Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

regarding keycloak sso for single realm with different clients in multi services #10

Open
krishna710942 opened this issue Mar 6, 2021 · 1 comment
Open

regarding keycloak sso for single realm with different clients in multi services #10

krishna710942 opened this issue Mar 6, 2021 · 1 comment

Comments

@krishna710942
Copy link

Hi please can anyone help me in keycloak integration for my use cases because i didn't get any documents regarding this :
I have multiple microservice and all the microservice have different client but realm would be same . and i want to login one time and that token will be used in all the services. Currently my spring boot configuration ::

application -1.yml :::

keycloak:
enabled: true
realm: dev-realm
auth-server-url: http://3.91.228.227:32123/auth
ssl-required: none
resource: dev-vendor
use-resource-role-mappings: true
bearer-only: true
credentials:
secret: **********

application-2.yml ::::

keycloak:
enabled: true
realm: dev-realm
auth-server-url: http://3.91.228.227:32123/auth
ssl-required: none
resource: dev-authentication
use-resource-role-mappings: true
bearer-only: true
credentials:
secret: **************************

Token generation code :::::::::::
currently i am implementing grant type : authorization_code

public Map < String, Object > getAuthorizationToken(String code) { try { MultiValueMap < String, String > clientCredentials = new LinkedMultiValueMap < > (); clientCredentials.add(GRANT_TYPE, "authorization_code"); clientCredentials.add("client_id", "dev-authentication"); clientCredentials.add("code", code); clientCredentials.add("client_secret", "****************"); clientCredentials.add("redirect_uri", "http://localhost:8089/authentication-service/callback"); log.info("values of the client ::: {} ", clientCredentials); String message = webClient.post() .uri("http://3.91.228.227:32123/auth/realms/dev-realm/protocol/openid-connect/token") .contentType(MediaType.APPLICATION_FORM_URLENCODED) .bodyValue(clientCredentials) .accept(MediaType.APPLICATION_JSON) .retrieve().bodyToMono(String.class).block(); ObjectMapper objectMapper = new ObjectMapper(); Map < String, Object > jsonObject = objectMapper.readValue(message, Map.class); return jsonObject; } catch (Exception e) { e.printStackTrace(); return new HashMap < > (); } }
@vzakharchenko
Copy link

You can use entitlement token( RPT token) on each service. To exchange access_token(login token) to entitlement token you can use UMA request or entitlement API.

Your "login token" should have an audience for the service you are trying to access. To do this, "login token" should have at least one resource or role from the requested service.

Java Service Client with entitlement API :
https://github.com/keycloak/keycloak-documentation/blob/master/authorization_services/topics/service-client-api.adoc

UMA Example with JavaScript:
https://github.com/vzakharchenko/keycloak-lambda-authorizer/tree/master/example/chain-service-calls

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vzakharchenko @krishna710942