keycloak-services

Keycloak: retrieve all available client sessions

為{幸葍}努か 提交于 2019-12-11 22:06:01
问题 I'm using Keycloak to secure my Spring app (which is registered in Keycloak as my_app client). Now I want to retrieve all active sessions of that client. Would be great if I could do it using keycloak-admin-client, because I couldn't figure out how to use Admin Rest API in java... So far I've tried this: Keycloak keycloak=KeycloakBuilder.builder() .serverUrl("http://localhost:8180/auth") .realm("master") .username("admin") .password("admin") .clientId("admin-cli") .resteasyClient(new

Keycloak User Storage SPI Implementation

笑着哭i 提交于 2019-12-11 14:32:21
问题 I'm trying to implement a custom keycloack Authenticator SPI for authenticating against an external Datasource. Spring boot Rest Service is also available, I can also use that. Use case I am trying to solve is User is presented keycloak login screen. Onsubmission User is validated against external Datasource. Retrieve some attributes from external datasource, map it to keycloak's id and access token. Also put in a condition of user restriction of same user logging in multiple times at the

Keycloak : unable to map user roles when creating user for api

◇◆丶佛笑我妖孽 提交于 2019-12-11 11:58:53
问题 I am new to Keycloak. I want create user using Keycloak admin REST API. I have managed to create a user. But the problem is I also want to assign admin role to the user. Attached is my JSON body. Can someone tell me what am I doing wrong here? { "username": "username", "email": "user@gmail.com", "firstName": "name1", "lastName": "name2", "realmRoles": [ "admin" ], "enabled": true, "credentials": [{ "type": "password", "value": "default", "temporary": false }] } Thank you in advance 来源: https:

Display application name on keycloak login page

五迷三道 提交于 2019-12-10 19:13:18
问题 I have two applications App1 and App2 which interacts with keycloak for authentication of users. I want to display application name on keycloak login page. Eg.: if the user is logging into App1 , the keycloak login page should display "Log in to App1". Same should happen for App2 also. How can this be achieved.? 回答1: If you want to keep both in the same realm, just add the javascript code to a custom theme login page. The client_id is passed as a request parameter to the login page. For

Cant access keycloak rest API methods *404*

一个人想着一个人 提交于 2019-12-10 04:03:18
问题 I am using the latest keycloak image in docker and can access the standard admin console at http://localhost:9080. However, I cant seem to access any of the paths specified in the documentation for Admin REST api. For instance, the base path /auth and Resource Get clients belonging to the realm Returns a list of clients belonging to the realm: /{realm}/clients I am getting a 404. So is for any other method in the documentation. The only path returning a valid 200 json response is http:/

Keycloak create a custom identity provider mapper

此生再无相见时 提交于 2019-12-08 07:04:21
问题 i have an open id provider and i use this provider as identity broker of keycloak. I want to map roles (claims) which sent from broker to keycloak (and keycloak will sent mapped roles in its jwt). I want to know how to implement and add a custom mapper to keycloak (like hardcodedmapper, attributemapper in keycloak). Can i do this? Thanks 回答1: Create your new provider class, I extended the existing org.keycloak.broker.saml.mappers.AttributeToRoleMapper class. When building your jar ensure you

ABAC with keycloak - Using Resource attributes in policy

∥☆過路亽.° 提交于 2019-12-08 01:16:09
问题 What I am trying to achieve Protect a resource in Keycloak with policy like: if (resource.status == 'draft') $evaluation.grant(); else $evaluation.deny(); Going by their official documents and mailing list responses, it seems attribute based access control is possible, however, I could not find a way of getting it to work. What I have tried Using Authorization Services: I was unable to figure out where and how I can inject the attributes from the resource instance. Using Authorization Context

Access Keycloak REST Admin API using a service account (client credential grant)

馋奶兔 提交于 2019-12-07 12:22:57
问题 I like to manage keycloak from my own application:create user & clients, display users & client. As this is not a real user but a machine I would like to use a service account with a client credential grant as proposed in How to get Keycloak users via REST without admin account . To realize this I: create a realm inside the real created a client configured the access type of the client to "confidential" saved and activated the "Service Accounts Enabled" option that will apear after the save.

Keycloak - Get all Users mapped to roles

时光总嘲笑我的痴心妄想 提交于 2019-12-07 01:50:27
问题 I know keycloak has exposed below api, <dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-services</artifactId> <version>2.0.0.Final</version> </dependency> With complete documentation here. I cannot find the required api here to fetch all users with specific role mapped to them. Problem Statement - I need to pick all users from keycloak server who have a specific role. I need to send email to all users with role mapped to them. 回答1: There is an outstanding feature request

keycloak bearer token error - Didn't find publicKey for specified kid

↘锁芯ラ 提交于 2019-12-06 14:40:24
I am following this document to secure the rest services. I am able to obtain the access token. However when I try to use the token to invoke a service, I am getting the error - Status: 401 WWW-Authenticate Bearer realm="bkofc", error="invalid_token", error_description="Didn't find publicKey for specified kid" What am I missing here ? Anything to do with the realm settings ? 401 could actually only mean, that the token is not provided correctly. The Header "Authorization" needs to be set properly. It actually works fine, when you are doint it right. Desides, the document you are using is
订阅 keycloak-services