keycloak

问题 I defined a client in keycloak admin console to authorize it with client_credentials flow to call server-to-server api in my application. Everything is fine, i want to apply IP restriction for that client. Where can i define this restriction in admin console? i didn't find such configuration in keycloak documentation. 回答1: There is no such settings out of the box, but you could try to implement custom client authenticator. So for example allowed IP Addr could be stored in client attributes,

问题 I defined a client in keycloak admin console to authorize it with client_credentials flow to call server-to-server api in my application. Everything is fine, i want to apply IP restriction for that client. Where can i define this restriction in admin console? i didn't find such configuration in keycloak documentation. 回答1: There is no such settings out of the box, but you could try to implement custom client authenticator. So for example allowed IP Addr could be stored in client attributes,

问题 I defined a client in keycloak admin console to authorize it with client_credentials flow to call server-to-server api in my application. Everything is fine, i want to apply IP restriction for that client. Where can i define this restriction in admin console? i didn't find such configuration in keycloak documentation. 回答1: There is no such settings out of the box, but you could try to implement custom client authenticator. So for example allowed IP Addr could be stored in client attributes,

问题 I'm having an issue adding SSL certificate to Keycloak that is running on docker. I got an SSL Certificate from AWS EC2 with Load Balancer, but don't know how to add it to Keycloak on docker. I was looking through Google but nothing found yet. Also when i go to page like: https://stackoverflow.com, the ssl works perfectly. But when I try to open https://stackoverflow.com:8443 (since 8443 is the port of Keycloak) its not working. Here's the code of Dockerfile of Keycloak: FROM jboss/keycloak:4

问题 I am trying to setup Keycloak server for our organisation. I have couple of questions. How can we use our existing user database to authenticate users - User Federation. Keycloak only has LADP/Kerberos options. Is there any custom plugin which can be used for MySQL user authentication or can we use existing connectors itself (LDAP/Kerberos) via some adapter for the database? Is it possible to have multiple Identity providers within Keycloak environment - (Have Keycloak as IDP for few services

问题 I am trying to setup Keycloak server for our organisation. I have couple of questions. How can we use our existing user database to authenticate users - User Federation. Keycloak only has LADP/Kerberos options. Is there any custom plugin which can be used for MySQL user authentication or can we use existing connectors itself (LDAP/Kerberos) via some adapter for the database? Is it possible to have multiple Identity providers within Keycloak environment - (Have Keycloak as IDP for few services

问题 I'm running a KeyCloak server to authenticate users which would like to gain access a SpringBoot-Web RestAPI. However, I an error occurs while trying to authenticate. The following works: When I access my http://localhost:8080/path/to/restapi I get presented with a login screen as expected: -- KeyCloak Login Screen When I click login the following error occurs on the redirect from within my browser: Whitelabel Error Page This application has no explicit mapping for /error, so you are seeing

问题 I'm running a KeyCloak server to authenticate users which would like to gain access a SpringBoot-Web RestAPI. However, I an error occurs while trying to authenticate. The following works: When I access my http://localhost:8080/path/to/restapi I get presented with a login screen as expected: -- KeyCloak Login Screen When I click login the following error occurs on the redirect from within my browser: Whitelabel Error Page This application has no explicit mapping for /error, so you are seeing

问题 I'm using the docker image of Keycloak 10.0.2. I want Keycloak to supply access_tokens that can be used by Hasura. Hasura requires custom claims like this: { "sub": "1234567890", "name": "John Doe", "admin": true, "iat": 1516239022, "https://hasura.io/jwt/claims": { "x-hasura-allowed-roles": ["editor","user", "mod"], "x-hasura-default-role": "user", "x-hasura-user-id": "1234567890", "x-hasura-org-id": "123", "x-hasura-custom": "custom-value" } } Following the documentation, and using a script

问题 I am trying to create a user via the Keycloak API, and I would like to assign a realm-level role to them when they are first added. However, it doesn't seem to work like the documentation says it should. I know that I could simply make a second add-role-to-user API request after the initial create-user one, but: The documentation indicates that I shouldn't need to do this. The second API request could fail, leaving the user in an "incomplete" state. It would make the code I'm writing more