Questions tagged [keycloak]
Keycloak is an integrated single sign-on (SSO) and identity manager (IDM) for browser apps and RESTful web services. It is built on top of JBoss and WildFly, it complies with the OAuth 2.0, Open ID Connect (OIDC), JSON Web Token (JWT) and SAML 2.0 specifications.
7,933
questions
228
votes
15
answers
331k
views
M1 docker preview and keycloak 'image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8)' Issue
I just downloaded Docker Preview v3.1 https://docs.docker.com/docker-for-mac/apple-m1/ and tried running keycloak.
Anyone else running into this issue?
docker run -p 8080:8080 -e KEYCLOAK_USER=admin -...
- 3,161
214
votes
33
answers
378k
views
keycloak Invalid parameter: redirect_uri
I am trying to hit an endpoint from my API to authenticate a user from Keycloak, but it's giving me error Invalid parameter: redirect_uri on the Keycloak page. I have created my own realm apart from ...
- 2,395
206
votes
13
answers
289k
views
What are Keycloak's OAuth2 / OpenID Connect endpoints?
We are trying to evaluate Keycloak as an SSO solution, and it looks good in many respects, but the documentation is painfully lacking in the basics.
For a given Keycloak installation on http://...
- 9,187
205
votes
4
answers
136k
views
Resources, scopes, permissions and policies in Keycloak
I want to create a fairly simple role-based access control system using Keycloak's authorization system. The system Keycloak is replacing allows us to create a "user", who is a member of one ...
- 3,781
138
votes
6
answers
163k
views
Do Keycloak Clients have a Client Secret?
Does keycloak client id has a client secret? I tried to create a client in keycloak admin but I was not able to spot client secret.
Is it auto generated? Where can I get the secret?
- 3,349
95
votes
4
answers
85k
views
How to specify refresh tokens lifespan in Keycloak
Keycloak refresh token lifetime is 1800 seconds:
"refresh_expires_in": 1800
How to specify different expiration time? In Keycloak admin UI, only access token lifespan can be specified:
- 10k
82
votes
7
answers
118k
views
Avoid keycloak default login page and use project login page
I am working on creating an angular.js web application and looking for how to integrate keycloak into the project. I have read and watched many tutorials and I see that most of them have users logging/...
- 1,289
79
votes
15
answers
44k
views
Keycloak 8: User with username 'admin' already added
I cannot start Keycloak container using Ansible and Docker Compose. I'am getting error:
User with username 'admin' already added to '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user....
- 1,625
76
votes
4
answers
132k
views
Refresh access_token via refresh_token in Keycloak
I need to make the user keep login in the system if the user's access_token get expired and user want to keep login. How can I get newly updated access_token with the use of refresh_token on Keycloak?
...
- 2,271
74
votes
10
answers
106k
views
Is there an API call for changing user password on keycloak?
I am trying to implement my own form for changing a user's password. I tried to find an API for changing a user's password in Keycloak but I couldn't find anything in the documentation.
Is there an ...
- 4,303
69
votes
10
answers
73k
views
Keycloak Missing form parameter: grant_type
I have keycloak standalone running on my local machine.
I created new realm called 'spring-test', then new client called 'login-app'
According to the rest documentation:
POST: http://localhost:8080/...
- 3,467
64
votes
11
answers
131k
views
Logout user via Keycloak REST API doesn't work
I have issue while calling Keycloak's logout endpoint from an (mobile) application.
This scenario is supported as stated in its documentation:
/realms/{realm-name}/protocol/openid-connect/logout
The ...
- 1,707
64
votes
4
answers
39k
views
keycloak bearer-only clients: why do they exist?
I am trying to wrap my head around the concept of bearer-only clients in Keycloak.
I understand the concept of public vs confidential and the concept of service accounts and the grant_type=...
- 8,410
55
votes
5
answers
97k
views
Login to Keycloak using API
I have 2 different applications: say Application1 and Application2.
I have integrated Application2 with keycloak and I am able to login to this application using Keycloak's login page.
Now what I ...
- 1,241
55
votes
3
answers
38k
views
Keycloak integration in Swagger
I have a Keycloak protected backend that I would like to access via swagger-ui. Keycloak provides the oauth2 implicit and access code flow, but I was not able to make it work. Currently, Keycloak's ...
- 551
54
votes
3
answers
111k
views
Keycloak retrieve custom attributes to KeycloakPrincipal
In my rest service i can obtain the principal information after authentication using
KeycloakPrincipal kcPrincipal = (KeycloakPrincipal) servletRequest.getUserPrincipal();
statement.
Keycloak ...
