[keycloak-user] REST -> Backend App
Red Samh
redsamh at gmail.com
Mon Sep 8 10:09:51 EDT 2014
Bill,
I redid everything and it is working now. Thanks :).
Thanks
Sam
On Fri, Sep 5, 2014 at 3:35 PM, Bill Burke <bburke at redhat.com> wrote:
> I doubt the version is the problem.
>
> On 9/5/2014 3:23 PM, Red Samh wrote:
>
>> Bill,
>>
>> I have rc1 and not rc2, let me check if it works in the newer version.
>> It may be the version.
>>
>> Thanks
>> Sam
>>
>>
>> On Fri, Sep 5, 2014 at 3:13 PM, Red Samh <redsamh at gmail.com
>> <mailto:redsamh at gmail.com>> wrote:
>>
>> Bill,
>>
>> I am able to get the example to work and it is fine if I am calling
>> REST service to any other REST service (any number of hops). Does it
>> work if you try to access another web application (just submit a
>> form, access content or anything) that is authenticated by Keycloak
>> or Are you able to make a call from the REST Service to a web
>> application that is configured with Keycloak?
>>
>> See attached explanation.
>>
>> Thanks
>> Sam
>>
>>
>> On Fri, Sep 5, 2014 at 2:41 PM, Bill Burke <bburke at redhat.com
>> <mailto:bburke at redhat.com>> wrote:
>>
>> You're going to have to elaborate on your problem as I was
>> unable to reproduce it.
>>
>> I took examples/preconfigured-demo/__customer-app and added the
>> database/ projects Java files to it. I was able to deploy this
>> application and do both web and bearer auth from the same war.
>>
>> Are you using latest Keycloak? 1.0-rc2?
>>
>> On 9/5/2014 1:31 PM, Red Samh wrote:
>>
>>
>> Thanks Bill, much appreciated. Is there something I can do
>> in the
>> interim even if it is a hack?. I was looking at adapter code
>> or even
>> something I can hardcode in the rest service to pull out the
>> user
>> information and make the call to the back end application?
>>
>> Thanks
>> Sam
>>
>> On Sep 5, 2014 1:19 PM, "Bill Burke" <bburke at redhat.com
>> <mailto:bburke at redhat.com>
>> <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>> wrote:
>>
>> A pure servlet filter is on the roadmap, but it
>> wouldn't be as
>> seemlessly integrated. I'll take a look at your problem.
>>
>> On 9/5/2014 11:59 AM, Red Samh wrote:
>>
>>
>> Eap 6.x, it would be nice if i could generalize to
>> any war
>> deployed to
>> to tomcat or jetty.
>>
>> Thanks
>> Sam
>>
>> On Sep 5, 2014 11:51 AM, "Bill Burke"
>> <bburke at redhat.com <mailto:bburke at redhat.com>
>> <mailto:bburke at redhat.com <mailto:bburke at redhat.com
>> >>
>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>>>> wrote:
>>
>> Wildfly or JBoss EAP 6.x or JBoss AS 7.1?
>>
>>
>> On 9/5/2014 11:49 AM, Red Samh wrote:
>>
>> Bill,
>>
>> Thanks for the reply.
>>
>> Yes it works when I have to call REST to
>> another REST
>> service
>> and any
>> number of hops. The problem is calling a
>> full fledged
>> application from
>> a REST service that I have the issue. When
>> it is an
>> application
>> that is
>> both Web App + REST and I add the
>> authorization header
>> (bearer)
>> I get an
>> unauthorized 401 (blackbox in the
>> attachment).
>>
>> Thanks
>> Sam
>>
>>
>> On Fri, Sep 5, 2014 at 11:42 AM, Bill Burke
>> <bburke at redhat.com <mailto:bburke at redhat.com>
>> <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>
>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>>>
>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>>
>> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com> <mailto:bburke at redhat.com
>> <mailto:bburke at redhat.com>>>>> wrote:
>>
>> Should work. You'll have to actually
>> describe
>> what your
>> problem is or I
>> can't help you. I'll take a guess
>> though:
>>
>> Keycloak doesn't propagate the
>> Authorization
>> bearer token
>> header
>> automatically when you have multiple
>> REST "hops"
>> between
>> multiple
>> servers You'll have to obtain the
>> access token
>> and set up
>> the HTTP
>> header manually. The demo
>> customer-portal example
>> in the
>> distro does
>> exactly this, so take a look at that
>> for more details.
