keycloak

问题 I am using Keycloak: 4.8.3.Final I have the following clients in Keycloak UserService InventoryService InventoryService has some resources defined in Keycloak and Authorization enabled. UserService (as a service-account) has the necessary client-roles assigned in the service-account-roles tab Whenever someone tries to access the APIs of InventoryService, I do the following: Get the access token from the Authorization Header get RPT (as mentioned here) introspect the RPT if the desired

问题 I am using Keycloak: 4.8.3.Final I have the following clients in Keycloak UserService InventoryService InventoryService has some resources defined in Keycloak and Authorization enabled. UserService (as a service-account) has the necessary client-roles assigned in the service-account-roles tab Whenever someone tries to access the APIs of InventoryService, I do the following: Get the access token from the Authorization Header get RPT (as mentioned here) introspect the RPT if the desired

问题 I am using Keycloak: 4.8.3.Final I have the following clients in Keycloak UserService InventoryService InventoryService has some resources defined in Keycloak and Authorization enabled. UserService (as a service-account) has the necessary client-roles assigned in the service-account-roles tab Whenever someone tries to access the APIs of InventoryService, I do the following: Get the access token from the Authorization Header get RPT (as mentioned here) introspect the RPT if the desired

问题 Encountered redirect_uri error in keycloak. Found same issue logged at JIRA KEYCLOAK-7237, just want to check any work around? Anyone can help? Thank you in advance. 2018-06-30 11:34:13,996 WARN [org.keycloak.events] (default task-8) type=LOGIN_ERROR, realmId=Victz, clientId=portal, userId=null, ipAddress=, error=invalid_redirect_uri, redirect_uri=https://www.example.com:0/home I am using apache http reverse proxy running on centos7, wildly 10, keycloak 3.4.3. has also tried in below

问题 Encountered redirect_uri error in keycloak. Found same issue logged at JIRA KEYCLOAK-7237, just want to check any work around? Anyone can help? Thank you in advance. 2018-06-30 11:34:13,996 WARN [org.keycloak.events] (default task-8) type=LOGIN_ERROR, realmId=Victz, clientId=portal, userId=null, ipAddress=, error=invalid_redirect_uri, redirect_uri=https://www.example.com:0/home I am using apache http reverse proxy running on centos7, wildly 10, keycloak 3.4.3. has also tried in below

问题 I have the problem that I can log on to my dashboard via OIDC, but then the oidc group information is not mapped correctly and I cannot access the corresponding resources. Basic setup K8s version: 1.19.0 K8s setup: 1 master + 2 worker nodes Based on Debian 10 VMs CNI: Calico Louketo Proxy as OIDC proxy OIDC: Keycloak Server (Keycloak X [Quarkus]) Configurations I have configured the K8s apiserver with these parameters. kube-apiserver.yaml - --oidc-issuer-url=https://test.test.com/auth/realms

问题 I am building a web app based on ReactJS and it is running during the bulding process on the http://localhost:3000 . For security reason, all backend and web apps are protected through Keycloak. At the moment, Keycloak and backend service account are running on the Kubernetes cluster as you can see on the picture below: The web app is also procected through Keycloak and it is running on http://localhost:3000 . So, when I start the web app, it redirects me to the login page of the Keycloak.

问题 If an application redirects the user to the Keycloak login page, and it sits there for more than the "Login timeout" (default 5 minutes), then when the users enters a username and password, instead of a login, she is greeted by: You took too long to login. Login process starting from beginning. To avoid this, one can change "Realm Settings → Tokens → Login timeout" to e.g. 10000 days which is 27 years, which should ensure this never happens in reality. But before we go ahead and effectively

问题 If an application redirects the user to the Keycloak login page, and it sits there for more than the "Login timeout" (default 5 minutes), then when the users enters a username and password, instead of a login, she is greeted by: You took too long to login. Login process starting from beginning. To avoid this, one can change "Realm Settings → Tokens → Login timeout" to e.g. 10000 days which is 27 years, which should ensure this never happens in reality. But before we go ahead and effectively

问题 I've followed the guide at [1] to map a single user attribute. However, I need to map all attributes to an array, so that every attribute for a particular User shows up in an attribute array of the access token (Or better, restrict attributes to a certain group of attributes, but I guess user attributes are only a flat key/value map). I tried out setting a wildcard * in the User Attribute field of the client mapper. But no matter what I do, I can ony set one attribute at a time given an