keycloak

问题 I am working on a microservice architecture developed in Spring boot with an API gateway service using Spring Cloud Gateway. I am using Keycloak as an identity provider. Everything is working fine normally, but I am getting intermediate authorization_request_not_found exception on user login and a whitelable error page occurs. If we try again, it works. Below is the exception I received on Keycloak server: [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-264) Failed to

问题 I have an application made with .NET Core API, Keycloak and JWT Token. The older version of Keycloak that I've been using so far, when it created the JWT Token it wrote the roles here on payload: { "user_roles": [ "offline_access", "uma_authorization", "admin", "create-realm" ] } But now after I updated it, it's writing the roles here on payload: { "realm_access": { "roles": [ "create-realm", "teacher", "offline_access", "admin", "uma_authorization" ] }, } And I need to know how to change

问题 I have a spring client with spring rest api's which are protected with keycloak. I am trying to call it using keycloakresttemplate from another client which is a pure java code with no security. I am getting the keycloak access token from java client and setting it in the header of rest url. It is not able to initialize the keycloakresttemplate. Any view why I am facing this issue. //Below is the code to hit the spring url using keycloakresttemplate.I have added Dependency of keycloack

问题 I have a spring client with spring rest api's which are protected with keycloak. I am trying to call it using keycloakresttemplate from another client which is a pure java code with no security. I am getting the keycloak access token from java client and setting it in the header of rest url. It is not able to initialize the keycloakresttemplate. Any view why I am facing this issue. //Below is the code to hit the spring url using keycloakresttemplate.I have added Dependency of keycloack

问题 My company uses Keycloak for authentication connected with LDAP and returning a user object filled with corporative data. Yet in this period we are all working from home and in my daily work having to authenticate in my corporative server every time I reload the app, has proven to be an expensive overhead. Especially with intermittent internet connections. How can I fake the Keycloak call and make keycloak.protect() work as it has succeeded? I can install a Keyclock server in my machine, but

问题 I have set up a web application with Keycloak in my local machine. Since Im using Keycloak as SSO implementation, I want in my web app that whenever SIGNUP button is click, user is directed into the registration page, and not going through the LOGIN page. This is the example URL directed to the registration form, however, it contains a tab_id that is generated randomly like a session id. https://site.test/auth/realms/custom/login-actions/authenticate?client_id=test&tab_id=qIdW92Bvwmk I read

问题 I want to write unit tests for my spring controller. I'm using keycloak's openid flow to secure my endpoints. In my tests I'm using the @WithMockUser annotation to mock an authenticated user. My problem is that I'm reading the userId from the token of the principal. My unit test now fails because the userId I read from the token is null; if (principal instanceof KeycloakAuthenticationToken) { KeycloakAuthenticationToken authenticationToken = (KeycloakAuthenticationToken) principal;

问题 Let's say we have several micro-services. Each of them uses Keycloak authentication. We have also load balancer based on for ex. nginx which has external URLs and different routes to keycloak (for ex. in OpenShift it can be https://keycloak.rhel-cdk.10.1.2.2.xip.io). But internally this address can be inaccessible. Also having micro-service configuration dependent on the load balancer URL is a bit weird. What what be more appropriate is to use internal keycloak auth URL inside of the micro

问题 I have 2 JHipster apps running each on one subdomain (app1.domain.tld & app2.domain.tld). In both apps, users login through Keycloak. The sequence is as such : Angular app sends /authenticate request with credentials to Keycloak In case of successful response returns a authentication cookie POST request is is sent to Jhipster backend app that generates JSessionID cookie JSessionID is then used for every request to backed app. What would be the best way to automatically login user (without

问题 I have 2 JHipster apps running each on one subdomain (app1.domain.tld & app2.domain.tld). In both apps, users login through Keycloak. The sequence is as such : Angular app sends /authenticate request with credentials to Keycloak In case of successful response returns a authentication cookie POST request is is sent to Jhipster backend app that generates JSessionID cookie JSessionID is then used for every request to backed app. What would be the best way to automatically login user (without