[keycloak-user] Setting up webapplication to accept both bearer and openid redirect login
David Delbecq
david_delbecq at trimble.com
Tue Jan 3 04:12:05 EST 2017
Great, thanks :)
On Mon, Jan 2, 2017 at 3:40 PM Stian Thorgersen <sthorger at redhat.com> wrote:
> "autodetect-bearer-only" in keycloak.json should do the trick. See
> https://keycloak.gitbooks.io/securing-client-applications-guide/content/topics/oidc/java/java-adapter-config.html
> .
>
> On 29 December 2016 at 17:11, David Delbecq <david_delbecq at trimble.com>
> wrote:
>
> I have a wildlfy application where i need this behaviour:
>
> 1) If user provides a token during request and try to access a secure area,
> use it (typically soap ant rest requests)
> 2) If user has no credentials to show, issue interactive web login
>
> So far I managed to get either 1) or 2) on the application, depending on
> using bearer-only accesstype or not. But i can't seem to find out how to
> have both behaviour. Below is json export of my current realm config. I am
> currently doing this in wildfly
>
> <secure-deployment name="shipping.war">
> <realm>Shipping</realm>
> <auth-server-url>${authURL}</auth-server-url>
> <public-client>true</public-client>
> <ssl-required>EXTERNAL</ssl-required>
> <resource>shipping-soap</resource>
>
> <use-resource-role-mappings>true</use-resource-role-mappings>
> </secure-deployment>
>
> using this code to get a token from the WS client
>
> Keycloak keycloak =
> Keycloak.getInstance(System.getProperty("keycloak.url"), "Shipping",
> username, password, "shipping-soap");
> customHeaders.put("Authorization", Arrays.asList("Bearer:
> "+keycloak.tokenManager().getAccessTokenString()));
>
>
> but when i issue the ws request, i get a redirect to keycloak (see below).
> I suspect i misunderstood some parts of the keycloak configuration and it's
> behaviour, but i am not sure what i did wrong. Can somebody explain me how
> to integrate both webservice and webpages with a single client id?
>
> POST /shipping/service/1.0/shipping HTTP/1.1
> Content-Type: text/xml; charset=UTF-8
> Accept: */*
> Authorization: Bearer:
>
>
> eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJZNjlCMm1aT2NuX0tnMTVEVC03MU5tUTNVN3NhdG1BLTJsc3BCM2VNRFNRIn0.eyJqdGkiOiI2ZGRmMjMxYy01YjY4LTQ4MDUtOWU4YS0zNWQ5YjQ2YzYwZDciLCJleHAiOjE0ODMwMjY0NzQsIm5iZiI6MCwiaWF0IjoxNDgzMDI2MTc0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjEzMDgwL2F1dGgvcmVhbG1zL1NoaXBwaW5nIiwiYXVkIjoic2hpcHBpbmctc29hcCIsInN1YiI6ImZiNjJlN2Y2LTIzMjAtNDc5YS04NTEwLWM4OTg0MzZiZmJlMSIsInR5cCI6IkJlYXJlciIsImF6cCI6InNoaXBwaW5nLXNvYXAiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiJkMWFhMTE1OS00Y2JiLTRkMDItOTcxNC0zNGQwMWJjZjYwYWYiLCJhY3IiOiIxIiwiY2xpZW50X3Nlc3Npb24iOiJmZWZkODg3Ni1lZWUyLTRiOWYtOWNkZS1kZGZhNWZkZjAyNjEiLCJhbGxvd2VkLW9yaWdpbnMiOltdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJzaGlwcGluZy1zb2FwIjp7InJvbGVzIjpbImF1dGhlbnRpY2F0ZWQiLCJST0xFX2F1dGhlbnRpY2F0ZWQiXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJ2aWV3LXByb2ZpbGUiXX19LCJuYW1lIjoiIiwicHJlZmVycmVkX3VzZXJuYW1lIjoibG9naW5AbHNwNCJ9.d_mRQaUIrxW0poRS3cxZt37IWoRusLKq5OG9!
