[keycloak-user] get users from postman
Joao Paulo Ramos
jramos at redhat.com
Thu Dec 6 09:08:04 EST 2018
Hello Luca,
In your webapp's Keycloak Client, try putting it as baerer only.
Also, in the the HTTP request that you make, be sure you are setting the
token in the header of the HTTP request, with the following parameter:
{"Authorization" : "bearer " + $TOKEN}
Thanks,
JOÃO PAULO RAMOS
Red Hat Brasil
<https://red.ht/sig>
On Thu, Dec 6, 2018 at 11:13 AM Luca Stancapiano <luca.stancapiano at vige.it>
wrote:
> I'm trying to call via REST through POSTMAN the list of users through the
> get path: http://localhost:8180/auth/admin/realms/school-domain/users
>
> Here my keycloak configuration where I create 2 users, 4 roles, a 'school'
> client and a 'school-domain' realm:
>
> {
> "realm": "school-domain",
> "enabled": true,
> "accessTokenLifespan": 60,
> "accessCodeLifespan": 60,
> "accessCodeLifespanUserAction": 300,
> "ssoSessionIdleTimeout": 600,
> "ssoSessionMaxLifespan": 36000,
> "sslRequired": "external",
> "registrationAllowed": true,
> "resetPasswordAllowed": true,
> "editUsernameAllowed": true,
> "loginWithEmailAllowed": false,
> "duplicateEmailsAllowed": true,
> "privateKey":
> "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
> "publicKey":
> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
> "requiredCredentials": [
> "password"
> ],
> "users": [
> {
> "username": "root",
> "enabled": true,
> "email": "lsflashboss62 at gmail.com",
> "credentials": [
> {
> "type": "password",
> "value": "gtn"
> }
> ],
> "realmRoles": [
> "admin"
> ],
> "clientRoles": {
> "account": [
> "manage-account"
> ]
> }
> },
> {
> "username": "HUHUJJJKJJKN",
> "enabled": true,
> "email": "luca.stancapiano at vige.it",
> "firstName": "Luca",
> "lastName": "Stancapiano",
> "credentials": [
> {
> "type": "password",
> "value": "gtn"
> }
> ],
> "realmRoles": [
> "pupil"
> ],
> "clientRoles": {
> "account": [
> "manage-account"
> ]
> }
> }
> ],
> "clients": [
> {
> "clientId": "school",
> "rootUrl": "http://localhost:8080/school",
> "enabled": true,
> "redirectUris": [
> "http://localhost:8080/school/*"
> ],
> "webOrigins": [
> "http://localhost:8080"
> ],
> "publicClient": false,
> "secret": "bce5816d-98c4-404f-a18d-bcc5cb005c79",
> "serviceAccountsEnabled": true,
> "authorizationServicesEnabled": true,
> "authorizationSettings": {
> "allowRemoteResourceManagement": true,
> "policyEnforcementMode": "ENFORCING",
> "resources": [
> {
> "name": "Default Resource",
> "type":
> "urn:school:resources:default",
> "ownerManagedAccess":
> false,
> "attributes": {
>
> },
> "_id":
> "c338b2be-da73-471c-9bb0-77ad52e1f88f",
> "uris": [
> "/*"
> ]
> }
> ],
> "policies": [
> {
> "id":
> "edb01393-180e-4d95-afd3-92b3ac5a6d41",
> "name": "Default Policy",
> "description": "A policy
> that grants access only for users within this realm",
> "type": "js",
> "logic": "POSITIVE",
> "decisionStrategy":
> "AFFIRMATIVE",
> "config": {
> "code": "// by
> default, grants any permission associated with this
> policy\n$evaluation.grant();\n"
> }
> },
> {
> "id":
> "1f5dce97-54e3-4dcf-92bd-a2a59120286f",
> "name": "Default
> Permission",
> "description": "A
> permission that applies to the default resource type",
> "type": "resource",
> "logic": "POSITIVE",
> "decisionStrategy":
> "UNANIMOUS",
> "config": {
>
> "defaultResourceType": "urn:school:resources:default",
> "applyPolicies":
> "[\"Default Policy\"]"
> }
> }
> ],
> "scopes": []
> }
> }
> ],
> "roles": {
> "realm": [
> {
> "name": "admin",
> "description": "Administrator privileges"
> },
> {
> "name": "schooloperator",
> "description": "School Operator privileges"
> },
> {
> "name": "teacher",
> "description": "Teacher privileges"
> },
> {
> "name": "pupil",
> "description": "Pupil privileges"
> }
> ]
> }
> }
>
> Keycloak starts on the 8180 port. I configured POSTMAN with OAuth 2.0.
> Here the Oauth configuration used to receive the token:
>
> Token Name: Token Name
> Grant Type: Authorization Code
> Callback URL: http://localhost:8080/school
> Auth URL:
> http://localhost:8180/auth/realms/school-domain/protocol/openid-connect/auth
> Access Token URL:
> http://localhost:8180/auth/realms/school-domain/protocol/openid-connect/token
> Client ID: school
> Client Secret: bce5816d-98c4-404f-a18d-bcc5cb005c79
> Client Authentication: Send as Basic Auth header
>
> The Callback URL is an active simple web app starting on the 8080 port.
> The token creation is ok but when I call the server with the created token
> I get a 401 Unauthorized error. What I miss?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list