[keycloak-user] Multitenant KeycloakConfigResolver
Vagelis Savvas
vagelis.savvas at gmail.com
Fri Nov 2 05:42:44 EDT 2018
And the [1] as promised :-)
https://github.com/keycloak/keycloak/blob/master/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/PreAuthActionsHandler.java#L63
On 02/11/2018 11:09, Vagelis Savvas wrote:
> Hello Dmitry,
> thanx for the reply.
> Currently I do indeed just return a new KeycloakDeployment() as you
> suggest.
> This approach may stop working though, take a look at [1].
> That said, I don't know if this code will be eventually included in
> Keycloak.
>
> Cheers,
> Vagelis
>
> On 02/11/2018 06:49, Dmitry Telegin wrote:
>> Hello Vagelis,
>>
>> Please see my answer to exactly the same question:
>> http://lists.jboss.org/pipermail/keycloak-user/2018-October/016026.html
>>
>> TL;DR: this is by design, but you shouldn't be worried. For unsecured
>> URLs you can simply return new KeycloakDeployment() from your resolver.
>>
>> Cheers,
>> Dmitry Telegin
>> CTO, Acutus s.r.o.
>> Keycloak Consulting and Training
>>
>> Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
>> +42 (022) 888-30-71
>> E-mail: info at acutus.pro
>>
>> On Tue, 2018-10-30 at 09:19 +0200, Vagelis Savvas wrote:
>>> Hello,
>>>
>>> in a multitenant app on Wildfly 14.0.1 with a bearer-only REST API to
>>> protect I would like some URLs
>>> to not be secured. So I would like my custom KeycloakConfigResolver
>>> implementation
>>> to not be called when those URLs are hit but it is. The reason I don't
>>> want my KeycloakConfigResolver to be called is simply because
>>> I have no clue as to what to return in that case: its a non-secured
>>> REST
>>> endpoint so a Keycloak realm doesn't make sense in my understanding.
>>> My setup follows the docs: I've installed the adapter for Wildfly and
>>> the web.xml has the necessary setup for not securing some URLs (no
>>> auth-constraint for those URLs)
>>> Also in jboss-web.xml the security-domain element isn't defined,
>>> although I don't know if that plays any role.
>>> My final goal is to have some URLs secured by using the JBoss specific
>>> @SecurityDomain and the standard @RolesAllowed etc annotations.
>>> Can you please shed some light on this matter? I'd greatly appreciate
>>> any detailed explanation of the mechanisms involved in this area.
>>>
>>> Cheers,
>>> Vagelis
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list