keycloak | 易学教程

keycloak 自定义页面开发

阅读更多关于 keycloak 自定义页面开发

1.开发方式主题类型 Account - Account management Admin - Admin console Email - Emails Login - Login forms Welcome - Welcome page 创建主题 HTML templates (Freemarker Templates) Images Message bundles Stylesheets Scripts Theme properties 主题开发严格按照文件目录，文件名称，文件格式，可选的继承父主题。调整主题继承父主题，选择性的覆盖或增加表单控件，更改样式，更改文字内容等。完全覆盖开发基于freemarker模板引擎及vue等当下流行纯前端技术。找到原页面中出现的接口。找到并理解原页面中出现的表达式及含义。 2.难点难点在于找到并理解原页面中出现的表达式及含义。挖掘模板引擎中realm.password表达式含义：在login.ftl中有如下代码: <#if realm.password> <form id="kc-form-login" onsubmit="login.disabled = true; return true;" action="${url.loginAction}" method="post"> ............. <#if>

OpenID redirect vs bearer

阅读更多关于 OpenID redirect vs bearer

问题 I'm developing a microservice in C++ (for low latency reasons), and I'm beginning to dive into OpenID and Keycloak. Developing in C++ means I've almost no library support for OpenID, but I've (hopefully) the all the low level details working (like proper JWT verification). I've to do all the communication flows and redirects myself. So much as a background. Keep that in mind because I need to know and implement details which usually a library will hide for a developer. There are three parties

Keycloak access tokens invalid after Keycloak server restart

阅读更多关于 Keycloak access tokens invalid after Keycloak server restart

问题 We are using Keycloak 3.4.0 / Keycloak.js in our single page app. Keycloak stores its data within a MariaDB. When I restart the Keycloak server (NOT MariaDB) and refresh my single page app I am redirected to the login page. I thougt that Keycloak stores all tokens within its database, shouldn't these tokens still be valid after a restart? Or is it expected that all sessions are logged out? Do I have to use offline tokens to support this scenario? The offline token is valid even after a user

Spring Boot集成Keycloak

阅读更多关于 Spring Boot集成Keycloak

前言本文参考 A Quick Guide to Using Keycloak with Spring Boot ，整理实战中遇到的问题。 Docker 安装 Keycloak 下载镜像 quay下载镜像 docker pull quay.io/keycloak/keycloak 失败的话，可再次尝试。启动keycloak docker run -p 6060:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:latest 端口根据实际做映射。官方是： docker run -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:9.0.2 目前最新版本是 9.0.2 ，建议直接换成： latest ，自动拉取最新的镜像。启动成功：本例是在本地环境启动，若在生产环境启动，需要开启 SSL 。 Browsers and applications that interact with the realm must honor the SSL/HTTPS requirements defined by the SSL Mode or they

Keycloak adaptor for golang application

阅读更多关于 Keycloak adaptor for golang application

问题 I am going to secure my golang application using keycloak, but keycloak itself does not support go language. There are some go adaptor as an open project in github that has implemented openId connect protocol as a provider service, but they do not provide an example or documentation on how to integrate libraries with an application. How can i interact with keycloak using golang? 回答1: As you have pointed out, there is no official keycloak adapter for golang. But it is pretty straight forward

Moving to https in keycloak using nginx

阅读更多关于 Moving to https in keycloak using nginx

问题 JSF project Wildfly + App (on 8080) Same Server Keycloak (on 8180) When I trigger a login (by going to a page that needs login) I go to this link: https://thexxxxxx.nz/auth/realms/TheXxxxxXxxxx/protocol/openid-connect/auth?response_type=code&client_id=thexxxxxxxxx&redirect_uri=https%3A%2F%2Fthexxxxxxx.nz%2Fthexxxxxxx%2Fpages%2Fmy%2Fdashboard.jsf&state=8a73b245-b8b2-41ff-8dd4-9c28d4066e17&login=true&scope=openid This gives: Invalid parameter: redirect_uri If I then change the redirect to https

Fail to setup Keycloak with Spring Boot Security UnsatisfiedDependencyException with KeycloakAutoConfiguration

阅读更多关于 Fail to setup Keycloak with Spring Boot Security UnsatisfiedDependencyException with KeycloakAutoConfiguration

问题 have a little trouble with keycloack and spring security. Here the pom: <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>my.world</groupId> <artifactId>having-fun</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>jar</packaging> <name>having-fun<

Keycloak: missing realm public key

阅读更多关于 Keycloak: missing realm public key

问题 when I access keycloak admin console (!remotely) and create client: the keycloak OIDC JSON doesn't have public key I would expect having in JSON something like: "realm-public-key": "MIIBIjANBg.... 回答1: keycloak.json in newest keycloak doesnot have any realm public key ... actually it appears that you are using keycloak version 2.3.x there have been some changes in it . Basically you can rotate multiple public keys for a realm . The document says this :- In 2.3.0 release we added support for

Keycloak: missing realm public key

阅读更多关于 Keycloak: missing realm public key

Keycloak access impersonate API

阅读更多关于 Keycloak access impersonate API

问题 We started using keycloak 3.4.3 and we need to introduce an impersonate function in our application. We found that keycloak has an impersonate api which unfortunate it does not return a token for the user but a redirect link for which the user can "select" his own client. We found here https://blog.softwaremill.com/who-am-i-keycloak-impersonation-api-bfe7acaf051a a way (in scala) to retrieve a fresh token (only for keycloak 3.4+): private def exchangeToken(token: String, userId: String):