>
>
>
> _zSd5YAjzQS1sRZgHEvK7yF1aQy_kqebrN4xT67QVYCwqMZzsjIYC0_QBGm6vddCgFXuPLADjVXZJ5UHwHig7aoLRWB511AvpFwCQQuTkYaWD7neGKh4TWOqAkMqTvhzUZPD1GrxyzdBTqCQEKlWgkvBUousKoYd6x4Ua6ofbFgYi5H-1GlSXCHVyqXv3zlDwujhtiZWoAWdoKgEDkQ_dV4SZFZFigGwwYwqKViXm0HIQMOT9QwkN_Yjrhc5eeOgeOKr_YxQ_GkIjPuD4-5C-oM4tp8ikMC-kqsPmaXstlZTM3z5kA
> SOAPAction: ""
> User-Agent: Apache CXF 3.0.5
> Cache-Control: no-cache
> Pragma: no-cache
> Host: localhost:18080
> Connection: keep-alive
> Content-Length: 1784
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/
> "><soap:Body><ns2:createShipments
>
> xmlns:ns2="urn:trimbletl:eshipco:shipping:1_0"><ShipmentData><id>shipmentid</id><type>full-truckload</type><freightCarryingUnitType>none</freightCarryingUnitType><freightCarryingUnitSubType>box-dry-van</freightCarryingUnitSubType><freightCarryingUnitDimension>standard</freightCarryingUnitDimension><cargoType>break-bulk</cargoType><name>shipment
> name</name><consignor><id>consignorid</id><name>consignor
>
> name</name><address><street>street1</street><number>1</number><city>city1</city><zipcode>zipcode1</zipcode><area>area1</area><country>AE</country></address><coordinate><latitude>1</latitude><longitude>2</longitude></coordinate><contact><name>name1</name><company>company1</company><phone>phone1</phone></contact><timewindow><startTime>1970-01-01T01:00:01+01:00</startTime><endTime>1970-01-01T01:00:02+01:00</endTime></timewindow></consignor><consignee><id>consigneeid</id><name>consignee
>
> name</name><address><street>street3</street><number>3</number><city>city3</city><zipcode>zipcode3</zipcode><area>area3</area><country>AG</country></address><coordinate><latitude>3</latitude><longitude>4</longitude></coordinate><contact><name>name3</name><company>company3</company><phone>phone3</phone></contact><timewindow><startTime>1970-01-01T01:00:03+01:00</startTime><endTime>1970-01-01T01:00:04+01:00</endTime></timewindow></consignee><goods><id>box</id><amount>1</amount><volume>100.0</volume><weight>1000.0</weight><loadingMeter>10.0</loadingMeter><length>6</length><width>4</width><height>5</height><ref>testref</ref><desc>some
>
> description</desc></goods><property><key>type.goods</key><value>1000</value></property></ShipmentData></ns2:createShipments></soap:Body></soap:Envelope>HTTP/1.1
> 302 Found
> Expires: 0
> Cache-Control: no-cache, no-store, must-revalidate
> X-Powered-By: Undertow/1
> Set-Cookie:
> JSESSIONID=9XhPxotKq3r_uuhaVAya8iavBVSyqQ9Ibf1h2Emu.ddelbecq-precision;
> path=/shipping
> Set-Cookie:
> OAuth_Token_Request_State=916/8084d5f9-fd05-4267-9d72-026acf016857;
> HttpOnly
> Server: WildFly/9
> Pragma: no-cache
> Location:
>
> http://localhost:13080/auth/realms/Shipping/protocol/openid-connect/auth?response_type=code&client_id=shipping-soap&redirect_uri=http%3A%2F%2Flocalhost%3A18080%2Fshipping%2Fservice%2F1.0%2Fshipping&state=916%2F8084d5f9-fd05-4267-9d72-026acf016857&login=true&scope=openid
> Date: Thu, 29 Dec 2016 15:43:16 GMT
> Connection: keep-alive
> Content-Length: 0
>
> {
> "id" : "c3558938-fa2a-43c6-8de0-17d6ebbe9750",
> "clientId" : "shipping-soap",
> "description" : "Workbench, Adminbench and Administration",
> "rootUrl" : "http://localhost:8080/",
> "adminUrl" : "/shipping",
> "baseUrl" : "/shipping",
> "surrogateAuthRequired" : false,
> "enabled" : true,
> "clientAuthenticatorType" : "client-secret",
> "secret" : "b556a2b8-bb1d-478e-97a0-14105556427f",
> "defaultRoles" : [ "authenticated", "ROLE_authenticated" ],
> "redirectUris" : [ "http://localhost:8080/shipping/*" ],
> "webOrigins" : [ ],
> "notBefore" : 0,
> "bearerOnly" : false,
> "consentRequired" : false,
> "standardFlowEnabled" : true,
> "implicitFlowEnabled" : false,
