keycloak

问题 I want to implement recaptcha in keycloak login page like registration page. I extended UsernamePasswordForm class with desired factory class. I even implenmented action required classes as well. but still i can not see that in provider tab to add in login. i modified existing login.ftl also but no luck. below is what i tried. My Authenticator class: public class MyLoginAuthenticator extends UsernamePasswordForm { @Override public void action(AuthenticationFlowContext context) {

问题 I want to implement recaptcha in keycloak login page like registration page. I extended UsernamePasswordForm class with desired factory class. I even implenmented action required classes as well. but still i can not see that in provider tab to add in login. i modified existing login.ftl also but no luck. below is what i tried. My Authenticator class: public class MyLoginAuthenticator extends UsernamePasswordForm { @Override public void action(AuthenticationFlowContext context) {

问题 First, I'm well aware of the multi-realm approach to multi-tenancy in Keycloak. I've taken over a legacy project where nobody thought of multi-tenancy. Now, two years later, suddenly, the customer needs this feature. Actually, the microservices are prepared for this scenario out-of-the-box. The customer develops a mobile app that authenticates users via API on our keycloak instance with an account number (as username) and a password. Now, he'd like to add an tenant id to the login information

问题 we setup a testing environment for keycloak. The environment run on GCP. It have two keycloak instances: Instance A acts as a test login keycloak, named test-login-1 Instance B acts as a test external identity provider, named test-login-2 We need to use the instance A to connect the instance B. So instance A user can able to login via instance B. Is there any way to do this? How can We implement this logic? 回答1: You need to configure the test-login-2 as an identity provider for the test-login

问题 I am creating a native android application and I am using keycloak authentication, because my web app and my API is already configured with keycloak. I setup Facebook and Google as identity providers for keycloak but now I don't know how I am supposed to configure it in the Android application. For the general authentication I am using retrofit with rest calls to get the token and after that I am storing the token in Android Account manager. I want my android app to successfully authenticate

问题 I am running version keycloak-9.0.3 and dont have script mapper. I tried adding profile.properties but it did not bring this option under the drop down in mapper type. 回答1: In Keycloak Server Developer Guide, Ability to upload scripts through the admin console is deprecated and will be removed in a future version of Keycloak ... For more details about how to enable the upload_scripts feature. Please, take a look at the Profiles. So you can see "Script Mapper" option under the drop down if you

问题 Goal is to have /login as the only public route, once logged in user has routes based on user role. Authentication is done with Keycloak I get users from keycloak.idTokenParsed.preferred_username: admin, manager, engineer, operator. If operator tries to go to role restricted route gets redirected to /notauthorized page. (This part not done) If not logged in user gets redirected to /login page. (This part is done/works) Is there a better way to do this? Not repeating routes & adding additional

问题 I am trying to create a new user via the REST API, and I'm sending this POST POST /admin/realms/myrealm/users Headers: Authorization: Bearer (generated token, this part is OK) Content-Type: application/json Body: { "username": "rahul", "enabled": true, "totp": false, "emailVerified": false, "firstName": "rahul", "lastName": "borse", "email": "rahulborse@yahoo.com", "credentials": [ { "type": "password", "value": "rahul" } ] } The user is created normally, but the password doesn't work, when I

问题 Keycloak policy enforcer not working with a sample Sprint boot application. I am using Keycloak version 6.0.1 and trying to integrate a sample Sprint boot application (Sprint boot version 2.1.3). My objective to setup policies and permissions in Keycloak and use Keycloak policy enforcer in my sample Spring boot application so that all authorization decisions are automatically enforced using appropriate permission defined in Keycloak and no code is required in Sample application. My Sample

问题 I am using Kyecloak:4.8.0, and have enabled Brute force attack for my realm. Now whenever user provides wrong credentials for 3 times user will be locked temporarily. But still user will see "Invalid username/password". According to this thread Keycloak have done this intentionally: https://issues.jboss.org/browse/KEYCLOAK-5284 But still i want to show user that his account has been locked. Is there any way to customize this message? I tried doing this by adding message in custom keycloak