[keycloak-user] propagating authentication to REST layer

Stian Thorgersen sthorger at redhat.com
Tue Jan 5 02:36:31 EST 2016


On 1 January 2016 at 11:52, Tim Dudgeon <tdudgeon.ml at gmail.com> wrote:

> The user docs (
> http://keycloak.github.io/docs/userguide/keycloak-server/html/Overview.html#d4e54)
> describe exactly what I'm looking for:
>
> Signed access tokens can also be propagated by REST client requests within
> an Authorization header. This is great for distributed integration as
> applications can request a login from a client to obtain an access token,
> then invoke any aggregated REST invocations to other services using that
> access token.
>
> I have a web app (in Tomcat) that uses the Keycloak adapter for user
> authentication.
> This web app needs to access a REST service, running in a different Tomcat
> container and I want  the REST service to use the same user authentication,
> but I'm not totally sure about how to go about this.
> Do I just grab the keycloak token in the header in the web app and add
> that as a header when calling the REST service, and set the REST service up
> to use the same Keycloak adapter configuration as the web app?
>

You could or you can get the token from the adapter. Take a look at:

https://github.com/keycloak/keycloak/blob/master/examples/demo-template/customer-app/src/main/java/org/keycloak/example/CustomerDatabaseClient.java#L48


>
> What if I want to have other ways to authenticate the REST service (e.g.
> access from multiple clients)?
>

Not sure what you mean about this


>
>
> Tim
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160105/2c33dd01/attachment-0001.html 


More information about the keycloak-user mailing list