SAML client integration HTTP 405 error
by Adrien DESBIAUX
Hi there,
We are running Keycloak 3.4, and we noticed that for some SAML clients, we get a HTTP 405 error.
This happen for example with client having a local login and a button to login with SSO. For example Appdynamics does that (to name only that one). They perform a POST request to the Keycloak SAML endpoint of the configured client, leading to a HTTP 405 error.
The fact that they perform a POST to load the Keycloak login page is discussable, but how to counter this behaviour on Keycloak client's configuration side?
Thank you in advance for your guidance.
Cheers,
5 years, 7 months
403, Forbidden Issue with POST, PUT, DELETE
by Mahendra Anand
Hi Team,
I am trying to setup a standalone keycloak server and able to do it.
With the help of keycloak I am trying to secure REST endpoints which I am
exposing in my spring boot application.
I have all required steps to configure keycloak with spring boot
application link -
- creating new realm.
- Creating new client in that realm.
- new admin and user roles
- creating users with admin and user roles.
I am able to get access token with the help of admin user like below -
curl -d
"grant_type=password&client_id=product-app&username=admin&password=admin"
http://localhost:8181/auth/realms/springboot/protocol/openid-connect/token
And with the help of retrieved token i have able to hit GET end points of
my application.
But when I do POST, PUT, DELETE requests with token i get --
{
"timestamp": "2018-09-03T11:27:16.266+0000",
"status": 403,
"error": "Forbidden",
"message": "Forbidden",
"path": "/ds/api/v1/template/create"
}
It might be a scope issue on the user I am creating, but I am not getting
any pointer to give correct scope to user.
Kindly suggest any pointer or help will be very much appreciated. Thanks!
--
Regards
Mahendra Anand
Mobile - +91 9711429614
Skype - mahendra.anand
5 years, 7 months
Implementing user self service via REST APIs
by William Jones
Hi
As part of my Keycloak implementation, I would like to offer user self service, e.g. change password.
I do not wish to theme the built-in user account dashboard, but instead build the functionality directly into our website.
We are already using the Admin API for user administration, but as I understand it, it would not be appropriate to use this for actions which are actually being carried out by the end user. The auditing would be incorrect, and certain functionality is unavailable anyway - for example, whilst we could set a new user password via the Admin API, we would have no way of verifying that the existing user password is correct (we want the user to provide existing and new, as per the user account dashboard).
As such, is the correct approach to this for us to extend KeyCloak with a set of custom REST endpoints to be called by an end user rather than an admin? They will be authenticated at this point so we will be able to pass down their access token for the authentication.
If so, I assume I should be following the instructions under "Add custom REST endpoints" detailed at the following URL?
https://www.keycloak.org/docs/3.0/server_development/topics/extensions.html
Extending Server | Keycloak Documentation<https://www.keycloak.org/docs/3.0/server_development/topics/extensions.html>
This is a very powerful extension, which allows you to deploy your own REST endpoints to the Keycloak server. It enables all kinds of extensions, for example the possibility to trigger functionality on the Keycloak server, which is not available through the default set of built-in Keycloak REST endpoints.
www.keycloak.org
Thanks
William
5 years, 7 months