- 1,535
54
votes
9
answers
97k
views
Using Keycloak behind a reverse proxy: Could not open Admin loginpage because mixed Content
so I have a problem getting keycloak 3.2.1 to work behind kong (0.10.3), a reverse proxy based on nginx.
Scenario is:
I call keycloak via my gateway-route via https://{gateway}/auth and it shows me ...
- 2,856
51
votes
1
answer
28k
views
Issuing "API keys" using Keycloak
My setup has three components:
A backend application (Python/Flask)
A frontend application (VueJS)
Keycloak
The frontend will use Keycloak to let users sign in and use the access tokens to ...
- 3,494
50
votes
4
answers
63k
views
Keycloak-gatekeeper: 'aud' claim and 'client_id' do not match
What is the correct way to set the aud claim to avoid the error below?
unable to verify the id token {"error": "oidc: JWT claims invalid: invalid claims, 'aud' claim and 'client_id' do not match, ...
- 3,719
50
votes
10
answers
69k
views
How can I restrict client access to only one group of users in keycloak?
I have a client in keycloak for my awx(ansible tower) webpage.
I need only the users from one specific keycloak group to be able to log in through this client.
How can I forbid all other users(except ...
- 829
49
votes
1
answer
101k
views
Generate JWT Token in Keycloak and get public key to verify the JWT token on a third party platform
There is an Endpoint to a backend server which gives a JSON response on pinging and is protected by an Apigee Edge Proxy. Currently, this endpoint has no security and we want to implement Bearer only ...
- 4,669
49
votes
4
answers
76k
views
Keycloak: Can I set the expiry of a token per client/user/role?
I'm currently setting up Keycloak to offer protection for some services. There will be both external customers and internal services consuming the same endpoints on my services.
Can I set the token ...
- 1,417
47
votes
2
answers
36k
views
How are Keycloak roles managed?
Keycloak is a great tool, but it lacks proper documentation.
So we have Realm.roles, Client.roles and User.roles
How do there 3 work together when accessing an application using a specific client?
...
- 50.9k
46
votes
16
answers
140k
views
Keycloak angular No 'Access-Control-Allow-Origin' header is present
I Have integrated keycloak with an angular app. Basically, both frontend and backend are on different server.Backend app is running on apache tomcat 8. Frontend app is running on JBoss welcome content ...
- 5,201
46
votes
11
answers
103k
views
"HTTPS required" while logging in to Keycloak as admin
I am using Keycloak (version 1.0.4.Final) in JBOSS AS 7.1.1 server. The server is on Amazon AWS.
I am able to start the jboss server with keycloak. i can see the keycloak default screen while hitting ...
- 3,386
46
votes
12
answers
92k
views
Keycloak Docker HTTPS required
I have initialized https://hub.docker.com/r/jboss/keycloak/ on my Digital Ocean Docker Droplet.
$docker run -e KEYCLOAK_USER=admin -e -p 8080:8080 KEYCLOAK_PASSWORD={password with upcase etc.} jboss/...
- 627
45
votes
2
answers
15k
views
Spring Boot 2.6 regression: How can I fix Keycloak circular dependency in adapter?
Spring Boot 2.6.x seems to have introduced some change causing the previously-working integration with Keycloak to have a circular reference, preventing application start; it works and starts fine ...
- 451
44
votes
4
answers
50k
views
Enabling remote access to Keycloak
I'm using the Keycloak authorization server in order to manage my application permissions. However, I've found out the standalone server can be accessed locally only.
http://localhost:8080/auth works,...
- 31.2k
44
votes
6
answers
61k
views
Configure reverse-proxy for Keycloak docker with custom base URL
How can I set the docker keycloak base url as parameter ?
I have the following nginx reverse proxy configuration:
server {
listen 80;
server_name example.com;
location /keycloak {
...
- 2,446
43
votes
8
answers
46k
views
Keycloak, not returning access token if update password action selected
I am calling /auth/realms/master/protocol/openid-connect/token to get access token by sending below content in body,
grant_type=password&client_id=example-docker-jaxrs-app&username=user&...
42
votes
5
answers
18k
views
Unable to use Keycloak in Spring Boot 2.1 due to duplicated Bean Registration httpSessionManager
I want to secure my Spring Boot 2.1 app with Keycloak 4.5.
Currently I cannot start the application due to the following error:
Exception encountered during context initialization - cancelling ...
35
votes
2
answers
28k
views
Keycloak adaptor for golang application
I am going to secure my golang application using keycloak, but keycloak itself does not support go language.
There are some go adaptor as an open project in github that has implemented openId ...
