[keycloak-user] How Basic Authentication is implemented for Java adapters?
Sebastien Blanc
sblanc at redhat.com
Wed Dec 14 02:38:04 EST 2016
Not sure SpringSec adapter supports basic auth, I need to check this out.
Why do you need basic auth ? Is that just for your CLI client so it can log
in ? Why don't you setup a CLI client in the KC console that has direct
grant enabled ?? That would make the things easier, your CLI request a
token to KC and the use it to make the API calls.
On Wed, Dec 14, 2016 at 8:07 AM, Michael Furman <michael_furman at hotmail.com>
wrote:
>
> We use SpringSecurity adapter
>
> ________________________________
> From: keycloak-user-bounces at lists.jboss.org <keycloak-user-bounces at lists.
> jboss.org> on behalf of Michael Furman <michael_furman at hotmail.com>
> Sent: Wednesday, December 14, 2016 8:59 AM
> To: keycloak-user at lists.jboss.org
> Subject: [keycloak-user] How Basic Authentication is implemented for Java
> adapters?
>
> Hi,
> We need to implement authentication for our REST APIs.
> The issue is not simple since same APIs used for UI and for the CLI
> clients.
> CLI clients access REST API using Basic Authentication.
> For UI we want to access REST APIs after OIDC authentication.
> Therefore we need to achieve the following:
>
> * If a request comes without any authentication the server should
> respond with HTTP 401.
> * If a request comes with the Basic Authentication header it is
> authenticated.
> * If a request comes with Keycloak cookies it is authenticated (and
> HTTP 401 is not appear).
> Is it possible to do it?
> I will happy to clarify how Basic Authentication is implemented for
> Keycloak Java adapters.
> I found the enable-basic-auth configuration here:
> https://keycloak.gitbooks.io/securing-client-applications-
> guide/content/topics/oidc/java/java-adapter-config.html
>
> Questions:
>
> 1. Will Keycloak Java adapter prompt with HTTP 401 if a request without
> any authentication?
> (we can not allow OIDC redirection in this case)
> 2. What happens a request comes with Basic Authentication header it is
> authenticated?
> How Keycloak Java adapter validates the user name and password?
>
> 3. What happens a request comes with Keycloak cookies?
>
>
> Best regards,
> Michael
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list