>>
>> On 9/5/2014 10:58 AM, Red Samh wrote:
>> > Hello,
>> >
>> > We have an application that is
>> protected using
>> Keycloak
>> and a
>> user can
>> > access this application through a
>> web front.
>> After login
>> the user can
>> > use the functionality of the
>> application. The
>> application is also
>> > exposed through REST API's and is
>> protected via
>> keycloak
>> as part
>> of the
>> > application and accessible only
>> after login
>> into the main
>> application.
>> >
>> > We have a
>> >
>> > (Step 1) Javascript application
>> (retrieving
>> data from) ->
>> >
>> > (Step 2) Business Application
>> exposed as REST
>> API (REST
>> API has
>> to make
>> > calls to backend Application
>> mentioned above) ->
>> >
>> > (Step 3) BackEnd Application
>> Server + REST API.
>> >
>> > Directly accessing the BackEnd
>> Application
>> Server works
>> fine but
>> when we
>> > need to call the REST API from
>> another REST
>> service which is
>> > authenticated via Keycloak we have
>> issues.
>> >
>> > We used the existing sample to try
>> and do a POC
>> but not
>> sure what
>> is the
>> > best approach to solve this issue.
>> The part
>> from (Step
>> 1) to (Step 2)
>> > works and the REST API is
>> protected using
>> BEARER token.
>> The (Step
>> 2) to
>> > (Step 3) is a problem as in (Step
>> 2) we only
>> have the BEARER
>> token and
>> > the BackEnd Application is
>> protected using the
>> full keycloak
>> > configuration. So The BackEnd
>> Application
>> service is not
>> authenticating
>> > by sending in only the BEARER
>> token in the
>> header which
>> is a full
>> > keycloak installation (work as
>> only a web service).
>> >
>> > Thanks
>> > Sam
>> >
>> >
>> >
>> _____________________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org
>> <mailto:keycloak-user at lists.jboss.org>
>> <mailto:keycloak-user at lists.__jboss.org
>> <mailto:keycloak-user at lists.jboss.org>>
>> <mailto:keycloak-user at lists.
>> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>> <mailto:keycloak-user at lists.__jboss.org
>> <mailto:keycloak-user at lists.jboss.org>>>
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>.
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>.>______jboss.org
>> <http://jboss.org> <http://jboss.org>
>> <mailto:keycloak-user at lists.
>> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>> <mailto:keycloak-user at lists.__jboss.org
>> <mailto:keycloak-user at lists.jboss.org>>>>
>> >
>> https://lists.jboss.org/______mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user>
>>
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>
>>
>>
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>
>>
>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >__>__>
>> >
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>
>> _____________________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> <mailto:keycloak-user at lists.jboss.org>
>> <mailto:keycloak-user at lists.__jboss.org
>> <mailto:keycloak-user at lists.jboss.org>>
>> <mailto:keycloak-user at lists.
>> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>> <mailto:keycloak-user at lists.__jboss.org
>> <mailto:keycloak-user at lists.jboss.org>>>
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>.
>> <mailto:keycloak-user at lists
>> <mailto:keycloak-user at lists>.>______jboss.org
>> <http://jboss.org> <http://jboss.org>
>> <mailto:keycloak-user at lists.
>> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>> <mailto:keycloak-user at lists.__jboss.org
>> <mailto:keycloak-user at lists.jboss.org>>>>
>> https://lists.jboss.org/______mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user>
>>
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>__>
>>
>>
>> <https://lists.jboss.org/____mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>
>>
>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user
>> <https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >__>__>
>>
>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>
>>
>>
>>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140908/078aa8bf/attachment-0001.html
More information about the keycloak-user
mailing list