keycloak

Keycloak 403 (Forbidden) on Keycloak.loadUserProfile()

让人想犯罪 __ 提交于 2019-12-08 02:16:59
问题 I am new to Keycloak. I have tried to get the user information using below code: keycloakAuth.loadUserProfile().success(function(profile) { debugger console.log(profile); }).error(function(res) { debugger console.log('Failed to load profile'); }); installation json is : { "realm": "CheckRealm", "realm-public-key": "MIIBIjASDFJJK677132HJJAOCAQ8AMIIBCgKCAQEAgo4deAfr8BeqWOiCsddwMtH5nh8EK2cKIeInpt7LnoCyMsGj1HTP835HpslOURrR6Bgc42V7r6J/MIHqx3+KESTqpcQSe9ll6eUjzaMbIX2GPmy9OnviH6srUgOlDAKhL+/SDh

Keycloak and spring boot rest api - user specific data stragegy

心不动则不痛 提交于 2019-12-08 01:33:25
Keycloak is a user federated identity solution running seperately (standalone) from other systems referencing to it (for authorization for example) having its own database. Question: How would I reference / create user specific data in my rest api database? How would I reference the user in the rest api database to have user specific data? Think of an table like Post title, date, content, author (here would be the reference to the user) We have a similar requirement in a Java EE application, where a user can create data via a JSF website. Data is stored to postrgesql with audit information

ABAC with keycloak - Using Resource attributes in policy

∥☆過路亽.° 提交于 2019-12-08 01:16:09
问题 What I am trying to achieve Protect a resource in Keycloak with policy like: if (resource.status == 'draft') $evaluation.grant(); else $evaluation.deny(); Going by their official documents and mailing list responses, it seems attribute based access control is possible, however, I could not find a way of getting it to work. What I have tried Using Authorization Services: I was unable to figure out where and how I can inject the attributes from the resource instance. Using Authorization Context

Create user on Keycloack from curl command

£可爱£侵袭症+ 提交于 2019-12-07 19:01:25
问题 Currently I try to create a user from curl command via Keycloak's Admin REST API. I can authenticate myself as an admin, I have a good answer, but when I want to create a user, I have an error like: "404 - Not Found". Here are my curl commands: #!/bin/bash echo "* Request for authorization" RESULT=`curl --data "username=pierre&password=pierre&grant_type=password&client_id=admin-cli" http://localhost:8080/auth/realms/master/protocol/openid-connect/token` echo "\n" echo "* Recovery of the token

Keycloak User Roles missing in REST API

你。 提交于 2019-12-07 16:38:06
问题 I would like to ask, if somebody knows, why there are no roles within the user details in REST ADMIN API request. I saw some posts dealing with this topic, but there were either no clear answer or they propose to use keycloak-admin-client, but that seems not very convenient. Maybe I need to map the roles in Admin console or use claims? Roles are one of the most important user attribute so whats the reason they are not retrieved as other user attributes?Any suggestion? Thanks GET /auth/admin

Spring Boot Keycloak - How to get a list of roles assigned to a user?

只谈情不闲聊 提交于 2019-12-07 16:36:31
问题 I am trying to get a list of roles assigned to a particular user from a Spring Boot application secured with keycloak. I have declared an AccessToken bean in the KeycloakWebSecurityConfigurerAdapter configuration class as follows: @Configuration @EnableWebSecurity @ComponentScan(basePackageClasses = KeycloakSecurityComponents.class) public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter { //other config code @Bean @Scope(scopeName = WebApplicationContext.SCOPE

Keycloak docker HTTPS-REQUIRED with nginx ssl

十年热恋 提交于 2019-12-07 12:44:33
问题 I am using keycloak for production for the first time. I run keycloak on my local machine and never faced this issue. First I am using docker to run keycloak server. The docker image is pulled from jboss/keycloak . I have set up my SSL using letsEncrypt on my domain test.com After running the docker image I ended up getting error HTTPS-REQUIRED when I click on administrative console. After reading up a lot about this from HERE HERE and HERE I realized I need SSL on my domain which I did. I

Access Keycloak REST Admin API using a service account (client credential grant)

馋奶兔 提交于 2019-12-07 12:22:57
问题 I like to manage keycloak from my own application:create user & clients, display users & client. As this is not a real user but a machine I would like to use a service account with a client credential grant as proposed in How to get Keycloak users via REST without admin account . To realize this I: create a realm inside the real created a client configured the access type of the client to "confidential" saved and activated the "Service Accounts Enabled" option that will apear after the save.

Get username from keycloak session in NodeJS

有些话、适合烂在心里 提交于 2019-12-07 03:10:21
问题 Is there something similar to: request.getUserPrincipal().getName() // Java In Node to get username when we are using connect-keycloak with express middle-ware? 回答1: I also came along with this issue. I did dive into the middleware code and tried to find something similar. It turns out that the request object is modified and appended by kauth.grant . console.log('req.kauth.grant') prints out: { access_token: { token: 'kasdgfksj333', clientId: 'mobile', header: { alg: 'RS256' }, content: { jti

Spring Websockets Authentication with Spring Security and Keycloak

只愿长相守 提交于 2019-12-07 02:05:38
问题 I'm using Spring Boot (v1.5.10.RELEASE) to create a backend for an application written in Angular. The back is secured using spring security + keycloak. Now I'm adding a websocket, using STOMP over SockJS, and wanted to secure it. I'm trying to follow the docs at Websocket Token Authentication, and it shows the following piece of code: if (StompCommand.CONNECT.equals(accessor.getCommand())) { Authentication user = ... ; // access authentication header(s) accessor.setUser(user); } I'm able to
订阅 keycloak