[keycloak-user] Integration with OpenID provider

Karol Buler K.Buler at adbglobal.com
Thu Oct 4 08:51:32 EDT 2018 

I have just tested the 4.5.0.Final version and Keycloak does not send the Authorization header. Keycloak is sending client_id and client_secret.

According to standards (https://tools.ietf.org/html/rfc6749#section-2.3) authorization server MUST support Authorization header (HTTP Basic) and MAY support client_id and client_secret in the body.

Can I switch method of authentication between Keycloak and another IDP? If not, this is not compatible with OAuth/OpenID standards. Please contact me, I can help with implementation, because I need it ASAP :)

Karol

On 28.09.2018 09:23, Lokesh Ravichandru wrote:
Sure will try and post my findings.

- Lokesh

On Fri, Sep 28, 2018 at 12:51 PM Karol Buler <K.Buler at adbglobal.com<mailto:K.Buler at adbglobal.com>> wrote:

Do you have "confidential client"? If so, could you please confirm that Keycloak is sending the Authorization header? Basic from client_id:client_secret.

Karol

On 28.09.2018 09:16, Lokesh Ravichandru wrote:
We are using 4.4.0 version, we faced the same issue because of missing id_token from our Identity broker application connected to keycloak.

For trial you can install 4.4.0 version as a test build and attach your identity provider for test run.

- Lokesh

On Fri, Sep 28, 2018 at 12:42 PM Karol Buler <K.Buler at adbglobal.com<mailto:K.Buler at adbglobal.com>> wrote:

Indeed. Structure looks like this:

{
    "access_token": "",
    "token_type": "",
    "expires_in": int value,
    "refresh_token": "",
    "scope": "",
    "id_token": ""
}

Karol

On 28.09.2018 09:10, Lokesh Ravichandru wrote:
Just for details, is your Identity broker returning id_token along with the access token ?

- Lokesh

On Fri, Sep 28, 2018 at 12:36 PM Karol Buler <K.Buler at adbglobal.com<mailto:K.Buler at adbglobal.com>> wrote:
Additional information is that this is 3.4.3.Final Keycloak.

Do you know about this problem? Maybe it is fixed in newer version?


On 25.09.2018 13:01, Karol Buler wrote:
> Hi,
>
> I am trying to add Identity Broker based on OpenID Connect to my
> Keycloak. Everything is fine, redirecting to login page is working,
> but... always is "but" :) I've got error in Keycloak:
>
> org.keycloak.broker.provider.IdentityBrokerException: No access_token
> from server.
>
> What I found is that the Keycloak doesn't send the "Authorization"
> header in request "code-to-token". Is it bug/feature or am I missing
> some configuration?
>
> Best regards,
> Karol
>
> [https://www.adbglobal.com/wp-content/uploads/adb.png]
> adbglobal.com<http://adbglobal.com><https://www.adbglobal.com>
> This message (including any attachments) may contain confidential, proprietary, privileged and/or private information. The information is intended for the use of the individual or entity designated above. If you are not the intended recipient of this message, please notify the sender immediately, and delete the message and any attachments. Any disclosure, reproduction, distribution or other use of this message or any attachments by an individual or entity other than the intended recipient is STRICTLY PROHIBITED.
> Please note that ADB protects your privacy. Any personal information we collect from you is used in accordance with our Privacy Policy<https://www.adbglobal.com/privacy-policy/> and in compliance with applicable European data protection law (Regulation (EU) 2016/679, General Data Protection Regulation) and other statutory provisions.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user


--
Grootan Technologies Private Limited
R-Block, 15th main street
Anna nagar, Chennai 600 040
tel +91 97890 24698
mail lokesh.ravichandru at grootan.com<mailto:lokesh.ravichandru at grootan.com> | web https://www.grootan.com



--
Grootan Technologies Private Limited
R-Block, 15th main street
Anna nagar, Chennai 600 040
tel +91 97890 24698
mail lokesh.ravichandru at grootan.com<mailto:lokesh.ravichandru at grootan.com> | web https://www.grootan.com



--
Grootan Technologies Private Limited
R-Block, 15th main street
Anna nagar, Chennai 600 040
tel +91 97890 24698
mail lokesh.ravichandru at grootan.com<mailto:lokesh.ravichandru at grootan.com> | web https://www.grootan.com

More information about the keycloak-user mailing list