[keycloak-user] REST services supporting basic auth and bearer tokens
gbrown at redhat.com
Wed Nov 26 08:54:18 EST 2014
Concrete use case - we have implemented the OASIS S-RAMP specification, in which it requires basic auth support (http://docs.oasis-open.org/s-ramp/s-ramp/v1.0/s-ramp-v1.0-part2-atom-binding.html section 5 "The S-RAMP Specification does not attempt to define a security model for products that implement it. For the Atom Binding, the only security requirement is that at a minimum, client and server implementations MUST be capable of being configured to use HTTP Basic Authentication in conjunction with a connection made with TLS.").
However we also need the same service to support bearer token, for use within our KeyCloak SSO session.
I've implemented a possible solution, details defined on https://issues.jboss.org/browse/KEYCLOAK-861.
If this solution is on the right path, I would appreciate any feedback on any changes that might be required before submitting a PR. Currently there are no tests, but would aim to provide some with the PR.
More information about the keycloak-user