The Keycloak adapter resource is defined to introspect an access token provided by Keycloak.
If the validateTokenLocally configuration property is true, the incoming access token is validated without having to invoke en introspection endpoint.
If not, the resource is calling the introspection endpoint at http://keycloak_host:port/auth/realms/{realmName}/protocol/openid-connect/token/introspect.
You can configure the resource with the following options :
| Property | Required | Description | Type | Default |
|---|---|---|---|---|
keycloakConfiguration |
X |
Keycloak OIDC JSON client adapter configuration |
string |
-. |
validateTokenLocally |
X |
Is access token validated locally using realm public keys |
boolean |
true |
verifyHost |
X |
Whether host should be verified during SSL handshake |
boolean |
false |
trustAll |
X |
If all certificates should be accepted during SSL handshake |
boolean |
true |
{
"configuration" : {
"keycloakConfiguration":
"{
"realm": "gravitee",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "gravitee",
"credentials": {
"secret": "f1c9ff64-abcf-4671-9ddb-4fe4a172390d"
},
"confidential-port": 0,
"policy-enforcer": {}
}"
},
"validateTokenLocally": true,
"verifyHost": false,
"trustAll": true
}