keycloak

问题 I'm using Keycloak with an external OAuth server used as id provider. When I try to login, Keycloak send an authentication backchannel request in which the OAuth server replies with a JWT. When decoding that JWT, Keycloak fails with this exception Caused by: com.fasterxml.jackson.core.JsonParseException: Numeric value (1539167070926) out of range of int at [Source: (byte[])"{"sub":"20008203","aud":"Test-Keycloak","amr":["pwd","mobile"],"iss":"oauth","exp":1539167070926,"iat":1539163470926,

问题 Consider the following environment: one docker container is keycloak another docker container is our web app that uses keycloak for authentication The web app is a Spring Boot application with "keycloak-spring-boot-starter" applied. In application.properties: keycloak.auth-server-url = http://localhost:8028/auth A user accessing our web app will be redirected to keycloak using the URL for the exposed port of the keycloak docker container. Login is done without problems in keycloak and the

问题 Consider the following environment: one docker container is keycloak another docker container is our web app that uses keycloak for authentication The web app is a Spring Boot application with "keycloak-spring-boot-starter" applied. In application.properties: keycloak.auth-server-url = http://localhost:8028/auth A user accessing our web app will be redirected to keycloak using the URL for the exposed port of the keycloak docker container. Login is done without problems in keycloak and the

问题 Consider the following environment: one docker container is keycloak another docker container is our web app that uses keycloak for authentication The web app is a Spring Boot application with "keycloak-spring-boot-starter" applied. In application.properties: keycloak.auth-server-url = http://localhost:8028/auth A user accessing our web app will be redirected to keycloak using the URL for the exposed port of the keycloak docker container. Login is done without problems in keycloak and the

问题 In a Spring Boot project we enabled Spring Security and applied Keycloak authentication with bearer token like described in the following articles: https://www.keycloak.org/docs/3.2/securing_apps/topics/oidc/java/spring-security-adapter.html https://www.keycloak.org/docs/3.2/securing_apps/topics/oidc/java/spring-boot-adapter.html But i can't find any recommendations how to make automation tests so that the Keycloak config is applied. So, how to test/mock/verify the Keycloak configuration when

问题 I am trying to wrap my head around the concept of bearer-only clients in Keycloak. I understand the concept of public vs confidential and the concept of service accounts and the grant_type=client_credentials stuff. But with bearer-only , I'm stuck. Googling only reveals fragments of discussions saying: You cannot obtain a token from keycloak with a bearer-only client. The docs are unclear as well. All they say is: Bearer-only access type means that the application only allows bearer token

问题 I've placed my keycloak server behind apache proxy: ProxyRequests On ProxyVia On ProxyPreserveHost On SSLProxyEngine On SSLProxyCheckPeerCN on SSLProxyCheckPeerExpire on <LocationMatch "/auth/"> ProxyPass http://keycloak:8090/auth/ Keepalive=On </LocationMatch> ProxyPassReverse "/auth/" "http://keycloak:8090/auth/" I've succesfully told my keycloak on javascript side to use /auth for authentication: { "realm" : "local", "auth-server-url" : "/auth", "ssl-required" : "external", "resource" :

问题 I've placed my keycloak server behind apache proxy: ProxyRequests On ProxyVia On ProxyPreserveHost On SSLProxyEngine On SSLProxyCheckPeerCN on SSLProxyCheckPeerExpire on <LocationMatch "/auth/"> ProxyPass http://keycloak:8090/auth/ Keepalive=On </LocationMatch> ProxyPassReverse "/auth/" "http://keycloak:8090/auth/" I've succesfully told my keycloak on javascript side to use /auth for authentication: { "realm" : "local", "auth-server-url" : "/auth", "ssl-required" : "external", "resource" :

问题 I see a lot of topics about this but it seems that all of them access KEYCLOAK with the same URL. Explanation. I try to set up un frontend+microservice secured by KC achitecture. See the drawing : Everything work well if keycloak (kc) is seen by everybody with the same url, that is for JS : const keycloakURL = "http://test-kc-keycloak:8080/auth"; const keycloakParams = { url: keycloakURL, realm: "Test", clientId: "IHM" }; const keycloak = Keycloak(keycloakParams); ... For the service (project

问题 When using Keycloak for authorization it allows creating protected resources. But it only allows defining the URI. How can I also add the HTTP method for the resource? Although it seems the policy enforcers allows us to define such details, how is Keycloak able to map the HTTP method with the resource? Thanks in Advance. 回答1: If you want scopes to be mapped to HTTP methods then you need to set http-method-as-scope to true. You can check policy enforcer documentation here With spring-boot