> "directAccessGrantsEnabled" : true,
> "serviceAccountsEnabled" : false,
> "publicClient" : true,
> "frontchannelLogout" : false,
> "protocol" : "openid-connect",
> "attributes" : {
> "saml.assertion.signature" : "false",
> "saml.force.post.binding" : "false",
> "saml.multivalued.roles" : "false",
> "saml.encrypt" : "false",
> "saml_force_name_id_format" : "false",
> "saml.client.signature" : "false",
> "saml.authnstatement" : "false",
> "saml.server.signature" : "false"
> },
> "fullScopeAllowed" : true,
> "nodeReRegistrationTimeout" : -1,
> "protocolMappers" : [ {
> "id" : "b2eb4fed-68e3-4064-b0a8-f5926696a99f",
> "name" : "username",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${username}",
> "config" : {
> "userinfo.token.claim" : "true",
> "user.attribute" : "username",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "preferred_username",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "1b943ce9-b67b-4ce5-a5d8-3d795900555b",
> "name" : "locale",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-attribute-mapper",
> "consentRequired" : false,
> "consentText" : "${locale}",
> "config" : {
> "userinfo.token.claim" : "true",
> "user.attribute" : "locale",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "locale",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "f14bc53c-1d7b-480d-b2da-72b1e47e7f1e",
> "name" : "email",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${email}",
> "config" : {
> "userinfo.token.claim" : "true",
> "user.attribute" : "email",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "email",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "5429c06f-8b9b-4b33-bbb3-015117922910",
> "name" : "role list",
> "protocol" : "saml",
> "protocolMapper" : "saml-role-list-mapper",
> "consentRequired" : false,
> "config" : {
> "single" : "false",
> "attribute.nameformat" : "Basic",
> "attribute.name" : "Role"
> }
> }, {
> "id" : "95315e0e-1136-4e06-9f04-8ccbb29d2c70",
> "name" : "family name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${familyName}",
> "config" : {
> "userinfo.token.claim" : "true",
> "user.attribute" : "lastName",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "family_name",
> "jsonType.label" : "String"
> }
> }, {
> "id" : "a371b53c-5543-4188-a16f-005db9a73d7a",
> "name" : "full name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-full-name-mapper",
> "consentRequired" : true,
> "consentText" : "${fullName}",
> "config" : {
> "id.token.claim" : "true",
> "access.token.claim" : "true"
> }
> }, {
> "id" : "e3ca3001-3f19-4654-b84c-7a352306cad1",
> "name" : "given name",
> "protocol" : "openid-connect",
> "protocolMapper" : "oidc-usermodel-property-mapper",
> "consentRequired" : true,
> "consentText" : "${givenName}",
> "config" : {
> "userinfo.token.claim" : "true",
> "user.attribute" : "firstName",
> "id.token.claim" : "true",
> "access.token.claim" : "true",
> "claim.name" : "given_name",
> "jsonType.label" : "String"
> }
> } ],
> "useTemplateConfig" : false,
> "useTemplateScope" : false,
> "useTemplateMappers" : false
> }
>
>
>
>
> --
> <http://www.trimble.com/>
>
>
> David Delbecq
> Software engineer, Transport & Logistics
> Geldenaaksebaan 329, 1st floor | 3001 Leuven
>
> +32 16 391 121 <+32%2016%20391%20121> Direct
> david.delbecq at trimbletl.com
> <http://www.trimbletl.com/>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> --
<http://www.trimble.com/>
David Delbecq
Software engineer, Transport & Logistics
Geldenaaksebaan 329, 1st floor | 3001 Leuven
+32 16 391 121 <+32%2016%20391%20121> Direct
david.delbecq at trimbletl.com
<http://www.trimbletl.com/>
More information about the keycloak-user
mailing list