keycloak-services

I like to manage keycloak from my own application:create user & clients, display users & client. As this is not a real user but a machine I would like to use a service account with a client credential grant as proposed in How to get Keycloak users via REST without admin account . To realize this I: create a realm inside the real created a client configured the access type of the client to "confidential" saved and activated the "Service Accounts Enabled" option that will apear after the save. enable under scopes the client-roles of the "real-management" (see screenshot) requested an access

I know keycloak has exposed below api, <dependency> <groupId>org.keycloak</groupId> <artifactId>keycloak-services</artifactId> <version>2.0.0.Final</version> </dependency> With complete documentation here . I cannot find the required api here to fetch all users with specific role mapped to them. Problem Statement - I need to pick all users from keycloak server who have a specific role. I need to send email to all users with role mapped to them. There is an outstanding feature request asking for this function via the API. In the meantime if your requirement is once-off you could obtain the user

I am using the latest keycloak image in docker and can access the standard admin console at http://localhost:9080 . However, I cant seem to access any of the paths specified in the documentation for Admin REST api. For instance, the base path /auth and Resource Get clients belonging to the realm Returns a list of clients belonging to the realm: /{realm}/clients I am getting a 404. So is for any other method in the documentation . The only path returning a valid 200 json response is http://localhost:9080/auth/realms/ {realm-name}/ which according to the documentation be reachable at basepath +

I am getting this exception "Didn't find publicKey for kid" while calling endpoint from angular js 2 to the widlfly server . authentication happened in keycloak , however i am calling about 8 endpoints from different clients (different micro services ) within same realm using same token but i got this exception only for this microservice call . i am sure that the user has all roles for all clients . i also decoded the token on JWT to verify that. sometimes it works and sometimes no!! this the exception stack trace : Caused by: java.lang.RuntimeException: Unexpected error: java.security

I have followed the guide https://ultimatesecurity.pro/post/okta-saml/ , to configure OKTA Saml with keycloak. After this configuration, I see Okta/saml login button on login page, clicking on which, the user is redirected to Okta login/SSO. Now, is there a way to avoid clicking on this button everytime such that when the keycloak login page appears, user is auto redirected to Okta SSO automatically instead of shown keycloak login form with okta redirect button? If not, is it possible to enter okta username password within the keycloak form fields and keycloak have it validated internally from

I am trying to deploy keycloak using docker image ( https://hub.docker.com/r/jboss/keycloak/ version 4.5.0-Final) and facing an issue with setting up SSL. According to the docs Keycloak image allows you to specify both a private key and a certificate for serving HTTPS. In that case you need to provide two files: tls.crt - a certificate tls.key - a private key Those files need to be mounted in /etc/x509/https directory. The image will automatically convert them into a Java keystore and reconfigure Wildfly to use it. I followed the given steps and provided the volume mount setting with a folder

There is an Endpoint to a backend server which gives a JSON response on pinging and is protected by an Apigee Edge Proxy . Currently, this endpoint has no security and we want to implement Bearer only token authentication for all the clients making the request. All the clients making the requests to API will send that JWT token in Authorization Bearer and Apigee Edge will be used to verify the JWT Token. How do I use Keycloak to generate this JWT token? Also, Apigee needs a public key of the origin of the JWT token (the server which signed the JWT token, in this case, I believe that is