keycloak

Keycloak + Kerberos authentication: Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC

允我心安 提交于 2020-02-29 06:42:12
问题 I have the following spring web application on JBoss EAP 7.2.2 - Machine CentOs Keycloak 3.3.4 on CentOs Active directory We run on OpenJDK 8 Users login from Windows machines using their Active directory accounts. Keycloak is configured with a kerberos use federation. On CentOs machines a kerberos client is installed using yum install krb5-user krb5-doc yum install krb5-pkinit krb5-workstation yum install krb5-libs krb5-devel yum install krb5-server krb5-workstation pam_krb5 In keycloak user

投票:OAuth2.0 技术选型你会怎么选

[亡魂溺海] 提交于 2020-02-27 15:58:37
1. 前言 在使用 OAuth2.0 中 Authorization Server (授权服务器)是一个回避不了的设施,在大多数情况下我们调用的是一些知名的、可靠的、可信任的第三方平台,比如 QQ、微信、微博、github 等。我们的应用只作为 Client 进行注册接入即可。也就是说我们只需要实现 OAuth2.0 客户端的逻辑就可以了,无须关心授权服务器的实现。然而有时候我们依然希望构建自己的 Authorization Server 。我们应该如何实现?今天不会讨论具体的技术细节,来谈谈 OAuth2.0 的技术选型。 2. Spring Security OAuth2 现状 在做 Spring Security 相关教程 的时候首先会考虑 Spring 提供的 OAuth2.0 功能。当我去 Spring 官网了解相关的类库时发现居然 Spring 的 OAuth2.0 类库即将过期的通知,有图有真相: 总结以下就是 Spring Security OAuth 的模块即将过期,后续的功能已经迁移到 Spring Security 5.2.x 中,但是不会再提供 Authorization Server 的功能。 在官方声明中还提到, 当前 Spring Security OAuth 分支是 2.3.x 和 2.4.x 。 2.3.x 版本将于 2020 年 3 月寿命终止

Get the user roles with the keycloak userinfo endpoint

谁都会走 提交于 2020-02-25 04:16:22
问题 How can I get the the roles included in the reply of the userinfo endpoint in keycloak. I defined a "Role Mapping" for the user in keycloak. When I call the userinfo endpoint I get the fields like email name etc, but the roles are not included in the reply. When I call the auth endpoint I get the access_token and in the field scope has roles included. Here is the reply from the auth endpoint: access_token" QJsonValue(string, "eyJhb...") "expires_in" QJsonValue(double, 300) "not-before-policy"

Keycloak for ionic app : keycloak-js with cordova-native does not work

こ雲淡風輕ζ 提交于 2020-02-23 05:43:17
问题 I am trying to use the Keycloak-js(from 4.4.0.Final) library in my ionic(4) cordova application. I have followed the example and instructions from the documentation. I have installed cordova-plugin-browsertab , cordova-plugin-deeplinks , cordova-plugin-inappbrowser . Added <preference name="AndroidLaunchMode" value="singleTask" /> in my config.xml And this is how my modifications to config.xml looks like. <widget id="org.phidatalab.radar_armt"....> <plugin name="cordova-plugin-browsertab"

Keycloak Admin Client within Quarkus - java.lang.IncompatibleClassChangeError

白昼怎懂夜的黑 提交于 2020-02-21 06:04:00
问题 I'm writing a suite of microservices using Quarkus. These services will be protected using Quarkus' Keycloak extension. That interaction works great and without problem. Now I'm trying to add functionality to my microservices that will essentially broker communication with Keycloak and allow me to create users/groups/roles programmatically using the Keycloak admin client. I've added the Keycloak admin client dependency to my pom.xml : <dependency> <groupId>org.keycloak</groupId> <artifactId

Keycloak Admin Client within Quarkus - java.lang.IncompatibleClassChangeError

回眸只為那壹抹淺笑 提交于 2020-02-21 06:00:23
问题 I'm writing a suite of microservices using Quarkus. These services will be protected using Quarkus' Keycloak extension. That interaction works great and without problem. Now I'm trying to add functionality to my microservices that will essentially broker communication with Keycloak and allow me to create users/groups/roles programmatically using the Keycloak admin client. I've added the Keycloak admin client dependency to my pom.xml : <dependency> <groupId>org.keycloak</groupId> <artifactId

Keycloak Admin Client within Quarkus - java.lang.IncompatibleClassChangeError

别说谁变了你拦得住时间么 提交于 2020-02-21 05:59:28
问题 I'm writing a suite of microservices using Quarkus. These services will be protected using Quarkus' Keycloak extension. That interaction works great and without problem. Now I'm trying to add functionality to my microservices that will essentially broker communication with Keycloak and allow me to create users/groups/roles programmatically using the Keycloak admin client. I've added the Keycloak admin client dependency to my pom.xml : <dependency> <groupId>org.keycloak</groupId> <artifactId

Keycloak nodeJS always get 403

﹥>﹥吖頭↗ 提交于 2020-02-04 05:22:12
问题 I have a NodeJS application running which id like to protect with keycloak. I've done everything like in other applications which are protected with KeyCloak (Roles, Scopes) and it just does not want to work. My config.json : { "realm": "<Realm>", "bearer-only": true, "auth-server-url": "https://<URL>/auth", "ssl-required": "external", "resource": "<serviceName>", "use-resource-role-mappings": true, "confidential-port": 0 } Then i set it up like this: let memoryStore = new session.MemoryStore

Spring app basic auth over keycloack

余生长醉 提交于 2020-02-02 10:21:29
问题 I need to add auth to my spring boot (MVC) app. Auth provider is keycloak via OpenID. Both Implicit and Authorization Code grants are disabled, so I am stuck with Resource owner credentials grant. What I want to achieve is basic auth prompt for unauthorized users. Credentials retrieved that way should be used to get token and user information from keycloak for its further usage by spring security. The token should be checked on each request. Most examples I've found are using the redirect

Spring app basic auth over keycloack

限于喜欢 提交于 2020-02-02 10:21:08
问题 I need to add auth to my spring boot (MVC) app. Auth provider is keycloak via OpenID. Both Implicit and Authorization Code grants are disabled, so I am stuck with Resource owner credentials grant. What I want to achieve is basic auth prompt for unauthorized users. Credentials retrieved that way should be used to get token and user information from keycloak for its further usage by spring security. The token should be checked on each request. Most examples I've found are using the redirect
订阅 keycloak