
> token and verified username password and downloaded role mappings.
> 
> On 11/7/2014 9:16 AM, Gary Brown wrote:
> > Hi
> >
> > I've just started looking at KeyCloak to use with the Overlord governance
> > projects.
> >
> > I have tried the examples, and see how we could leverage KeyCloak to
> > protect the UI apps and the backend REST services they use. However we
> > also need to provide the REST services as independent services using basic
> > auth - but would like the basic auth to be performed against the users
> > managed by KeyCloak.
> >
> > Is there any recommendations on how this can be achieved?
> >
> > Do we need to provide our own filter - is there any example code to do
> > this?
> >
> > Is it possible to do something via the KeyCloak subsystem configuration
> > approach, in case we wanted to secure the REST service without modifying
> > the war?
> >
> > Thanks in advance.
> >
> > Regards
> > Gary
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> 


More information about the keycloak-user mailing list