[keycloak-user] REST services supporting basic auth and bearer tokens

Gary Brown gbrown at redhat.com
Wed Nov 26 08:54:18 EST 2014


Concrete use case - we have implemented the OASIS S-RAMP specification, in which it requires basic auth support (http://docs.oasis-open.org/s-ramp/s-ramp/v1.0/s-ramp-v1.0-part2-atom-binding.html section 5 "The S-RAMP Specification does not attempt to define a security model for products that implement it.  For the Atom Binding, the only security requirement is that at a minimum, client and server implementations MUST be capable of being configured to use HTTP Basic Authentication in conjunction with a connection made with TLS.").

However we also need the same service to support bearer token, for use within our KeyCloak SSO session.

I've implemented a possible solution, details defined on https://issues.jboss.org/browse/KEYCLOAK-861.

If this solution is on the right path, I would appreciate any feedback on any changes that might be required before submitting a PR. Currently there are no tests, but would aim to provide some with the PR.


More information about the keycloak-user mailing list