- 550
34
votes
4
answers
38k
views
Importing keycloak configuration files while using docker-compose
I'm trying to import configuration from one keycloak instance into many different keycloak instances (Each instance is for the same application just differnt sections in my CICD flow)
I'm running ...
user7816390
33
votes
5
answers
100k
views
Keycloak - Create Admin User in a Realm
How do I create an admin user in a realm in Keycloak? I tried /bin/add-user.sh -r myrealm -u admin -p <pwd>
It gave me the error:
* Error *
WFLYDM0065: The user supplied realm name 'myrealm' ...
- 6,196
33
votes
6
answers
48k
views
Keycloak: Could not find resource for full path
I am trying to get the REST API of keycloak to work.
Thanks to this post I was able to get the token. But when trying the example for the list of users in the first answer, I get the error:
"...
- 533
33
votes
2
answers
27k
views
Should I use keycloak or not?
I'm just starting a new project. The result will be an API server and a progressive web app. The API server is implemented with TypeScript and the NestJS framework, the client with Angular 6.
I've ...
- 3,529
32
votes
1
answer
43k
views
Copy entire directory from container to host
I'm trying to copy an entire directory from my docker image to my local machine.
The image is a keycloak image, and I'd like to copy the themes folder so I can work on a custom theme.
I am running ...
- 4,362
31
votes
6
answers
39k
views
Use Keycloak Spring Adapter with Spring Boot 3
I updated to Spring Boot 3 in a project that uses the Keycloak Spring Adapter. Unfortunately, it doesn't start because the KeycloakWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter ...
- 667
31
votes
3
answers
22k
views
Keycloak - direct user link registration
I have set up a web application with Keycloak in my local machine. Since Im using Keycloak as SSO implementation, I want in my web app that whenever SIGNUP button is click, user is directed into the ...
- 1,313
31
votes
4
answers
33k
views
Keycloak public client and authorization
We are using keycloak-adapter with Jetty for authentication and authorization using Keycloak.
As per Keycloak doc for OIDC Auth flow:
Another important aspect of this flow is the concept of a ...
- 1,130
31
votes
6
answers
52k
views
keycloak - CODE_TO_TOKEN_ERROR after user is authenticated
I am working with the nodeJS keycloak adapter and so far have my client application redirecting to the keycloak login.
When attempting to login, I get an error in the keycloak logs as follows:
12:...
- 6,685
30
votes
2
answers
45k
views
How to activate the REST API of keycloak?
I have installed keycloack server 4.3.4.
How to activate the REST API of keycloak (Add a user, enabled user, disabled a user ...) ?
Regards
- 391
30
votes
1
answer
16k
views
How to Create a Client in Keycloak to use with AWS Cognito Identity Federation
I have a user base with identity and authentication managed by keycloak. I would like to allow these users to login and use AWS API Gateway services with Cognito using an OpenID Connect federation.
...
- 6,313
29
votes
5
answers
52k
views
Keycloak client for ASP.NET Core
Is there any existing Keycloak client for Asp.net Core? I have found a NuGet package for .net but it doesn't work with Core. Do you have any ideas how to easily integrate with this security server (or ...
- 1,589
29
votes
2
answers
27k
views
Keycloak Realm VS Keycloak Client
I am recently working on Keycloak 6.0.1 for SSO for authentication for multiple applications in organisation. I am confused in difference between clients and realm.
If I have 5 different ...
- 1,371
28
votes
8
answers
31k
views
Why do I get 502 when trying to authenticate
I'm trying to implement authentication for my UI application
I'm using https://github.com/joaojosefilho/vuejsOidcClient which I succesffully configured to work with gluu auth server
Now I wanted to ...
- 426
28
votes
6
answers
95k
views
Keycloak: Access token validation end point
Running keycloak on standalone mode.and created a micro-service by using node.js adapter for authenticating api calls.
jwt token from the keyclaok is sending along with each api calls. it will only ...
- 780
28
votes
6
answers
66k
views
Keycloak CORS issue when being redirected to login
I am trying to get the nodeJS keycloak adapter working with my Express application, but am facing a CORS issue when it tries to redirect to the login page for routes I have protected with the keycloak ...
- 6,685
28
votes
6
answers
33k
views
How to get users by custom attributes in keycloak?
I know that there is admin APIs to get the list of users which returns the user representation array.
GET /admin/realms/{realm}/groups/{id}/members
returns
https://www.keycloak.org/docs-api/2.5/...
- 530
28
votes
2
answers
36k
views
How to get Keycloak users via REST without admin account
Is there a way to get a list of users on a Keycloak realm via REST WITHOUT using an admin account? Maybe some sort of assignable role from the admin console? Looking for any ideas.
Right now I'm ...
- 325