[keycloak-user] REST -> Backend App

Bill Burke bburke at redhat.com
Fri Sep 5 11:51:33 EDT 2014 

Wildfly or JBoss EAP 6.x or JBoss AS 7.1?


On 9/5/2014 11:49 AM, Red Samh wrote:
> Bill,
>
> Thanks for the reply.
>
> Yes it works when I have to call REST to another REST service and any
> number of hops. The problem is calling a full  fledged application from
> a REST service that I have the issue. When it is an application that is
> both Web App + REST and I add the authorization header (bearer) I get an
> unauthorized 401 (blackbox in the attachment).
>
> Thanks
> Sam
>
>
> On Fri, Sep 5, 2014 at 11:42 AM, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
>     Should work.  You'll have to actually describe what your problem is or I
>     can't help you.  I'll take a guess though:
>
>     Keycloak doesn't propagate the Authorization bearer token header
>     automatically when you have multiple REST "hops" between multiple
>     servers  You'll have to obtain the access token and set up the HTTP
>     header manually.  The demo customer-portal example in the distro does
>     exactly this, so take a look at that for more details.
>
>     On 9/5/2014 10:58 AM, Red Samh wrote:
>      > Hello,
>      >
>      > We have an application that is protected using Keycloak and a
>     user can
>      > access this application through a web front. After login the user can
>      > use the functionality of the application. The application is also
>      > exposed through REST API's and is protected via keycloak as part
>     of the
>      > application and accessible only after login into the main
>     application.
>      >
>      > We have a
>      >
>      > (Step 1) Javascript application (retrieving data from) ->
>      >
>      > (Step 2) Business Application exposed as REST API (REST API has
>     to make
>      > calls to backend Application mentioned above) ->
>      >
>      > (Step 3) BackEnd Application Server + REST API.
>      >
>      > Directly accessing the BackEnd Application Server works fine but
>     when we
>      > need to call the REST API from another REST service which is
>      > authenticated via Keycloak we have issues.
>      >
>      > We used the existing sample to try and do a POC but not sure what
>     is the
>      > best approach to solve this issue. The part from (Step 1) to (Step 2)
>      > works and the REST API is protected using BEARER token. The (Step
>     2) to
>      > (Step 3) is a problem as in (Step 2) we only have the BEARER
>     token and
>      > the BackEnd Application is protected using the full keycloak
>      > configuration. So The BackEnd Application service is not
>     authenticating
>      > by sending in only the BEARER token in the header which is a full
>      > keycloak installation (work as only a web service).
>      >
>      > Thanks
>      > Sam
>      >
>      >
>      > _______________________________________________
>      > keycloak-user mailing list
>      > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>      > https://lists.jboss.org/mailman/listinfo/keycloak-user
>      >
>
>     --
>     Bill Burke
>     JBoss, a division of Red Hat
>     http://bill.burkecentral.com
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-user mailing list