keycloak

问题 I am using this guide http://www.keycloak.org/docs/3.2/server_development/topics/user-storage.html to configure user federation. This works fine and my users can login. My users are stored in a Mysql Database. Users have different roles - also store in mysql. I am not not sure of how to add roles to the UserModel. I've implemented getUserXXX methods e.g @Override public UserModel getUserByEmail(String email, RealmModel realm) { LOGGER.info("LOADING BY EMAIL"); try (Connection connection = ds

问题 I have this error java.lang.LinkageError: ClassCastException: attempting to tomcat-debug-eclispe/wtpwebapps/xwiki-debug-eclipse/WEB-INF/lib/jsr311-api-1.1.1.jar!/javax/ws/rs/ext/RuntimeDelegate.class to tomcat-debug-eclispe/lib/jboss-jaxrs-api_2.0_spec-1.0.1.Final.jar!/javax/ws/rs/ext/RuntimeDelegate.class I'm using an open source wiki platform called xwiki https://github.com/xwiki/xwiki-platform This platform somewhere include jsr311-api-1.1.1.jar and need it. Now I want to connect through

问题 I have this error java.lang.LinkageError: ClassCastException: attempting to tomcat-debug-eclispe/wtpwebapps/xwiki-debug-eclipse/WEB-INF/lib/jsr311-api-1.1.1.jar!/javax/ws/rs/ext/RuntimeDelegate.class to tomcat-debug-eclispe/lib/jboss-jaxrs-api_2.0_spec-1.0.1.Final.jar!/javax/ws/rs/ext/RuntimeDelegate.class I'm using an open source wiki platform called xwiki https://github.com/xwiki/xwiki-platform This platform somewhere include jsr311-api-1.1.1.jar and need it. Now I want to connect through

问题 I'm using Keycloak (latest) for Auth 2.0 , to validate authentication, provide a token (JWT) and with the token provided, allows the access to the application URLs, based in the permissions. Keycloak is currently running in Kubernates, with Istio as Gateway. For Keycloak, this is the policy being used: apiVersion: authentication.istio.io/v1alpha1 kind: Policy metadata: name: application-auth-policy spec: targets: - name: notification origins: - jwt: issuer: http://<service_name>http.

问题 I'm using Keycloak (latest) for Auth 2.0 , to validate authentication, provide a token (JWT) and with the token provided, allows the access to the application URLs, based in the permissions. Keycloak is currently running in Kubernates, with Istio as Gateway. For Keycloak, this is the policy being used: apiVersion: authentication.istio.io/v1alpha1 kind: Policy metadata: name: application-auth-policy spec: targets: - name: notification origins: - jwt: issuer: http://<service_name>http.

问题 This question is in the area of SAML based IDP initiated SSO. As a POC, I have two keycloak instances, say keycloak1 and keycloak2. I would want to achieve the below : Authentication would be done at keycloak1 keycloak1 then directs to keycloak2 to access an keycloak2 client application. To do so, a) create a saml client at keycloak1 under realm1. With IdP initiated SSO Name set as some name without spaces) --> say, keycloakclientsaml . In the Fine Grain SAML Endpoint Configuration section,

问题 I am trying to use the Keycloak AuthzClient to register resources and related permissions in a resource server. I have a resource server "resourceserver" with authz service enabled. Using the AuthzClient, initialized with the json file containing the resource server's client id and secret, I'm able to obtain a pat. ... authzClient.obtainAccessToken().getToken(); ResourceRepresentation resource = new ResourceRepresentation(); resource.setName("myresource"); resource.setUris(new HashSet<>

问题 I am trying to use the Keycloak AuthzClient to register resources and related permissions in a resource server. I have a resource server "resourceserver" with authz service enabled. Using the AuthzClient, initialized with the json file containing the resource server's client id and secret, I'm able to obtain a pat. ... authzClient.obtainAccessToken().getToken(); ResourceRepresentation resource = new ResourceRepresentation(); resource.setName("myresource"); resource.setUris(new HashSet<>

问题 I am trying to secure my application using keycloak. I use angular for my frontend and spring boot for my backend. Using only http, everything works fine, the problem is, if I want to use HTTPS along side HTTP, I am having a problem with the backend throwing an error like: o.k.a.BearerTokenRequestAuthenticator : Failed to verify token org.keycloak.common.VerificationException: Invalid token issuer. Expected 'http://myDomain/auth/realms/realmName', but was 'https://myDomain/auth/realms

问题 While integrating Keyclock SDK , I try to exchange authorization code to access token authService.performTokenRequest( resp.createTokenExchangeRequest(), new AuthorizationService.TokenResponseCallback() { @Override public void onTokenRequestCompleted( TokenResponse resp, AuthorizationException ex) { if (resp != null) { // exchange succeeded } else { // authorization failed, check ex for more details } } }); I got the following error, java.lang.RuntimeException: An error occurred while