[keycloak-user] Client options for authenticating against Keycloak-secured services

Guy Davis guydavis.ca at gmail.com
Mon Mar 2 17:38:43 EST 2015


Good day,

I'm hoping to summarize the methods for a client Java program to
authenticate against a Keycloak-secured service endpoint.  Please correct
any misunderstandings I have in the summary below:

   1. Client program can issue a KC REST API call to get a token and then
   use it as "Authorization" header of type "Bearer" as per example
   2. Client program (such as Apache HttpClient lib) can use Basic
   Authorization if KC secured-deployment has been configured to allow.
   3. Client program can negotiate a SAML v2.0 SP-initiated SSO session
   directly against KC if the service is so configured.
   4. Client program can negotiate a OpenID Connect SSO session directly
   against KC if the service is so configured.

I have working Java examples now for #1 and #2, but was wondering if there
were any Java examples of #3 and #4.  Is my understanding of the
authentication options for clients correct?

By the way, I am greatly impressed by the progress being made on the master
branch around Kerberos/SPNEGO and Identity Brokering.  Kudos to the team.

Thanks in advance,
Guy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150302/0e673070/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2015-03-02_153310.png
Type: image/png
Size: 27963 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20150302/0e673070/attachment-0001.png 


More information about the keycloak-user mailing list