keycloak

问题 I need to create a Protocol Mapper of type Script Mapper in Keycloak. The script should get a user attribute, check its size, and put it on the token. I found no documentation or examples of how a script should be created. From the bits and pieces I could gather, I guess I the script would need to look something like: var value = user.getAttribute("myAttribute"); if (value.length > LIMIT) { value = value.substring(0,LIMIT); } token.setOtherClaims("myAttribute",value); Is this right? I made up

问题 I have an application which is getting Auth from Keycloak. My Access Type is public so I do not have any client secret. I have given access to " Direct Access Grants Enabled " as ON Refer below: I am getting error from postman as below: { "error": "invalid_grant", "error_description": "Invalid user credentials" } Note : My credentials is right as I am using same to login on keycloak I have also check the key and they seems correct as per below reference: https://gist.github.com/rac021

问题 I'm just a beginner in Spring Security, but I would like to know is it possible to configure keycloak in a way that I can use @PreAuthorize , @PostAuthorize , @Secured and other annotations. For example, I've configured the keycloak-spring-security-adapter and Spring Security in my simple Spring Rest webapp so that I have access to Principal object in my controller, like this: @RestController public class TMSRestController { @RequestMapping("/greeting") public Greeting greeting(Principal

问题 I am trying to get the nodeJS keycloak adapter working with my Express application, but am facing a CORS issue when it tries to redirect to the login page for routes I have protected with the keycloak middleware: XMLHttpRequest cannot load http://192.168.132.44:8080/auth/realms/Actora/protocol/openid-connect/auth?client_id=actora-test&state=0e9c9778-c41b-4aa8-8052-d0f0125045ac&redirect_uri=http%3A%2F%2Flocalhost%3A5001%2Fauth%2Fchecktoken%3Fauth_callback%3D1&scope=openid&response_type=code.

问题 I am building Ionic 2 app and I want to use Keycloak for login/signup. I have the following situation: I am on Keycloak login page and when I login, I am redirect back to my app. I would expect that Keycloak will set cookies, but it didn't. I guess it is because of this: Can you use cookies in a Cordova application?. Is there any way how to tell Keycloak to use local storage instead of cookies. Or any other solution? I am using this implementation of keycloak & angular 2 colaboration. 回答1: In

问题 i have an open id provider and i use this provider as identity broker of keycloak. I want to map roles (claims) which sent from broker to keycloak (and keycloak will sent mapped roles in its jwt). I want to know how to implement and add a custom mapper to keycloak (like hardcodedmapper, attributemapper in keycloak). Can i do this? Thanks 回答1: Create your new provider class, I extended the existing org.keycloak.broker.saml.mappers.AttributeToRoleMapper class. When building your jar ensure you

问题 When I'm requesting a token from keycloak I want a specific header value (or extra form data) that was supplied in the request to be put in the JWT payload of the generated token. I've tried using a Script Mapper to get access to header values but I can't see how to get access to header values or data in the form data sent in any of the available script variables: user , realm , userSession , keyclockSession . 回答1: You can get access to request headers using keycloakSession object, something

问题 Keycloak is a user federated identity solution running seperately (standalone) from other systems referencing to it (for authorization for example) having its own database. Question: How would I reference / create user specific data in my rest api database? How would I reference the user in the rest api database to have user specific data? Think of an table like Post title, date, content, author (here would be the reference to the user) 回答1: We have a similar requirement in a Java EE

问题 I am using Keycloak 3.4 in a Java Application using Spring Framework and Jetty 8.1 with Keycloak Jetty-81-Adapter 3.4. According to the Keycloak documentation I should be able to use the HttpServletRequest in a Java EE application to logout from Keycloak. However, this does not work in my case, even though Jetty supports HttpServletRequests. You can log out of a web application in multiple ways. For Java EE servlet containers, you can call HttpServletRequest.logout().. If I try to logout this

问题 I'm trying to setup SSO with nextcloud (13.0.4) and keycloak (4.0.0.Final) (as SSO/SAML IDP und user management solution) like described at SSO with SAML, Keycloak and Nextcloud. However, trying to login to nextcloud with the SSO test user configured in keycloak, nextcloud complaints with the following error: OneLogin_Saml2_ValidationError: Found an Attribute element with duplicated Name /var/www/html/nextcloud/custom_apps/user_saml/3rdparty/vendor/onelogin/php-saml/lib/Saml2/Auth.php - line