keycloak

I have been trying to setup my full test system in keycloak using the kcadmin cli, but I have some problems creating protocol mappers: HTTP error - 400 Bad Request I have been trying to implement a request using: http://www.keycloak.org/docs-api/3.3/rest-api/index.html http://blog.keycloak.org/2017/01/administer-keycloak-server-from-shell.html Am I missing something in the request: /opt/jboss/keycloak/bin/kcadm.sh create \ clients/7e8ef93b-0d0f-487d-84a5-5cfaee7ddf13/protocol-mappers/models \ -r $test_realm \ -s config.user.attribute=tenants \ -s config.claim.name=tenants \ -s config.jsonType

I'm trying to test Keycloak REST API. Instaled the version 2.1.0.Final. I can access the admin through browser with SSL without problems. I'm using the code above: Keycloak keycloakClient = KeycloakBuilder.builder() .serverUrl("https://keycloak.intra.rps.com.br/auth") .realm("testrealm") .username("development") .password("development") .clientId("admin-cli") .resteasyClient(new ResteasyClientBuilder().connectionPoolSize(10).build()) .build(); List<RealmRepresentation> rr = keycloakClient.realms().findAll(); And got the error: javax.ws.rs.ProcessingException: RESTEASY003145: Unable to find a

I'm using keycloak to protect my servlet. I have to add new roles and assign them to users dynamically. It works in keycloak using admin API, but I can't figure out how to obtain the roles for specific user in a servlet. I tried this solution, but I get empty set: protected void doPost(HttpServletRequest request, HttpServletResponse response) { ... KeycloakSecurityContext context = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName()); Set<String> roles = AdapterUtils.getRolesFromSecurityContext((RefreshableKeycloakSecurityContext) context); ... } @Shiva's

How to configure Keycloak standalone cluster on Cloud Foundry? I tried to use docker image jboss/keycloak:4.5.0.Final with internal routing: env: JGROUPS_DISCOVERY_PROTOCOL: dns.DNS_PING JGROUPS_DISCOVERY_PROPERTIES: dns_query=keycloak-cluster-poc.apps.internal all udp and tcp ports between app instances opened: cf add-network-policy keycloak-cluster-poc --destination-app keycloak-cluster-poc --protocol tcp/udp --port 1-65535 It's not working. Should I expose additional ports? <socket-binding name="jgroups-mping" interface="private" port="0" multicast-address="${jboss.default.multicast.address

I am using Keycloak server to implement SSO. I am able to get access token for a specific client using client_credentials flow. However, my observation is that the access token is granted for internal service account of the client . I would like to get access token for other users present in realm by providing some additional parameter to the token endpoint. Below is the current request I make to token endpoint using Postman Chrome extension : POST http://localhost:8080/auth/realms/<realm>/protocol/<protocol>/token x-www-form-urlencoded grant_type client_credentials client_id <client_id>

I am trying to implement my own form for changing a user's password. I tried to find an API for changing a user's password in Keycloak but I couldn't find anything in the documentation. Is there an API for doing it? Christian Kaiser you can use PUT /auth/admin/realms/{realm}/users/{id}/reset-password {id} is the user id in keycloak (not the login) Here is s sample body. { "type": "password", "temporary": false, "value": "my-new-password" } Rather than specifying a new password manually a better security practice is to use the PUT /auth/admin/realms/{realm}/users/{id}/execute-actions-email

I have not been able to divine the way I might add extra claims from my application database. Given my limited understanding, I see two ways: After successful authentication have keycloak pull extra claims from the application database somehow. This app database is postgres, for example. Have the application update the jwt with extra claims using a shared key. I would like some feedback both paths. I feel that the fist option may be safer. However I am not sure where to begin that implementation journey. Answering my own question here. I cross-posted this question to the Keycloak users mailing

I have secured an enterprise application with Keycloak using standard wildfly based Keycloak adapters. Issue that I am facing is that the rest web services when invoked, needs to know the username that is currently logged in. How do I get the logged in user information from Keycloak? I tried using SecurityContext , WebListener etc. But none of them are able to give me the required details. You get all user information from the security context. Example: public class Greeter { @Context SecurityContext sc; @GET @Produces(MediaType.APPLICATION_JSON) public String sayHello() { // this will set the