Hi all,
Is there a way to configure Keycloak to use a user's certificate for logging in to a realm's admin console?
Here's the documentation I read for client x509 authentication: https://www.keycloak.org/docs/3.4/server_admin/index.html#_x509
I don't see anything in regard to authenticating a realm admin into the admin console using x509 authentication - just for authenticating with a client.
I've googled but haven't found anyone asking the same question, so I figured I'd ask here.
Just to be clear, I want to be able to go to localhost:8180/auth/admin/{realm-name}/console and be asked to authenticate using my user certificate instead of username/password. Can this be done? Thanks.
Hi, I have a wildfly server with keycloak adapter and a simple Java EE
application which uses keycloak-policy-enforcer configured using
keycloak.json.
The documentation mentions how to develop a custom Claim Information
Provider SPI but I do not know how to deploy it. I assume I should deploy
it in the wildfly server where the keycloak policy enforcer runs and not in
the Keycloak server itself.
after copying the jar with claims provider to standalone/deployments folder
of the wildfly server with my app protected by the policy enforcer, the jar
is deployed successfully but my claims provider is never called.
in keycloak.json of the policy enforcer I have added
"claim-information-point": {
"claims": {.......},
"my-claims": {.......}
}
"claims" works and adds the claims to the RPT, but "my-claims" which should
call my custom claims provider does not do anything.
Kind regards
Marcel
Hi Team,
I am securing many tools using Keycloak for Single sign on and Single
Logout. We are securing tools like Jira, Confluence using Miniorange
plugin. We have few Spring boot applications which are to be secured. They
are secured using Spring Boot with KeycloakWebSecurityConfigurerAdapter.
Single Sign on is working fine. The landing application is spring boot web
application, which is accessed by giving LDAP credentials. From that
application, we will be accessing the Jira, Confluence. They are opened
without asking me for credentials. But Single Logout is not working. In
Spring boot application, on click of Logout, I am calling
HttpServletRequest.logout(), which is logging me out of Spring boot
application successfully. But the sessions in Jira and Confluence are not
killed. Similarly once I open the tools from Spring boot application, on
logout of any tools both Jira and confluence are logging out using Single
Logout but session in Spring boot application is not killed.
Could you please help us resolving this issue.
Regards
Triveni Chegireddy
Tata Consultancy Services Limited
Mailto: triveni.chegireddy(a)tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
Business Solutions
Consulting
____________________________________________
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
Hi
We are using Keycloak in one of our products and we want to customise the
verification and password reset email content and subjects.
But we recognise that both of the emails use the same template
executeActions.ftl and there is only 1 field for subject line of that email:
executeActionsSubject. I saw emailVerificationSubject
and passwordResetSubject but these were not used.
What can I do to use different subject lines for keycloak verification
email and password reset email?
Thanks
Tony Vu
--
This email is confidential and intended solely for the person(s) to whom
it is addressed.
Hello,
Can anyone point me in direction for integrating RSA Auth for Keycloak? This is a hard requirement for project.
Thanks.
--
Jonathan Carrasco (173F)
Jet Propulsion Laboratory
All,
I am trying to implement client authentication with a signed JWT. The example in the documentation shows how it works for a web adapter. How would one perform this on Android, for example with AppAuth-Android or AeroGear for Android?
Client Authentication: https://www.keycloak.org/docs/3.1/securing_apps/topics/oidc/java/client-a...
Thanks,
Chris Nguyen
Hi,
I'm having some issues understanding how to use the "Scope Param Required"
switch when creating a role on my client. I have created a new client in
the master realm, lets call it "master-client". Next I went to Clients >
Master-client -> Roles and added a role named "role-one". In the wizard
where I created the role I selected true on the switch "Scope Param
Required". After that I created a new user and added the role "role-one" to
that user.
When I look at the access token the user receives when logging in using the
javascript adapter I can not see "role-one" in the roles array in the
resource_access object. I get this: "resource_access": {}.
However, If I edit the role and select false on the switch "Scope Param
Required" I can see "role-one" in the JWT: "resource_access": {
"master-client": { "roles": [ "role-one" ] } }
What am I missing? I'm using Keycloak 3.1.0.FINAL and keycloak-js 3.4.3,
Cheers,
Ulrik
Greetings friends,
I am new to Keycloak so please forgive me if I am not clear about the guidance question.
I am setting up Joomla CMS 3.8.x and would like users provisioned and authenticated using KeyCloak.
Has anyone setup a POC or working configuration of how to setup Joomla CMS authentication using Keycloak please. I would need detailed working guidance.
Thank you very much for your guidance and help!
Sincerely,
Riz
Hi,
Is there any way to retrieve the terms and conditions text through the API?
Users logging in need to accept terms and conditions, no problem there. But after they log in, there is an option on the UI to show the T&C's again (read-only) that were agreed to. I've been looking for a way to retrieve this text through APIs but I cannot see any way to accomplish this.
More generally, is there a way to retrieve files from the themes folders through the REST or Java APIs? E.g. the message properties file so that we could retrieve key/values of licence text rather than the formatted html.
If anyone knows of a way to do any of this I would be grateful.
Best regards,
Jack.
