keycloak

问题 After some efforts, I still unable to reproduce the feature of direct naked impersonation with OIDC. refs: https://www.keycloak.org/docs/latest/securing_apps/#direct-naked-impersonation I got same errors. curl -X POST http://localhost:8080/auth/realms/iot/protocol/openid-connect/token \ -d "client_id=backend-service" \ -d "client_secret=f0ead74d-c3eb-47c5-82fd-d8fccc5e5096" \ --data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:token-exchange" \ -d "requested_subject=1c04c634-a64a

问题 Basically I'm trying to access a bearer-only endpoint from a client app which is using a "KeycloakRestTemplate". I did follow this guidelines 1:1 (it is in German) : https://blog.codecentric.de/2017/09/keycloak-und-spring-security-teil-1-einrichtung-frontend/ My problem is that when I see the logs, the authentication on the side of the bearer only endpoint seems successful, as shown bellow: Found [1] values in authorization header, selecting the first value for Bearer. o.k.a

问题 I recently upgraded Keycloak to version 9, and when running in Docker, I'm having trouble attaching a remote debugger. I suspect this has to do with Keycloak's underlying upgrade to Java 9+. The error I get is: handshake failed - connection prematurally closed I have my ports mapped correctly within Docker (I can run Keycloak version 7 and it attaches just fine). 回答1: As it turns out, Java 9 introduced a security enhancement with respect to debugging. Information here: https://stackoverflow

问题 I'm planning on having hundred of thousands of entities in my application and I want to handle rights on each of these. I won't be the one handling those rights, my users will and they probably won't set rights on every entity. How far can Keycloak go on this matter? I probably should be creating resources for only the elements that actually need specific permissions but I want to understand when things may become an issue and when I should be trying to find an other solution. Thanks 来源：

问题 I am using keycloak server version 8.0.1 and keycloak java admin client version 8.0.1 on spring boot 2.2, (with webflux and netty instead of tomcat, if that sort of info helps). After creating a user, when I try sending the verification email using "executeActionsEmail" method provided by the admin client, I get javax.ws.rs.BadRequestException: HTTP 400 Bad Request at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.handleErrorStatus(ClientInvocation.java:219) ~[resteasy-client-3.9.1

问题 I am trying to trigger sending email using Keycloak API, but not succeeding. As described in documentation first I am getting token for my admin user: curl \ -d "client_id=admin-cli" \ -d "username=admin" \ -d "password=admin" \ -d "grant_type=password" \ "http://localhost:8180/auth/realms/master/protocol/openid-connect/token" I am successfully getting a token, which I am then using in my second call as follows: curl -v -X PUT -d '["UPDATE_PASSWORD"]' \ -H "Content-Type: application/json" \

问题 I am trying to trigger sending email using Keycloak API, but not succeeding. As described in documentation first I am getting token for my admin user: curl \ -d "client_id=admin-cli" \ -d "username=admin" \ -d "password=admin" \ -d "grant_type=password" \ "http://localhost:8180/auth/realms/master/protocol/openid-connect/token" I am successfully getting a token, which I am then using in my second call as follows: curl -v -X PUT -d '["UPDATE_PASSWORD"]' \ -H "Content-Type: application/json" \

问题 I am trying to trigger sending email using Keycloak API, but not succeeding. As described in documentation first I am getting token for my admin user: curl \ -d "client_id=admin-cli" \ -d "username=admin" \ -d "password=admin" \ -d "grant_type=password" \ "http://localhost:8180/auth/realms/master/protocol/openid-connect/token" I am successfully getting a token, which I am then using in my second call as follows: curl -v -X PUT -d '["UPDATE_PASSWORD"]' \ -H "Content-Type: application/json" \

问题 I have enabled google social login for my keycloak instance, but I need to use it as a rest service. Is there endpoint that can be used to do this? 来源： https://stackoverflow.com/questions/54219092/keycloak-social-login-rest-api

问题 I have enabled google social login for my keycloak instance, but I need to use it as a rest service. Is there endpoint that can be used to do this? 来源： https://stackoverflow.com/questions/54219092/keycloak-social-login-rest-api