How to make this work with a RemoteEJB on another server?

[benze]

I was looking at your sample for using the remote-ejb and I noticed that the client is using JBOSS-LOCAL-USER to establish its remoting connection.

If I add to the jboss-ejb-client.properties file:

remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER

the connection from the client to the server fails.

TRACE [org.jboss.remoting.remote.connection] (Remoting "config-based-ejb-client-endpoint" I/O-1) Connection error detail: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:

Have you been able to use KeyCloak tokens to call remote EJBs from a client running on a separate machine (or without the JBOSS-LOCAL-USER mechanism)?

Thanks,

Eric

[mposolda]

No, I did not try that. Feel free to send PR if you are able to have this path up and running (but ideally just with current way to be still supported and just add instructions how to support when client and server are on separate machine)

[subha-dash]

Hi mposolda,
I have two concerns regarding this project .

1. is there any solution to above issue ?
2. I do not want to provide keycloak details in ejb client side . Is there a way to lookup remote-ejb without keycloak details in client side?

Thanks,
Shubhashish

[benze]

I ended up using a "reusable" client connection configuration (ie: a known username/pwd) that is used to authenticate the remote EJB connection. However, every actual EJB call is authenticated/validated against a KC token, so the "shared" credentials are used only for setting up the remote EJB. Would have been tantamount to using an anonymous remote EJB connection.

[sisivy]

@benze could you please share your standalone.xml?