keycloak

问题 I have a client in keycloak for my awx(ansible tower) webpage. I need only the users from one specific keycloak group to be able to log in through this client. How can I forbid all other users(except from one particular group) from using this keycloak client? 回答1: On Keycloak admin console, go to Clients menu, select your client. On the client configuration page, set Authorization Enabled: On , click Save . A new Authorization tab should appear, go to it, then to the Policies tab underneath,

问题 How to get client secret via Keycloak API? In documentation I see: GET /admin/realms/{realm}/clients/{id}/client-secret My code is the following: data = { "grant_type" : 'password', "client_id" : 'myclientid', "username" : 'myusername', "password" : 'mypassword' } response = requests.get("https://mylink.com/auth/admin/realms/{myrealm}/clients/{myclientid}/client-secret", data=data, headers= {"Content-Type": "application/json"}) I always get 401 error. What do I do wrong? 回答1: I think your

问题 I have to integrate node.js application with keycloak.The application is in express.But the policies are not enforcing.It grants permission for all the users to access all the api. For /test api: Only users with 'chief' role has the access.I have given those policies in keycloak admin console.But those are not reflecting.Why? User without 'chief' role is also accessing /test app.js: 'use strict'; const Keycloak = require('keycloak-connect'); const express = require('express'); const session =

问题 I have to integrate node.js application with keycloak.The application is in express.But the policies are not enforcing.It grants permission for all the users to access all the api. For /test api: Only users with 'chief' role has the access.I have given those policies in keycloak admin console.But those are not reflecting.Why? User without 'chief' role is also accessing /test app.js: 'use strict'; const Keycloak = require('keycloak-connect'); const express = require('express'); const session =

问题 I'm using Node.JS (express) and an NPM called keycloak-connect to connect to a keycloak server. When I'm implementing the default mechanism as described to protect a route: app.get( '/about', keycloak.protect(), function(req,resp) { resp.send( 'Page: ' + req.params.page + '<br><a href="/logout">logout</a>'); } ); I do get referred to keycloak, but with following error: " Invalid parameter: redirect_uri " My query string is: (xx for demonstration) https://xx.xx.xx.xx:8443/auth/realms/master

问题 I have been trying to setup my full test system in keycloak using the kcadmin cli, but I have some problems creating protocol mappers: HTTP error - 400 Bad Request I have been trying to implement a request using: http://www.keycloak.org/docs-api/3.3/rest-api/index.html http://blog.keycloak.org/2017/01/administer-keycloak-server-from-shell.html Am I missing something in the request: /opt/jboss/keycloak/bin/kcadm.sh create \ clients/7e8ef93b-0d0f-487d-84a5-5cfaee7ddf13/protocol-mappers/models \

问题 The deployment is on AWS and I do not want to tunnel to the box and open a browser to disable it. There seems to exist a configuration: "ssl-required":"none" that can be placed in the keycloak-server.json file, but I'm not sure under which object. I've tried under "realm" and by itself with no luck. I do not want to disable it at the adapter level, it needs to be globally, so where does the "ssl-required":"none" go, or how can ssh/https be disabled globally? (Also, I understand this is not

问题 I'm trying to test Keycloak REST API. Instaled the version 2.1.0.Final. I can access the admin through browser with SSL without problems. I'm using the code above: Keycloak keycloakClient = KeycloakBuilder.builder() .serverUrl("https://keycloak.intra.rps.com.br/auth") .realm("testrealm") .username("development") .password("development") .clientId("admin-cli") .resteasyClient(new ResteasyClientBuilder().connectionPoolSize(10).build()) .build(); List<RealmRepresentation> rr = keycloakClient

问题 How to configure Keycloak standalone cluster on Cloud Foundry? I tried to use docker image jboss/keycloak:4.5.0.Final with internal routing: env: JGROUPS_DISCOVERY_PROTOCOL: dns.DNS_PING JGROUPS_DISCOVERY_PROPERTIES: dns_query=keycloak-cluster-poc.apps.internal all udp and tcp ports between app instances opened: cf add-network-policy keycloak-cluster-poc --destination-app keycloak-cluster-poc --protocol tcp/udp --port 1-65535 It's not working. Should I expose additional ports? <socket-binding

问题 I am using Keycloak server to implement SSO. I am able to get access token for a specific client using client_credentials flow. However, my observation is that the access token is granted for internal service account of the client . I would like to get access token for other users present in realm by providing some additional parameter to the token endpoint. Below is the current request I make to token endpoint using Postman Chrome extension : POST http://localhost:8080/auth/realms/<realm>