Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

此内容没有您所选择的语言版本。

12.3. Third-Party Client Authentication through RH-SSO

To use the different remote services provided by the Red Hat JBoss BPM Suite or by an Intelligent Process Server, your client must be authenticated on the RH-SSO server and have a valid token to perform the requests. To use the remote services, the authenticated user must have assigned the following roles:

  • rest-all: For using the Business Central remote services

    Note

    The rest-all role must have user specified in org.kie.server.controller.user property.

  • kie-server: For using the Intelligent Process Server remote services

Use the RH-SSO Administrator Console to create these roles and assign them to the users that will consume the remote services.

To achieve third-party client authentication through RH-SSO, you can choose between one of these options:

  • Basic authentication (if the application’s client supports it)
  • Token-based authentication

12.3.1. Basic Authentication
复制链接

If you have enabled the basic authentication in the RH-SSO client adapter configuration for both Business Central and Intelligent Process Server, you can avoid the token grant/refresh calls and call the services as shown in the examples below:

  • For web based remote repositories endpoint: 

     curl http://admin:password@localhost:8080/business-central/rest/repositories
    Copy to Clipboard Toggle word wrap

  • For the Intelligent Process Server: 

    curl http://admin:password@localhost:8080/kie-server/services/rest/server/
    Copy to Clipboard Toggle word wrap

12.3.2. Token-Based Authentication
复制链接

If you want to opt for a more secure option of authentication, you can consume the remote services from both Business Central and Intelligent Process Server using a granted token provided by a new RH-SSO client.

Procedure: Obtaining and Using Token for Authorizing Remote Calls

  1. Click Client tab from the main admin console menu and click Create to create a new client.

    The Add Client page opens.

  2. On the Add Client page, provide the required information to create a new client for your realm. For example:

    • Client ID: kie-remote
    • Client protocol: openid-connect

  3. Click Save to save your changes.

    Once you create a new client, its access value public by default. Change it to confidential.

  4. Obtain a token from Realm Settings:

    1. On the RH-SSO admin console, click Realm Settings tab.
    2. Click Tokens tab.

    3. Change the value for Access Token Lifespan to 15 minutes.

      This gives you enough time to obtain a token and invoke the service before it expires.

    4. Click Save to save your changes.

  5. Once a public client for your remote clients is created, you can now obtain the token by making an HTTP request to the RH-SSO server’s token endpoint using: 

    RESULT=`curl --data "grant_type=password&client_id=kie-remote&username=admin&password=password" http://localhost:8180/auth/realms/demo/protocol/openid-connect/token`
    Copy to Clipboard Toggle word wrap

  6. To view the token obtained from the RH-SSO server, use the following command: 

    TOKEN=`echo RESULT | sed 's/.*access_token":"//g' | sed 's/".*//g'`
    Copy to Clipboard Toggle word wrap

You can now use this token to authorize the remote calls. For example, if you want to check the internal Red Hat JBoss BPM Suite repositories, use the token as shown below: 

curl -H "Authorization: bearer TOKEN" http://localhost:8080/business-central/rest/repositories
Copy to Clipboard Toggle word wrap
返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat