[keycloak-user] Frontend and backend on separate servers

Nikola Malenic nikola.malenic at netsetglobal.rs
Wed Jul 18 11:19:02 EDT 2018


But this is not what I would like to achieve. In your situation, I think your frontend could easily use Keycloak’s endpoints for authentication and authorization instead of calling your backend for such things.

I would like to avoid writing proxy endpoints to Keycloak’s endpoints myself.

 

From: Irtiza Ali [mailto:iali at an10.io] 
Sent: Wednesday, July 18, 2018 5:08 PM
To: Nikola Malenic <nikola.malenic at netsetglobal.rs>
Cc: keycloak-user <keycloak-user at lists.jboss.org>
Subject: Re: [keycloak-user] Frontend and backend on separate servers

 

I am not using keycloak frontend instead i am using my own app frontend to pass requests to my own app backend, that backend communicates with keycloak backend using  keycloak rest endpoints. 

 

On Wed, 18 Jul 2018, 20:01 Nikola Malenic, <nikola.malenic at netsetglobal.rs <mailto:nikola.malenic at netsetglobal.rs> > wrote:

If I understand correctly, what you proposed is to create one proxy backend application which would have same endpoints as Keycloak does and which would just pass requests from Keycloak frontend app to the Keycloak backend?

 

From: Irtiza Ali [mailto:iali at an10.io <mailto:iali at an10.io> ] 
Sent: Wednesday, July 18, 2018 4:55 PM
To: Nikola Malenic <nikola.malenic at netsetglobal.rs <mailto:nikola.malenic at netsetglobal.rs> >
Cc: keycloak-user <keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org> >
Subject: Re: [keycloak-user] Frontend and backend on separate servers

 

It is difficult to integrate keycloak frontend flow with application. It work around is to use the keycloak rest endpoints.

 

 

My use case:

 

I have an app with frontend and backend running on different servers. I have a login endpoint in backend, once called with user credentials from frontend. That endpoint make another rest call to the keyclock auth endpoint, if authenticated it returns a json containing user's basic info and jwt based access_token. I used than token in subsequent requests to app backend. 

 

Feel free to ask if not clear.

 

IA

 

On Wed, 18 Jul 2018, 19:45 Nikola Malenic, <nikola.malenic at netsetglobal.rs <mailto:nikola.malenic at netsetglobal.rs> > wrote:

Can you explain how? Just to be clear, when I said Frontend (Angular app) I had Keycloak’s frontend in mind.

 

From: Irtiza Ali [mailto:iali at an10.io <mailto:iali at an10.io> ] 
Sent: Wednesday, July 18, 2018 4:42 PM
To: Nikola Malenic <nikola.malenic at netsetglobal.rs <mailto:nikola.malenic at netsetglobal.rs> >
Cc: keycloak-user <keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org> >
Subject: Re: [keycloak-user] Frontend and backend on separate servers

 

One way to acheive this is by using the keycloak's rest endpoints. 

 

On Wed, 18 Jul 2018, 19:36 Nikola Malenic, <nikola.malenic at netsetglobal.rs <mailto:nikola.malenic at netsetglobal.rs> > wrote:

Is it possible to achieve this with Keycloak Security Proxy and how?
Also, I've seen it is deprecated now.

Many thanks,
Nikola

-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org <mailto:keycloak-user-bounces at lists.jboss.org> 
[mailto:keycloak-user-bounces at lists.jboss.org <mailto:keycloak-user-bounces at lists.jboss.org> ] On Behalf Of Nikola Malenic
Sent: Friday, July 13, 2018 9:49 AM
To: keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org> 
Subject: [keycloak-user] Frontend and backend on separate servers

I would like to host backend on secured network, i.e. it would be accessible
only from certain IPs.

Frontend (Angular application) would be served by different server in public
zone, which would have access to the secured network because requests from
it's IP would be allowed to go through firewall.



Is it possible to achieve this in an easy way? I wouldn't like to implement
proxy endpoints for all backend services in secured zone.



Many thanks,

Nikola

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org> 
https://lists.jboss.org/mailman/listinfo/keycloak-user

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org> 
https://lists.jboss.org/mailman/listinfo/keycloak-user



More information about the keycloak-user mailing list