keycloak

问题 In Keycloak I see there is a CRUD API to create a resource (and scopes): http://${host}:${port}/auth/realms/${realm_name}/authz/protection/resource_set Create resource set description: POST /resource_set Read resource set description: GET /resource_set/{_id} Update resource set description: PUT /resource_set/{_id} Delete resource set description: DELETE /resource_set/{_id} But I don't see an API to CRUD Authorization Policies, Permissions. I tried to create policies via the protection

问题 In Keycloak we have a created a custom ftl registration theme that has removed the optional first name and last name fields. Our system only requires the user to have an email address and password. However when the user hits enter an error is displayed indicating that the first name and last name need to be entered. In the Keycloak UserModel these fields are optional, and it is also possible to create users via the admin console / api without firstname and lastname. How do we remove these

问题 I'm unable to connect to Keycloak from Loopback. I've been trying to use the keycloak-connect lib: https://github.com/keycloak/keycloak-nodejs-connect This is my current server/boot/root.js module.exports = function (server) { var session = require('express-session'); var Keycloak = require('keycloak-connect'); var memoryStore = new session.MemoryStore(); var keycloak = new Keycloak({ store: memoryStore }); server.use(session({ secret: 'xxx', resave: false, saveUninitialized: true, store:

问题 I need to configure realms in Keycloak by the Admin WS accessible at the path http://KeycloakServer:8081/auth/admin/realms So in Postman I run the following request URL: http://KeycloakServer:8081/auth/admin/realms Method: POST Body: { "enabled": true, "id": "TestRealm", } I get a 401 Unauthorized response, so I think it is necessary to authenticate to the Admin WS. But in the docs I cannot find any information about the type of authentication required and the syntax. Do you know how to

问题 There is an Endpoint to a backend server which gives a JSON response on pinging and is protected by an Apigee Edge Proxy . Currently, this endpoint has no security and we want to implement Bearer only token authentication for all the clients making the request. All the clients making the requests to API will send that JWT token in Authorization Bearer and Apigee Edge will be used to verify the JWT Token. How do I use Keycloak to generate this JWT token? Also, Apigee needs a public key of the

问题 var loadData = function () { var url = 'http://localhost:3000/users'; var req = new XMLHttpRequest(); req.open('GET', url, true); req.setRequestHeader('Accept', 'application/json'); req.setRequestHeader('Authorization', 'Bearer ' + keycloak.token); req.onreadystatechange = function () { if (req.readyState == 4) { if (req.status == 200) { console.log('Success'); } else if (req.status == 403) { console.log('Forbidden'); } } } req.send(); }; Above is my front end code requesting the REST API and

问题 Context: I'm creating a cloud platform to support multiple applications with SSO. I'm using Keycloak for authentication and Netflix Zuul for authorization (API Gateway) thru Keycloak Spring Security Adapter . Each microservice expect an Authorization header, which contains a valid JWT, from which it will take the username (sub) to process the request. Each microservice-to-microservice call should go thru Netflix Zuul first, passing the Authorization header to maintain a stateless validation.

问题 I'm configuring a Spring Cloud (Angel.SR6) application using the Zuul reverse proxy utility, in order to hide the internal service ports. My zuul (edge) service is published in the 8765 port and my organizations service is in the 8083 one. Everything goes smoothly when I access the application with no security, http://localhost:8765/organization/organizations returns the JSON with all the organizations. However, now I want to integrate a Keycloak SSO (OAuth2) server for authorization purposes

问题 I'm configuring a Spring Cloud (Angel.SR6) application using the Zuul reverse proxy utility, in order to hide the internal service ports. My zuul (edge) service is published in the 8765 port and my organizations service is in the 8083 one. Everything goes smoothly when I access the application with no security, http://localhost:8765/organization/organizations returns the JSON with all the organizations. However, now I want to integrate a Keycloak SSO (OAuth2) server for authorization purposes

问题 I have a client in keycloak for my awx(ansible tower) webpage. I need only the users from one specific keycloak group to be able to log in through this client. How can I forbid all other users(except from one particular group) from using this keycloak client? 回答1: On Keycloak admin console, go to Clients menu, select your client. On the client configuration page, set Authorization Enabled: On , click Save . A new Authorization tab should appear, go to it, then to the Policies tab underneath,