Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-15485

OIDC client adapter doesn't work correct with Bearer-only

    XMLWordPrintable

Details

    Description

      I am currently running a web application in Wildfly with a couple of REST endpoints which I want to secure by means of Authorization Bearer tokens. This works seamlessly in Wildfly 24, with a KeyCloak server, and Keycloak client adaptors that I have installed into my wildfly installation.

      I am trying to do the same in the newly released Wildfly 25 and the build-in OIDC client adapter, but I am running into some problems with it. When trying to access the secured REST endpoints in this setup by means of a Bearer token get redirected to KeyCloak login screen. This behaviour is incorrect and you should just be presented with a 403 response code instead, if the token was invalid.

      When using the Keycloak client adapter I was achieving this behaviour (e.g. returning 403 for invalid token), by setting the bearer-only property in keycloak.json to true.

      With the OIDC client adaptor, setting the bearer-only property in iodc.json seem to have any effect.

      Can somebody perhaps confirm if bearer-only works with the OIDC client adaptor in Wildfly 25, and if so, can a working example perhaps be provided?

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-25009 (XP 4.0.z) WFLY-15485 - OIDC client adapter doesn't work correct with Bearer-only

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is duplicated by

          Bug - A problem that impairs or prevents the functions of the product. WFLY-15633 OIDC client adapter doesn't work with Bearer tokens.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Bug - A problem that impairs or prevents the functions of the product. WFLY-16535 OIDC client adapter doesn't work for Rest

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is related to

          Task - Represents a small unit of work that is not end-user facing. ELY-2362 Add support for the bearer-only option when using the OIDC HTTP mechanism

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          relates to

          Feature Request - Feature requests from customers and/or users WFLY-14017 Native support for OpenID Connect

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              fjuma1@redhat.com Farah Juma
              jj.steenkamp Johan Steenkmap (Inactive)
              Votes:
              14 Vote for this issue
              Watchers:
              19 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: