[keycloak-user] Application to applications using bearer token

Stian Thorgersen stian at redhat.com
Thu Apr 16 03:16:00 EDT 2015



----- Original Message -----
> From: "Scott Rossillo" <srossillo at smartling.com>
> To: "Marek Posolda" <mposolda at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Wednesday, April 15, 2015 6:34:52 PM
> Subject: Re: [keycloak-user] Application to applications using bearer token
> 
> Thanks Marek,
> 
> I will try again. I did get it working by setting the service to
> “bearer-only” but there was one bug with the keycloak.json generated by
> Keycloak 1.2.0.Beta1. It’s missing the "auth-server-url”.
> 
> I get:
> 12:32:58.269 [http-nio-2080-exec-1] ERROR
> o.k.a.BearerTokenRequestAuthenticator - Failed to verify token
> org.keycloak.VerificationException: Realm URL is null. Make sure to add
> auth-server-url to the configuration of your adapter!
> 
> After adding "auth-server-url” to the keycloak.json file, it works.
> 
> I’ll set app back to confidential and I will keep testing.

https://issues.jboss.org/browse/KEYCLOAK-1213 - fixing now

> 
> Thanks,
> Scott
> 
> 
> 
> 
> On Wed, Apr 15, 2015 at 12:29 PM, Marek Posolda < mposolda at redhat.com >
> wrote:
> 
> 
> 
> That's quite strange. It should already be possible to authenticate against
> confidential applications with bearer-token. For example if you switch demo
> database-service as "confidential" instead of "bearer-only", it should be
> still possible to authenticate to it with the bearer access token sent from
> customer-portal. You can try it and see if it works.
> 
> If demo works for you, but your applications don't, it's probably some
> configuration problem on your side.
> 
> Marek
> 
> 
> On 15.4.2015 17:44, Scott Rossillo wrote:
> 
> 
> 
> Actually, I wanted to clarify one thing:
> 
> In the demos the database-service is set up as bearer-only. Maybe that’s the
> problem I’m having. I have the dependent service set as confidential. But
> shouldn’t this be supported?
> 
> What if the service provides both user facing features and APIs that can be
> accessed with bearer tokens?
> 
> Thanks again,
> Scott
> 
> On Wed, Apr 15, 2015 at 11:41 AM, Scott Rossillo < srossillo at smartling.com >
> wrote:
> 
> 
> 
> In the demos, there’s a clear example of how a user is authenticated against
> an application, say the customer-portal, and then the customer-portal
> requests information from the database-service using the access token as a
> bearer token.
> 
> In this example, the database-service accepts the bearer token and returns
> data.
> 
> However, using the Keycloak Adapters and attempting to do the same thing, the
> authentication is rejected. Any idea what may be causing this?
> 
> Thanks,
> Scott
> 
> 
> 
> _______________________________________________
> keycloak-user mailing list keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
> 
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list