[keycloak-user] REST -> Backend App
Red Samh
redsamh at gmail.com
Fri Sep 5 11:59:35 EDT 2014
Eap 6.x, it would be nice if i could generalize to any war deployed to to
tomcat or jetty.
Thanks
Sam
On Sep 5, 2014 11:51 AM, "Bill Burke" <bburke at redhat.com> wrote:
> Wildfly or JBoss EAP 6.x or JBoss AS 7.1?
>
>
> On 9/5/2014 11:49 AM, Red Samh wrote:
>
>> Bill,
>>
>> Thanks for the reply.
>>
>> Yes it works when I have to call REST to another REST service and any
>> number of hops. The problem is calling a full fledged application from
>> a REST service that I have the issue. When it is an application that is
>> both Web App + REST and I add the authorization header (bearer) I get an
>> unauthorized 401 (blackbox in the attachment).
>>
>> Thanks
>> Sam
>>
>>
>> On Fri, Sep 5, 2014 at 11:42 AM, Bill Burke <bburke at redhat.com
>> <mailto:bburke at redhat.com>> wrote:
>>
>> Should work. You'll have to actually describe what your problem is
>> or I
>> can't help you. I'll take a guess though:
>>
>> Keycloak doesn't propagate the Authorization bearer token header
>> automatically when you have multiple REST "hops" between multiple
>> servers You'll have to obtain the access token and set up the HTTP
>> header manually. The demo customer-portal example in the distro does
>> exactly this, so take a look at that for more details.
>>
>> On 9/5/2014 10:58 AM, Red Samh wrote:
>> > Hello,
>> >
>> > We have an application that is protected using Keycloak and a
>> user can
>> > access this application through a web front. After login the user
>> can
>> > use the functionality of the application. The application is also
>> > exposed through REST API's and is protected via keycloak as part
>> of the
>> > application and accessible only after login into the main
>> application.
>> >
>> > We have a
>> >
>> > (Step 1) Javascript application (retrieving data from) ->
>> >
>> > (Step 2) Business Application exposed as REST API (REST API has
>> to make
>> > calls to backend Application mentioned above) ->
>> >
>> > (Step 3) BackEnd Application Server + REST API.
>> >
>> > Directly accessing the BackEnd Application Server works fine but
>> when we
>> > need to call the REST API from another REST service which is
>> > authenticated via Keycloak we have issues.
>> >
>> > We used the existing sample to try and do a POC but not sure what
>> is the
>> > best approach to solve this issue. The part from (Step 1) to (Step
>> 2)
>> > works and the REST API is protected using BEARER token. The (Step
>> 2) to
>> > (Step 3) is a problem as in (Step 2) we only have the BEARER
>> token and
>> > the BackEnd Application is protected using the full keycloak
>> > configuration. So The BackEnd Application service is not
>> authenticating
>> > by sending in only the BEARER token in the header which is a full
>> > keycloak installation (work as only a web service).
>> >
>> > Thanks
>> > Sam
>> >
>> >
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.
>> jboss.org>
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140905/d7aba5fe/attachment.html
More information about the keycloak-user
mailing list