keycloak

问题 In order to override LDAP connection and redirect password validation to our own cached passwords system, in keycloak, whenever the LDAP connection is lost. The easier way was to create an HAProxy around the LDAP to ensure that it never goes down but we do not have access to this and our client wants to redirect to our cached password system. Nevertheless, the point of this post is to tell how to create a Custom LDAP Storage Provider for keycloak. (check keycloak documentation). Building

问题 I have a Spring Boot + Spring Security application with RedhatSSO (Keycloak) as OIDC provider. This application is deployed on Openshift which assings it a route like this: http://my-app.cloud.mycompany.com/ . The application has this context path: /my-app . When I access a protected resource using the application's Openshift route address, http://my-app.cloud.mycompany.com/my-app/someProtectedResource , I am redirected to the Keycloak login page https://sso.mycompany.com where I login and I

问题 I have a Spring Boot + Spring Security application with RedhatSSO (Keycloak) as OIDC provider. This application is deployed on Openshift which assings it a route like this: http://my-app.cloud.mycompany.com/ . The application has this context path: /my-app . When I access a protected resource using the application's Openshift route address, http://my-app.cloud.mycompany.com/my-app/someProtectedResource , I am redirected to the Keycloak login page https://sso.mycompany.com where I login and I

问题 I'm trying to setup Apache Guacamole with KeyCloak as OpenID Connect Authorization Server. Guacamole is redirecting me to KeyCloak, I can Log in with my user I created on KeyCloak and I get redirected back to Guacamole, but there it says that my token is invalid 08:08:11.477 [http-nio-4432-exec-7] INFO o.a.g.a.o.t.TokenValidationService - Rejected invalid OpenID token: Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable verification key

问题 I'm using Keycloak as a auth service for my applications. We have two applications that will use the same realm for login, but we would like to have different SSO Session Idle time for each applications. Example: Application A - We would like to allow idle time up to 30 minutes Application B - We would like to allow idle time up to 45 minutes. However the setting to control the idle time, is set in the Realm settings, and not on the clients settings, which makes it hard for us to solve the

问题 I'm having a Keycloak use case where single user may have multiple customer numbers. These customer numbers would need to be sent to service provider / client and also be easily updated by administrators. Some users may have hundreds of customer numbers. Currently I'm using single user attribute named "customerNumbers" where the customer numbers are separated by comma but I'd like: To offer the administrators possibility to see each customer number in its own field To send the customer

问题 I am using Keycloak 10.0.2 to secure the spring boot REST API's and Angular 9 for front end. The front end is served from the spring boot microservice running on http://localhost:8080. On the keycloak side the openid-connect client web origin is configured to allow all origins. Spring boot spring security is configured to use the Keycloak as oauth2 client provider. spring: security: oauth2: client: provider: keycloak: issuer-uri: https://abc-keycloak.abccloud.com/auth/realms/abc scope: openid

问题 I have used keycloak as a identity provider in my react application. I have installed keycloak react dependency in my react application using npm. Below are the dependent keycloak react npm modules with version : "@react-keycloak/web": "2.1.4", "keycloak-js": "^11.0.2", I have provided keycloak configurations as below : const keycloak = new Keycloak({ realm: "temp-local", url: " http://localhost:8090/auth/", clientId: "temp-local-client" }); Everytime when I refresh the page it will refresh

问题 Complete flow is somewhat like this: Step-1: Applying all the relevant YAMLs $ sudo kind create cluster --name aftab-cluster --config cluster-config.yaml $ curl -sL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.17.0/install.sh | bash -s v0.17.0 $ kubectl apply -f keycloak_backup.yaml $ kubectl apply -f keycloaks_client.yaml $ kubectl apply -f keycloaks_realm.yaml //Theme configs not there. So, added loginTheme. loginTheme: description: Login Theme type:

问题 As a result, when I put the machines under an ELB, the login doesn't work. I have tried TCP and UDP for IP casting. Tried using TCPPING instead of MPING (although not sure whether I used them correctly). Infinispan is being used for distributed caching. Here is the default configuration, followed by the changes I had made: <subsystem xmlns="urn:jboss:domain:jgroups:7.0"> <channels default="tcp"> <channel name="ee" stack="udp" cluster="ejb"/> </channels> <stacks> <stack name="udp"> <transport