[keycloak-user] propagating authentication to REST layer
Tim Dudgeon
tdudgeon.ml at gmail.com
Fri Jan 1 05:52:53 EST 2016
The user docs
(http://keycloak.github.io/docs/userguide/keycloak-server/html/Overview.html#d4e54)
describe exactly what I'm looking for:
> Signed access tokens can also be propagated by REST client requests
> within an|Authorization|header. This is great for distributed
> integration as applications can request a login from a client to
> obtain an access token, then invoke any aggregated REST invocations to
> other services using that access token.
I have a web app (in Tomcat) that uses the Keycloak adapter for user
authentication.
This web app needs to access a REST service, running in a different
Tomcat container and I want the REST service to use the same user
authentication, but I'm not totally sure about how to go about this.
Do I just grab the keycloak token in the header in the web app and add
that as a header when calling the REST service, and set the REST service
up to use the same Keycloak adapter configuration as the web app?
What if I want to have other ways to authenticate the REST service (e.g.
access from multiple clients)?
Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160101/d1478ea6/attachment-0001.html
More information about the keycloak-user
mailing list