There are different enterprise patterns that aim to secure microservices available for implementation. One of the patterns we are interested in is “Chained access delegation pattern” where Auth Server B from the one domain contacts another from the different domain Auth Server A to validate JWT token retrieved from resource server with the ISS claim that points to the server A. Although it looks clear, the question here is that does Keyclaok support scenario when it contacts another Keycloak server (as I understand by retrieving URL from ISS claim first) in order to validate JWT token using token introspection mechanizm? If it does, I’d appreciate any additional information regarding this.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Keycloak Cluster not sharing sessions for introspection | 0 | 554 | December 8, 2021 | |
| Authentication for introspection endpoint | 1 | 4618 | October 19, 2022 | |
| How can I validate the token obtained via Keycloak Login theme in REST API? | 0 | 707 | December 14, 2021 | |
| Token/introspect always returns false even though tokens are valid | 0 | 1285 | May 8, 2020 | |
| Introspect token return false after first time | 0 | 490 | January 29, 2023 |