[keycloak-user] Two way communication required between Keycloak Server and REST API BAckend Server?

Adrian Matei adrianmatei at gmail.com
Tue Jul 19 04:20:58 EDT 2016


Hi Stian,

Thank you for the confirmation.

Kind regards,
Adrian


On Tue, Jul 19, 2016 at 8:45 AM, Stian Thorgersen <sthorger at redhat.com>
wrote:

> The REST service doesn't need to communicate directly with Keycloak. The
> auth-server-url is required by a bearer only token mainly to verify the
> issuer in the token (it's the full url of the realm, not just the realm
> name).
>
> On 15 July 2016 at 16:34, Adrian Matei <adrianmatei at gmail.com> wrote:
>
>> Hi everyone,
>>
>> Does a Keycloak secured REST Api on JBoss EAP 6.1 (access-type bearer
>> only) need to communicate with the Keycloak Server once the Adapter and
>> standalone.xml are properly configured?
>>
>> Currently both servers are on the same DMZ zone, but we'd like to move
>> the REST Api Server in Intranet zone.
>>
>> (test - the REST backend seems to be callable as long as the token is
>> valid, though the Keycloak Server was shutdown, but I ask myself why do I
>> need to specify the auth-server-url in standalone.xml, or keycloak.json
>> file)
>>
>>
>> Thanks
>> Adrian
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160719/1e4c7a4d/attachment.html 


More information about the keycloak-user mailing list