keycloak

问题 I have a problem with Keycloak and Spring Boot .. I developed a web-app with some modal and ajax request, sometimes, and I don't know why, I receive status 401 if I click on an href to open a modal, or if I submit a form via ajax... I don't see any error log server-side, but I checked the request and I have WWW-Authenticate: Bearer realm="Unknown" . I think it is weird. This is the entire request: 1. Request URL: MyUrl 2. Request Method: GET 3. Status Code: 401 Unauthorized 4. Remote Address:

问题 I struggled with this error for a whole day. I check my configuration of Keycloak and APP in tomcat again and again and not found a bug. The picture below shows the testing Scenario: The configuration of APP : 1.Keycloak.json was copied from Keycloak console 2.context.xml also right due to it work fine under "localhost" scenario 3.web.xml : <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns

问题 Running the below commands to import user with roles. ./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password [pass] ./kcadm.sh create users -r [realm_name] -f user-admin.json user-admin.json looks like: { "username": "adminLocal", "enabled": true, "totp": false, "emailVerified": false, "firstName": "admin", "lastName": "local", "email": "adminLocal@domain.com", "disableableCredentialTypes": ["password"], "requiredActions": [], "notBefore": 0,

问题 I am following this document to secure the rest services. I am able to obtain the access token. However when I try to use the token to invoke a service, I am getting the error - Status: 401 WWW-Authenticate Bearer realm="bkofc", error="invalid_token", error_description="Didn't find publicKey for specified kid" What am I missing here ? Anything to do with the realm settings ? 回答1: 401 could actually only mean, that the token is not provided correctly. The Header "Authorization" needs to be set

问题 Using the KeyCloak admin console, I am attempting to enact the following use-case. We have Group X and Group Y. The role 'Group X Admin' can do the following: Can create users without a group. Can assign users without a group to group X. Can edit and manage users in group X. Cannot see/edit/manage users in group Y. It seems that in order to fulfill case 1, I must make 'Group X Admin' a composite role linked to the 'manage-users' role from the realm-management client. However, upon doing this,

问题 I am running into some configuration troubles in setting up a Keycloak server in standalone clustered mode. Despite configuring the datasource to use a postgres database on {REMOTE_IP} , it is failing to start the server complaining that it cannot connect to localhost:5432 . I've been searching all over but I'm befuddled why the DataSource would try to connect to localhost when the connection-url is set to a remote host. Is there any mistake in my configuration? How can I figure out why PG is

问题 I am running into some configuration troubles in setting up a Keycloak server in standalone clustered mode. Despite configuring the datasource to use a postgres database on {REMOTE_IP} , it is failing to start the server complaining that it cannot connect to localhost:5432 . I've been searching all over but I'm befuddled why the DataSource would try to connect to localhost when the connection-url is set to a remote host. Is there any mistake in my configuration? How can I figure out why PG is

问题 I am getting this exception "Didn't find publicKey for kid" while calling endpoint from angular js 2 to the widlfly server . authentication happened in keycloak , however i am calling about 8 endpoints from different clients (different micro services ) within same realm using same token but i got this exception only for this microservice call . i am sure that the user has all roles for all clients . i also decoded the token on JWT to verify that. sometimes it works and sometimes no!! this the

问题 I have a running java ee application and now i want to integrate keycloak as authentication server. The only thing i have troubles is the user storage. I want to have all the user data in my java application. The problem now: If the user registers on the keycloak frontend, my java application doesn´t know that the user has registered, so i cannot create a new entity. I found out that keycloak is able to load some custom modules (https://keycloak.github.io/docs/userguide/keycloak-server/html

问题 I have followed the guide https://ultimatesecurity.pro/post/okta-saml/ , to configure OKTA Saml with keycloak. After this configuration, I see Okta/saml login button on login page, clicking on which, the user is redirected to Okta login/SSO. Now, is there a way to avoid clicking on this button everytime such that when the keycloak login page appears, user is auto redirected to Okta SSO automatically instead of shown keycloak login form with okta redirect button? If not, is it possible to