[keycloak-user] Config cascading services

Dirk Franssen dirk.franssen at gmail.com
Tue Dec 8 06:09:41 EST 2015


Hi,

how would one configure Keycloak to obtain following scenario's?

Scenario 1:

client A: public (angular app)
client B: bearer-only (microservice)
client C: bearer-only (microservice)

- microservice B is allowed to call microservice C, but an authenticated
user in the js app A should be forbidden to call microservice C directly.

Scenario 2:

client A: public (angular app)
client B: confidential (1 war with a REST service AND a JSF application,
both using the same EJB business layer which is accessing microservice C)
client C: bearer-only (microservice)

- a user authenticated in the angular app can use the REST service of app B
and will see the results of microservice C, but the user may not call
microservice C directly
- a user authenticated in the JSF application will see the results of
microservice C when using the JSF application, but should not be able to
use microservice C directly (if the user would reuse the same access_token)
- should there be different roles for the REST part and the JSF part of app
B (for accessing microservice C)?

Kind regards,
Dirk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151208/726df084/attachment.html 


More information about the keycloak-user mailing list