Help with keycloak integration with Spring boot rest api
by Anunay Sinha
Hi Everyone,
I am new to both spring and keycloak and I do admit that am writing this
before exhausting all my options, but I have spent quite a good amount of
time on this.
So here is my deal.
I have created a spring boot rest api and have tested it.
Next I was trying to integrate it with keyCloak
I modified my gradle for keycloak
I configured a client in KeyCloak admin console. It was bearer only.
{
"realm": "TestMyAccount",
"realm-public-key":
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqKhSVCGWBxzT5nFByxE1EbJ7YVo05JxO4wVVJJsp25gy7GQhR89qidSUkT3onlc4jLEDH5hLt/mszuDSmSUAHrHhSrTWbgF6Ii4L1fwU57+a6W2vVDI3UvSeTxiTnIrvpeD7g9hw/cscOMD7ngiqFAuh0fLj6IS4mmMfGsVf35IfiHpEfRpTS+Th/Y48AAYxJxbZlmNmJe91xCxdbPi36tb2Ecv7kPnXdI3a+ZhSm/NhP3ZYURu9SWcXlCJfRcOo9eATgGu2PruOsrHKl/YKf3+nGTDSmiHLOCRoL2gvedgr/3VzsEFpcJRjrNCWaKhsgMSdr+0N/CDOA6TR76uewIDAQAB",
"bearer-only": true,
"auth-server-url": "http://127.0.0.1:8080/auth",
"ssl-required": "none",
"resource": "AIL_MYACCOUNT"
}
Next I added the following items to my application.properties
keycloak.realm = TestMyAccount
keycloak.realmKey =
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqKhSVCGWBxzT5nFByxE1EbJ7YVo05JxO4wVVJJsp25gy7GQhR89qidSUkT3onlc4jLEDH5hLt/mszuDSmSUAHrHhSrTWbgF6Ii4L1fwU57+a6W2vVDI3UvSeTxiTnIrvpeD7g9hw/cscOMD7ngiqFAuh0fLj6IS4mmMfGsVf35IfiHpEfRpTS+Th/Y48AAYxJxbZlmNmJe91xCxdbPi36tb2Ecv7kPnXdI3a+ZhSm/NhP3ZYURu9SWcXlCJfRcOo9eATgGu2PruOsrHKl/YKf3+nGTDSmiHLOCRoL2gvedgr/3VzsEFpcJRjrNCWaKhsgMSdr+0N/CDOA6TR76uewIDAQAB
keycloak.auth-server-url = http://127.0.0.1:8080/auth
keycloak.ssl-required = external
keycloak.resource = AIL_MYACCOUNT
use-resource-role-mappings = false
ssl-not-required = true
bearer-only = true
This is as per the documentation
<http://keycloak.github.io/docs/userguide/html/ch08.html#spring-boot-adapter>
I don't have a web.xml in my project and going as per the video tutorial I
ignored those settings.
My access to api was restricted and it is asking me for the authorization.
But am not able to provide it. As per the example in the document, it seems
like bearer only application work on tokens only.
-------------------------------------------------
Here is my first question.
Is there a way to generate the tokens for bearers only applications
-------------------------------------------------
To get the token I created another client, this time "confidential"
redirecting to same base URI and used it to generate the access token
When am using this access token to access my API am still getting the 401
error.
Am not sure what am doing wrong and where am doing wrong.
Request you to please help me with this
8 years, 8 months
Users added since last restart MISSING/GONE after power went out
by Dean Peterson
There may be a serious bug in Keycloak. I have a number of users that have
been completely wiped from the Keycloak mongodb database after a power
outage. Luckily I retain their information in a separate mongodb database
with other information or they would be gone forever. When does Keycloak
commit user data? The users that are missing are users that registered
after the last system restart but before the system went down after a power
outage.
8 years, 9 months
refresh_token request should trigger update of access token payload
by Mr. Graf
Hey all,
we are evaluating keycloak and run into an issue.
We implemented a UserFederationProvider. This Provider authenticates let’s say old users and new users.
„old“ users should receive an LTPA token within the payload of the access token. We used user attributes to achieve it. Fine so far.
Our current issue is, that this LTPA token needs to be updated when a refresh_token request comes in and should be put into the „new“ access token too.
Initially we tried to achieve it using the refresh_token event until we noticed that this is fired after the „new“ access token has been created, so too late.
Does someone has a smart approach or an example how to add custom payload, to be retrieved from a legacy system, to the access token when refreshing it?
Thanks in advance
Thomas
8 years, 9 months
This is horrible MORE USERS GONE than I thought
by Dean Peterson
At least 42 days worth of registered users are simply gone. There was a
power outage today and the keycloak server went down. When I brought it
back up, all of the users that registered in the last 42 days were GONE!!
8 years, 9 months
Able To Access Token Without Using Password
by Kenyatta Clark
We were testing mobile access scenarios and discovered that we are able to obtain an access token using an AD user with a blank password. Keycloak works as expected if the password parameter is not sent, password sent is correct or password sent is incorrect; however, when we send a password without a value Keycloak returns an access token. We are using Keycloak 1.4.0.Final. We have confirmed with the issue using two different installations of 1.4.0.Final. We have tested the same scenario with Keycloak 1.3.1.Final and it works as expected.
Kenyatta Clark
Principal Engineer, Systems Development
MBO Partners
t: 703.793.6314
w: www.mbopartners.com<http://www.mbopartners.com/>
[cid:3BC34E4D-47BF-4F18-A628-A8098BE79BE3]
Notice: This email and any files transmitted with it are confidential. They are intended solely for the use of the individual addressed. If you have received this email in error please notify postmaster(a)mbopartners.com<mailto:postmaster@mbopartners.com>and permanently delete the e-mail and files.
8 years, 9 months
Keycloak Authentication Switch off
by Satyajit Das
Hi Team,
I am using keycloak with tomcat integration along with multi tenancy. I use
Keycloak to secure rest services.
Is there any way to switch off the authentication when not required I dont
want to make any changes to web.xml or the context.xml, which contains the
adapter
<Context path="/talent-entity-layer">
<Valve
className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
</Context>
I also have pathresolver to resolve the multitenancy.
Is there anyway to switch off authentication.
Regards,
Satya.
8 years, 9 months
Overriding Theme related Java functionalities.
by Bhanu Kiran
Team,
Keycloak supports users to develop customized design themes for Login and
other pages.
1. Please let us know for functionalities like forgot password, multi -step
registration can we override the java functionality methods and store user
provided data in other DB.
2. Let us know if we can add new link like security questions in login page
and map it to java class.
Thanks,
Bhanu Kiran
8 years, 9 months
Query regarding import multiple realms through single json file
by Nangunoori, Srinivas
Hi Experts,
I am trying to import multiple relams info through single json file using following command, here pass.json has multiple realm info. But, only last realm is getting imported in keycloak
bin/standalone.sh -c standalone-ha.xml -b=<server name> -bmanagement=<server name> -Djboss.node.name=<server name> -Dkeycloak.migration.action=import -Dkeycloak.migration.provider=singleFile -Dkeycloak.migration.file=paas.json
Here pass.json has multiple realm info. But, only last realm is getting imported in keycloak.
JSON has info.,
[
{
"realm" : "Test1",
-----
},
{
"realm" : "Test2",
-----
}
]
In this case, always "Test2" is getting imported not the "Test1".
Regards,
Srini
8 years, 9 months