Is it possible to assign user group to specific user storage?
by Jon Huang
Hi everyone,
Please forgive me if this issue was ever asked previously.
I would like to know if it is possible to assign role to specific
federation provider?
(for example below, user1 & 2 has role1 and user3 has role2)
It's hard to assign role to user one by one via UI. (too many users)
Nor default group can only assign role to every user.
Or is there any other way to achieve the goal?
Thanks
[image: image.png]
5 years, 11 months
Using system properties
by Edmond Kemokai
Hi,
I am trying to do something like this:
<KeyStore file="${jetty.home}/myapp/saml/keystore.jks" password="pass">
<PrivateKey alias="app-sp-key" password="pass"/>
<Certificate alias="app-sp-key"/>
</KeyStore>
However the expected replacement of jetty.home is not happening...is this
not supported ?
5 years, 11 months
Synology
by Jason Prouty
Has anyone used a sysnology as a client with Keycloak?
The only documentation I show is for Azure and Websphere
5 years, 11 months
keycloak rest api usage to get all user details(including details of attached groups) in one call
by Firoz Ahamed
Hi All,
We are creating a wrapper UI for user management on top of keycloak using the keycloak REST apis. To show the users created, we are using the users end point. However, the roles in our model are attached to the groups and we can only retrieve the user roles from the groups.
We tried getting data from the groups and roles endpoint for each user to create the complete user data set, however the multiple calls are costly and take time to process and return the data.
Is there any api end point which will get all user details along with the details of the groups attached to the user ?
Thanks in advance,
Firoz
Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10
5 years, 11 months
What does "Session doesn't have required client" mean?
by Ken Haendel
Hello,
I have a question concerning Keycloak 4.8.3.
I am using the spring security adapter to secure our web-app with the
keycloak and enabled login feature: remember-me.
The user logs in from a browser and it redirects back to out web app.
Our web-app calls another Keycloak secured REST-API endpoint internally
using the KeycloakRestTemplate, because we need to authorize these calls
as well using the same user of the web app.
After some amount of time the REST-API call fails with the following
error message:
"ERROR RefreshableKeycloakSecurityContext Refresh token failure status:
400 {"error":"invalid_grant","error_description":"Session doesn't have
required client"}"
and the keycloak log file contains the folowing warning:
17:25:51,929 WARN [org.keycloak.events] (default task-1)
type=REFRESH_TOKEN_ERROR, realmId=EHotel, clientId=IBE,
userId=f:8db533c4-9733-48d4-8b30-28a50954b7ad:khaendel,
ipAddress=192.168.1.76, error=invalid_token, grant_type=refresh_token,
refresh_token_type=Refresh,
refresh_token_id=9fba841f-54bb-4c81-8f7b-6a7e1c5ab92e,
client_auth_method=client-secret
I cannot predict when exactly that happens, presumably after 15 minutes
or after an hour. Token expiration is set as follows:
SSO Session Idle: 5 minutes
SSO Session Max: 5 minutes
SSO Session Idle Remember Me: 1 Day
SSO Session Max Remember Me: 1 Day
Access Token Lifespan: 2 minutes
It seems, that there is a client session cache involved
(InfinispanUserSessionProvider), that looses information after a while.
What does the error message mean and
what am i doing wrong?
Please help me out.
Thank you in advance,
Regards,
Ken
5 years, 11 months
TCPPING problem.
by Vaclav Havlik
Dears,
I would like to ask a question.
I have Wildfly, version WildFly Full 14.0.1.Final(http://14.0.1.final)
(WildFly Core 6.0.2.Final(http://6.0.2.final)) .
And then I have Keycloak, version Keycloak 4.7.0.Final(http://4.7.0.final)
(WildFly Core 6.0.2.Final(http://6.0.2.final)) .
Static cluster configuration, using TCPPING, works in Wildflys, but does not
work in Keycloaks.
I always have 2 instances on localhost (browser thus sends them the same
JSESSIONID). On both I have deployed a testing clustering webapp, with
which to test, if sessions are replicated. But Keycloaks do not pass
sessions to each other. I can see that when the page from the second
instance is reloaded in browser, it sends Set-Cookie header with another
cookie, as it obviously does not know the JSESSIONID from the first
instance.
With Wildflys the same does work.
Can you tell me, is there any reason, why this is the case, when Keycloak
uses Wildfly ?
Thank you. With regards V. Havlik.
5 years, 11 months
Authorization Client - 403
by Alexey Titorenko
Hello guys!
