[keycloak-user] Application to applications using bearer token

Scott Rossillo srossillo at smartling.com
Wed Apr 15 12:34:52 EDT 2015


Thanks Marek,

I will try again. I did get it working by setting the service to
“bearer-only” but there was one bug with the keycloak.json generated by
Keycloak 1.2.0.Beta1. It’s missing the "auth-server-url”.

I get:
12:32:58.269 [http-nio-2080-exec-1] ERROR
o.k.a.BearerTokenRequestAuthenticator - Failed to verify token
org.keycloak.VerificationException: Realm URL is null. Make sure to add
auth-server-url to the configuration of your adapter!

After adding "auth-server-url” to the keycloak.json file, it works.

I’ll set app back to confidential and I will keep testing.

Thanks,
Scott




On Wed, Apr 15, 2015 at 12:29 PM, Marek Posolda <mposolda at redhat.com> wrote:

>  That's quite strange. It should already be possible to authenticate
> against confidential applications with bearer-token. For example if you
> switch demo database-service as "confidential" instead of "bearer-only", it
> should be still possible to authenticate to it with the bearer access token
> sent from customer-portal. You can try it and see if it works.
>
> If demo works for you, but your applications don't, it's probably some
> configuration problem on your side.
>
> Marek
>
>
> On 15.4.2015 17:44, Scott Rossillo wrote:
>
> Actually, I wanted to clarify one thing:
>
>  In the demos the database-service is set up as bearer-only. Maybe that’s
> the problem I’m having. I have the dependent service set as confidential.
> But shouldn’t this be supported?
>
>  What if the service provides both user facing features and APIs that can
> be accessed with bearer tokens?
>
>  Thanks again,
> Scott
>
> On Wed, Apr 15, 2015 at 11:41 AM, Scott Rossillo <srossillo at smartling.com>
> wrote:
>
>> In the demos, there’s a clear example of how a user is authenticated
>> against an application, say the customer-portal, and then the
>> customer-portal requests information from the database-service using the
>> access token as a bearer token.
>>
>>  In this example, the database-service accepts the bearer token and
>> returns data.
>>
>>  However, using the Keycloak Adapters and attempting to do the same
>> thing, the authentication is rejected. Any idea what may be causing this?
>>
>>  Thanks,
>> Scott
>>
>
>
>
> _______________________________________________
> keycloak-user mailing listkeycloak-user at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150415/ea4fe047/attachment.html 


More information about the keycloak-user mailing list