[keycloak-user] Client options for authenticating against Keycloak-secured services
Guy Davis
guydavis.ca at gmail.com
Mon Mar 2 17:38:43 EST 2015
Good day,
I'm hoping to summarize the methods for a client Java program to
authenticate against a Keycloak-secured service endpoint. Please correct
any misunderstandings I have in the summary below:
1. Client program can issue a KC REST API call to get a token and then
use it as "Authorization" header of type "Bearer" as per example
2. Client program (such as Apache HttpClient lib) can use Basic
Authorization if KC secured-deployment has been configured to allow.
3. Client program can negotiate a SAML v2.0 SP-initiated SSO session
directly against KC if the service is so configured.
4. Client program can negotiate a OpenID Connect SSO session directly
against KC if the service is so configured.
I have working Java examples now for #1 and #2, but was wondering if there
were any Java examples of #3 and #4. Is my understanding of the
authentication options for clients correct?
By the way, I am greatly impressed by the progress being made on the master
branch around Kerberos/SPNEGO and Identity Brokering. Kudos to the team.
Thanks in advance,
Guy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150302/0e673070/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2015-03-02_153310.png
Type: image/png
Size: 27963 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150302/0e673070/attachment-0001.png
More information about the keycloak-user
mailing list