[keycloak-user] REST -> Backend App

Red Samh redsamh at gmail.com
Fri Sep 5 13:31:51 EDT 2014 

Thanks Bill, much appreciated. Is there something I can do in the interim
even if it is a hack?. I was looking at adapter code or even something I
can hardcode in the rest service to pull out the user information and make
the call to the back end application?

Thanks
Sam
On Sep 5, 2014 1:19 PM, "Bill Burke" <bburke at redhat.com> wrote:

> A pure servlet filter is on the roadmap, but it wouldn't be as seemlessly
> integrated.  I'll take a look at your problem.
>
> On 9/5/2014 11:59 AM, Red Samh wrote:
>
>>
>> Eap 6.x, it would be nice if i could generalize to any war deployed to
>> to tomcat or jetty.
>>
>> Thanks
>> Sam
>>
>> On Sep 5, 2014 11:51 AM, "Bill Burke" <bburke at redhat.com
>> <mailto:bburke at redhat.com>> wrote:
>>
>>     Wildfly or JBoss EAP 6.x or JBoss AS 7.1?
>>
>>
>>     On 9/5/2014 11:49 AM, Red Samh wrote:
>>
>>         Bill,
>>
>>         Thanks for the reply.
>>
>>         Yes it works when I have to call REST to another REST service
>>         and any
>>         number of hops. The problem is calling a full  fledged
>>         application from
>>         a REST service that I have the issue. When it is an application
>>         that is
>>         both Web App + REST and I add the authorization header (bearer)
>>         I get an
>>         unauthorized 401 (blackbox in the attachment).
>>
>>         Thanks
>>         Sam
>>
>>
>>         On Fri, Sep 5, 2014 at 11:42 AM, Bill Burke <bburke at redhat.com
>>         <mailto:bburke at redhat.com>
>>         <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>> wrote:
>>
>>              Should work.  You'll have to actually describe what your
>>         problem is or I
>>              can't help you.  I'll take a guess though:
>>
>>              Keycloak doesn't propagate the Authorization bearer token
>>         header
>>              automatically when you have multiple REST "hops" between
>>         multiple
>>              servers  You'll have to obtain the access token and set up
>>         the HTTP
>>              header manually.  The demo customer-portal example in the
>>         distro does
>>              exactly this, so take a look at that for more details.
>>
>>              On 9/5/2014 10:58 AM, Red Samh wrote:
>>               > Hello,
>>               >
>>               > We have an application that is protected using Keycloak
>>         and a
>>              user can
>>               > access this application through a web front. After login
>>         the user can
>>               > use the functionality of the application. The
>>         application is also
>>               > exposed through REST API's and is protected via keycloak
>>         as part
>>              of the
>>               > application and accessible only after login into the main
>>              application.
>>               >
>>               > We have a
>>               >
>>               > (Step 1) Javascript application (retrieving data from) ->
>>               >
>>               > (Step 2) Business Application exposed as REST API (REST
>>         API has
>>              to make
>>               > calls to backend Application mentioned above) ->
>>               >
>>               > (Step 3) BackEnd Application Server + REST API.
>>               >
>>               > Directly accessing the BackEnd Application Server works
>>         fine but
>>              when we
>>               > need to call the REST API from another REST service which
>> is
>>               > authenticated via Keycloak we have issues.
>>               >
>>               > We used the existing sample to try and do a POC but not
>>         sure what
>>              is the
>>               > best approach to solve this issue. The part from (Step
>>         1) to (Step 2)
>>               > works and the REST API is protected using BEARER token.
>>         The (Step
>>              2) to
>>               > (Step 3) is a problem as in (Step 2) we only have the
>> BEARER
>>              token and
>>               > the BackEnd Application is protected using the full
>> keycloak
>>               > configuration. So The BackEnd Application service is not
>>              authenticating
>>               > by sending in only the BEARER token in the header which
>>         is a full
>>               > keycloak installation (work as only a web service).
>>               >
>>               > Thanks
>>               > Sam
>>               >
>>               >
>>               > _________________________________________________
>>               > keycloak-user mailing list
>>               > keycloak-user at lists.jboss.org
>>         <mailto:keycloak-user at lists.jboss.org>
>>         <mailto:keycloak-user at lists.__jboss.org
>>         <mailto:keycloak-user at lists.jboss.org>>
>>               > https://lists.jboss.org/__mailman/listinfo/keycloak-user
>>         <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>>               >
>>
>>              --
>>              Bill Burke
>>              JBoss, a division of Red Hat
>>         http://bill.burkecentral.com
>>              _________________________________________________
>>              keycloak-user mailing list
>>         keycloak-user at lists.jboss.org
>>         <mailto:keycloak-user at lists.jboss.org>
>>         <mailto:keycloak-user at lists.__jboss.org
>>         <mailto:keycloak-user at lists.jboss.org>>
>>         https://lists.jboss.org/__mailman/listinfo/keycloak-user
>>         <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>>
>>
>>
>>     --
>>     Bill Burke
>>     JBoss, a division of Red Hat
>>     http://bill.burkecentral.com
>>
>>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140905/455b2bac/attachment-0001.html

More information about the keycloak-user mailing list