[keycloak-user] Authentication from spring security without redirection

Sebastien Blanc sblanc at redhat.com
Wed Jan 25 09:53:06 EST 2017


On Wed, Jan 25, 2017 at 3:35 PM, Dekel Aslan <dekela at perfectomobile.com>
wrote:

> We have an app which up until now receives the credentials. We want to
> keep it that way (for backward compatability), but instead of
> authenticating with our db, authenticate with Keycloak.
>
>
>
> In the solution you’re proposing (not sure it suits us but let’s assume),
> will the user have to call another service to receive the token, and then
> send it to us in the header?
>
Yes, for instance it could be a web app using the keycloak.js library that
handles the login and then it sends the token in the header, look at our
examples.

> How will he know when to refresh it?
>
That is the responsability of the app that requested the token (in this
case, the web app, again if you look at our angular example you can see how
it handles the token refresh)

>
>
> Dekel.
>
>
>
> *From:* Sebastien Blanc [mailto:sblanc at redhat.com]
> *Sent:* Wednesday, January 25, 2017 4:24 PM
> *To:* Dekel Aslan <dekela at perfectomobile.com>
> *Cc:* keycloak-user at lists.jboss.org
> *Subject:* Re: [keycloak-user] Authentication from spring security
> without redirection
>
>
>
> Hi,
>
>
> Not sure I understand, have you set bearer-only for your Spring REST
> service ? With this you should not have a redirection and it should just
> check for a token on the header of the request.
>
>
>
> On Wed, Jan 25, 2017 at 2:39 PM, Dekel Aslan <dekela at perfectomobile.com>
> wrote:
>
> Hi,
> I'm looking for a way of exposing REST services with Keycloak
> authentication.
>
> Does Keycloak have a bean that handles authentication for spring security
> without filter / redirection?
>
> Further details: I use spring security adapter, but I can't use it for
> http calls because it redirects to Keycloak login page.
> I want to get the user credentials and invoke Keycloak service in the
> server (with REST "/token"), but then I won't have an authentication object
> as the processing filter creates.
>
> Thanks,
> Dekel.
>
> The information contained in this message is proprietary to the sender,
> protected from disclosure, and may be privileged. The information is
> intended to be conveyed only to the designated recipient(s) of the message.
> If the reader of this message is not the intended recipient, you are hereby
> notified that any dissemination, use, distribution or copying of this
> communication is strictly prohibited and may be unlawful. If you have
> received this communication in error, please notify us immediately by
> replying to the message and deleting it from your computer. Thank you.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> <https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.jboss.org%2Fmailman%2Flistinfo%2Fkeycloak-user&data=01%7C01%7Cdekela%40perfectomobile.com%7C997ac55060904b03064d08d4452dd439%7Cceb4c662d6994e7da0bd272619a46977%7C1&sdata=7VWVBj69tlvOE%2FNEzi2TfEKIzp51RS8v%2Fi%2B8YGjrBII%3D&reserved=0>
>
>
> The information contained in this message is proprietary to the sender,
> protected from disclosure, and may be privileged. The information is
> intended to be conveyed only to the designated recipient(s) of the message.
> If the reader of this message is not the intended recipient, you are hereby
> notified that any dissemination, use, distribution or copying of this
> communication is strictly prohibited and may be unlawful. If you have
> received this communication in error, please notify us immediately by
> replying to the message and deleting it from your computer. Thank you.
>


More information about the keycloak-user mailing list