Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-15866

OIDC client adapter doesn't support enable-basic-auth

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 26.0.0.Final
    • Security
    • None

      I am currently running a web application in Wildfly with REST endpoints which I want to secure by basic auth method. This works seamlessly in Wildfly 24, with a KeyCloak server, and Keycloak client adaptors that I have installed into my wildfly installation.

      I am trying to do the same in the newly released Wildfly 26 and the build-in OIDC client adapter, but I am running into some problems with it. When trying to access the secured REST endpoints in this setup passing Basic Auth header it's getting redirected to KeyCloak login screen. This behaviour is incorrect.

      When using the Keycloak client adapter I was able to access the API endpoints by passing basic auth header with the enable-basic-auth property set to true in keycloak.json.

      With the OIDC client adaptor, setting the enable-basic-auth property in oidc.json seems to have no effect.

      Also, looking into the source code and comparing RequestAuthenticator implementations in KC and OIDC adaptors I can see that OIDC adaptor implementation doesn't handle basic auth while KC implementation does have the code for this.

              fjuma1@redhat.com Farah Juma
              oleg.khaschansky Oleg Khaschanskiy (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: