[keycloak-user] How Basic Authentication is implemented for Java adapters?

Michael Furman michael_furman at hotmail.com
Wed Dec 14 02:07:21 EST 2016


We use SpringSecurity adapter

________________________________
From: keycloak-user-bounces at lists.jboss.org <keycloak-user-bounces at lists.jboss.org> on behalf of Michael Furman <michael_furman at hotmail.com>
Sent: Wednesday, December 14, 2016 8:59 AM
To: keycloak-user at lists.jboss.org
Subject: [keycloak-user] How Basic Authentication is implemented for Java adapters?

Hi,
We need to implement authentication for our REST APIs.
The issue is not simple since same APIs used for UI and for the CLI clients.
CLI clients access REST API using Basic Authentication.
For UI we want to access REST APIs after OIDC authentication.
Therefore we need to achieve the following:

  *   If a request comes without any authentication the server should respond with HTTP 401.
  *   If a request comes with the Basic Authentication header it is authenticated.
  *   If a request comes with Keycloak cookies it is authenticated (and HTTP 401 is not appear).
Is it possible to do it?
I will happy to clarify how Basic Authentication is implemented for Keycloak Java adapters.
I found the enable-basic-auth configuration here:
https://keycloak.gitbooks.io/securing-client-applications-guide/content/topics/oidc/java/java-adapter-config.html

Questions:

  1.  Will Keycloak Java adapter prompt with HTTP 401 if a request without any authentication?
(we can not allow OIDC redirection in this case)
  2.  What happens a request comes with Basic Authentication header it is authenticated?
How Keycloak Java adapter validates the user name and password?

  3.  What happens a request comes with Keycloak cookies?


Best regards,
   Michael

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list