keycloak-services

问题 Let's say we have several micro-services. Each of them uses Keycloak authentication. We have also load balancer based on for ex. nginx which has external URLs and different routes to keycloak (for ex. in OpenShift it can be https://keycloak.rhel-cdk.10.1.2.2.xip.io). But internally this address can be inaccessible. Also having micro-service configuration dependent on the load balancer URL is a bit weird. What what be more appropriate is to use internal keycloak auth URL inside of the micro

问题 I am trying to delete user session using keycloak REST API, But getting the 403 forbidden Http status code. I am passing the token and cookie in to the header, please let me know if I missing something. static void logOut(String userId,KeycloakSecurityContext session){ userId = "a12c13b7-fa2e-412f-ac8e-376fdca16a83"; String url = "http://localhost:8081/auth/admin/realms/TestRealm/users/a12c13b7-fa2e-412f-ac8e-376fdca16a83/logout"; HttpClient httpclient = HttpClients.createDefault(); HttpPost

问题 I am trying to delete user session using keycloak REST API, But getting the 403 forbidden Http status code. I am passing the token and cookie in to the header, please let me know if I missing something. static void logOut(String userId,KeycloakSecurityContext session){ userId = "a12c13b7-fa2e-412f-ac8e-376fdca16a83"; String url = "http://localhost:8081/auth/admin/realms/TestRealm/users/a12c13b7-fa2e-412f-ac8e-376fdca16a83/logout"; HttpClient httpclient = HttpClients.createDefault(); HttpPost

问题 I am following this document to secure the rest services. I am able to obtain the access token. However when I try to use the token to invoke a service, I am getting the error - Status: 401 WWW-Authenticate Bearer realm="bkofc", error="invalid_token", error_description="Didn't find publicKey for specified kid" What am I missing here ? Anything to do with the realm settings ? 回答1: 401 could actually only mean, that the token is not provided correctly. The Header "Authorization" needs to be set

问题 Using the KeyCloak admin console, I am attempting to enact the following use-case. We have Group X and Group Y. The role 'Group X Admin' can do the following: Can create users without a group. Can assign users without a group to group X. Can edit and manage users in group X. Cannot see/edit/manage users in group Y. It seems that in order to fulfill case 1, I must make 'Group X Admin' a composite role linked to the 'manage-users' role from the realm-management client. However, upon doing this,

问题 I am getting this exception "Didn't find publicKey for kid" while calling endpoint from angular js 2 to the widlfly server . authentication happened in keycloak , however i am calling about 8 endpoints from different clients (different micro services ) within same realm using same token but i got this exception only for this microservice call . i am sure that the user has all roles for all clients . i also decoded the token on JWT to verify that. sometimes it works and sometimes no!! this the

问题 I have followed the guide https://ultimatesecurity.pro/post/okta-saml/ , to configure OKTA Saml with keycloak. After this configuration, I see Okta/saml login button on login page, clicking on which, the user is redirected to Okta login/SSO. Now, is there a way to avoid clicking on this button everytime such that when the keycloak login page appears, user is auto redirected to Okta SSO automatically instead of shown keycloak login form with okta redirect button? If not, is it possible to

问题 Is there a way to get a list of users on a Keycloak realm via REST WITHOUT using an admin account? Maybe some sort of assignable role from the admin console? Looking for any ideas. Right now I'm using admin credentials to grab an access token, then using that token to pull users from the realm/users endpoint. Getting the token (from node.js app via request ): uri: `${keycloakUri}/realms/master/protocol/openid-connect/token`, form: { grant_type: 'password', client_id: 'admin-cli', username:

问题 There is an Endpoint to a backend server which gives a JSON response on pinging and is protected by an Apigee Edge Proxy . Currently, this endpoint has no security and we want to implement Bearer only token authentication for all the clients making the request. All the clients making the requests to API will send that JWT token in Authorization Bearer and Apigee Edge will be used to verify the JWT Token. How do I use Keycloak to generate this JWT token? Also, Apigee needs a public key of the

问题 I am using keycloak 4.8.3 Final for my project. I need to disable auto login after the registration. I have been reading keycloak documentation for 5 days. Couldn't find the answer, i dont know if it's possible or not. Any guide will be useful for me. Thank you. 回答1: If you want to show the Keycloak login form again after the registration, you can setup as follows: Go to Authentication settings and select Registration flow. Click Copy button. Click Add execution button and select Username