[keycloak-user] Application to application: could Keycloak implement this?

Marek Posolda mposolda at redhat.com
Wed Jul 12 03:10:01 EDT 2017 

Hi,

We have example in documentation for EJB propagation from web 
application where Keycloak. See 
https://keycloak.gitbooks.io/documentation/securing_apps/topics/oidc/java/jboss-adapter.html 
and especially the last paragraph "Security domain" .

We have unofficial example I've written to propagate identity from fat 
client through remote EJB calls: 
https://github.com/mposolda/keycloak-remote-ejb

Marek

On 04/07/17 18:42, Tech wrote:
> Dear experts,
>
> I want to bring you this use case to understand if you might be able to
> support me.
>
> Our architecture is based in java, where we might have two kind of clients:
>
>    * Fat java clients
>    * Browsers
>
> Application servers with:
>
>    * Web containers performing local and remote EJB calls + remote WS calls
>    * EJB container performing local and remote EJB calls + remote WS calls
>    * A remote EJB server performing local and remote EJB calls + remote
>      WS calls
>    * Ws implemeting SOAP or REST
>    * Server SSO able to protect what described above
>
> The goal is to allow the clients (thin and fat) to authenticate on the
> SSO server and to propagate the user identity on these requests:
>
>    * Fat client authenticated -> EJB secure -> WS secure
>    * Browser authenticated -> Web container -> EJB secure -> WS secure
>
> The solution could use a secure token OAuth, OIDC or SAML.
>
> The token propagation should be based on standards JAAS and WS-Security.
>
> We saw that is possible to implement something similar in some SAML
> Login Modules on JBoss Enterprise server, but we are not finding
> anything equivalent in Keycloak.
>
> We cannot neither find, for example, not neither for a STS server, that
> are the required elements to transform this kind of tokens.
>
>
> Did anybody faced a similar experience?
>
> Thanks for your support!
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list