keycloak

问题 I want to assign different realms to different clients (organisations) in keycloak. The login to keycloak is achieved through a webpage which acquires a valid token from keycloak which is then passed with the rest requests that I make from my website. Now, the javascript adapter needs a keycloak configuration file that has details about the realm that I want to log in to. But, the problem is that I do not know which realm the user belongs to because he / she can be from any organisation ie.

问题 I'd like to have a user that is limited to managing a group of users and only those users in Keycloak. The idea is he can add users to that group, remove them from the group and also create new users that belong to that group. I have been unable to figure out how to do the last part. I am able to assign the "manage" role to the user but then he is able to list and manage all users in Keycloak. I have thought of going the route of several realms (instead of groups) but then I have to have an

问题 In our system we have so far been using Keycloak 3.4.3 and the Script Authenticator authentication provider functionality as part of the browser based authentication. Now, after upgrading to Keycloak 4.6.0.Final , we noticed that the option for Script Authenticator has disappeared from the list. This functionality was still there in Keycloak 4.5.0.Final. Due to functionality that's been fixed in Keycloak 4.6.0.Final, we don't have the option to use 4.5.0. We used the Script Authenticator

问题 After a user has failed to log in too many times in too short a time; Is there a way to have the Keycloak login screen tell the user that they are temporarily locked, so they can know they have to wait and try again later? At the moment it continues to tell them their password is wrong, so they will probably keep trying, and may end up being told their correct password is incorrect. Ideally I'd like to be able to do this with only changes to the login theme, and without making extra API calls

问题 I'm using Keycloak 2.3.0 version, standalone mode, server. I configured IIS URL Rewrite for local Keycloak server running on localhost:8080. The problem is that there is no way to specify base url in Keycloak, instead Keycloak tries to detect its own host/port and always appends port number (8080) to redirects. I fixed everything except 'auth-server-url' in config json. Is there any way to get it working? 回答1: I've been running Keycloak behind a reverse-proxy for some time. The key is: to

问题 Running keycloak on standalone mode.and created a micro-service by using node.js adapter for authenticating api calls. jwt token from the keyclaok is sending along with each api calls. it will only respond if the token sent is a valid one. how can i validate the access token from the micro service? is there any token validation availed by keycloak? 回答1: To expand on troger19's answer: Question 1: How can I validate the access token from the micro service? Implement a function to inspect each

问题 We plan to use keycloak to secure a bunch of web apps, some written in Java, some in JavaScript (with React). After the user is logged in by keycloak, each of those web apps needs to retrieve the user that is logged in and the realm/client roles that the user has. For Java apps, we tried the keycloak Java API (request -> KeycloakSecurityContext -> getIdToken -> getPreferredUsername/getOtherClaims) . They seem to work fine For JavaScript apps, we tried the following code, but could not get

问题 When I tried to deploy the keycloak-quickstart app-profile-jee-vanilla project, I ran into an error message. A bit of web searching did not provide a resolution, so I thought to ask here. Here are the steps that I followed. Three bash shells are involved. KEYCLOAK SHELL curl -O -L https://downloads.jboss.org/keycloak/4.1.0.Final/keycloak-4.1.0.Final.tar.gz tar xvfz keycloak-4.1.0.Final.tar.gz ./keycloak-4.1.0.Final/bin/standalone.sh -Djboss.socket.binding.port-offset=100 WILDFLY SHELL curl -O

问题 We have a simple requirement where: PS : https:/ === https:// When user hits https:/company_landing.company.com , they should be redirected to keycloak login page (at https:/ourcompany-keycloak.company.com ). User enters his/her keycloak login credentials. Upon successful login to keycloak , they will be presented to the company_landing page. The trouble is : When User types - https:/company_landing.company.com Keycloak tries to bring up the landing page but gives 500 Internal server error

问题 Keycloak is a great tool, but it lacks proper documentation. So we have Realm.roles, Client.roles and User.roles How do there 3 work together when accessing an application using a specific client? Sincerely, 回答1: In KeyCloak we have those 3 roles: Realm Role Client Role Composite Role There are no User Roles in KeyCloak. You most likely confused that with User Role Mapping, which is basically mapping a role (realm, client, or composite) to the specific user In order to find out how these