I would like to as about behaviour of Authorization Client. I’m trying to get user entitlements using authorization client and see the following:
If permissions allow access to the resource and scope requested, then everything is ok — I get back token with requested permissions added to it;
If permissions do not allow access to the resource, then I would expect returned token without any additional permissions added, but, instead, I get http error 403 (not authorised) from Keycloak.
Is it expected behaviour? Having 403 when communicating to Keycloak makes me think, that my client is not authorised to make this call, while it seems, that this is signal about the fact that access to resource is not allowed.
Alexey
5 years, 11 months
Kerberos authentication failing with umlaut characters
by Harish Tammireddygari
Hi,
I have a user in my active directory with first name and logon name as
*userätz. *When I login into windows machine with this user and try to
launch keycloak(where kerberos is enabled), it throws an error message
as *"invalid
username and password"* with the following exception. Also, I tried to add
*-Dfile.encoding=UTF8* during startup but didn't work. *Does keycloak
support kerberos authentication with umlaut characters?*
2019-02-06 01:26:08,282 WARN
[org.keycloak.storage.ldap.LDAPStorageProvider] (default task-29)
Kerberos/SPNEGO authentication succeeded with username [user��tz], but
couldn't find or create user with federation provider [ldap]
2019-02-06 01:26:08,282 ERROR [org.keycloak.events.EventBuilder] (default
task-29) Failed to save event: java.lang.NullPointerException: Null keys
are not supported!
at java.util.Objects.requireNonNull(Objects.java:228)
at org.infinispan.cache.impl.SimpleCacheImpl.get(SimpleCacheImpl.java:400)
at
org.infinispan.cache.impl.AbstractDelegatingCache.get(AbstractDelegatingCache.java:287)
at
org.keycloak.models.cache.infinispan.CacheManager.get(CacheManager.java:95)
at
org.keycloak.models.cache.infinispan.UserCacheSession.getUserById(UserCacheSession.java:192)
at
com.ca.ad.sv.keycloak.ext.events.JpaEventStoreProvider.getUsername(JpaEventStoreProvider.java:203)
at
com.ca.ad.sv.keycloak.ext.events.JpaEventStoreProvider.convertEvent(JpaEventStoreProvider.java:185)
at
com.ca.ad.sv.keycloak.ext.events.JpaEventStoreProvider.onEvent(JpaEventStoreProvider.java:140)
at org.keycloak.events.EventBuilder.send(EventBuilder.java:177)
at org.keycloak.events.EventBuilder.error(EventBuilder.java:164)
at
org.keycloak.authentication.authenticators.browser.SpnegoAuthenticator.authenticate(SpnegoAuthenticator.java:109)
at
org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:200)
at
org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:853)
at
org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:722)
at
org.keycloak.protocol.AuthorizationEndpointBase.handleBrowserAuthenticationRequest(AuthorizationEndpointBase.java:145)
at
org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildAuthorizationCodeAuthorizationResponse(AuthorizationEndpoint.java:395)
at
org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.build(AuthorizationEndpoint.java:139)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at
org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
2019-02-06 01:26:08,297 WARN [org.keycloak.events] (default task-29)
type=LOGIN_ERROR, realmId=service_virtualization,
clientId=security-admin-console, userId=null, ipAddress=10.162.26.187,
error=invalid_user_credentials, auth_method=openid-connect, auth_type=code,
response_type=code, redirect_uri=
https://tamha02n247350.ca.com:51111/auth/admin/service_virtualization/con...,
code_id=862c3e77-4ccf-4553-ba93-12030bb1b8f4, response_mode=fragment
2019-02-06 01:26:08,297 WARN [org.keycloak.services] (default task-29)
KC-SERVICES0013: Failed authentication:
org.keycloak.authentication.AuthenticationFlowException
at
org.keycloak.authentication.DefaultAuthenticationFlow.processResult(DefaultAuthenticationFlow.java:224)
at
org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:201)
at
org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:853)
at
org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:722)
at
org.keycloak.protocol.AuthorizationEndpointBase.handleBrowserAuthenticationRequest(AuthorizationEndpointBase.java:145)
at
org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildAuthorizationCodeAuthorizationResponse(AuthorizationEndpoint.java:395)
at
org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.build(AuthorizationEndpoint.java:139)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:138)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:107)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:133)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:101)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:406)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:213)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
at
io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
at
io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at
io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at
org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1508)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:326)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:812)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
5 years, 11 months
Ability for user to have multiple IDP's of the same type per user
by Ben Pittman
Just wondering if anyone else would find this functionality useful. I have
a custom IDP (not Google but similar, let's call it Acme IDP) that allows a
single email to have multiple identities. For example me(a)acme.com could
login as an ADMINISTRATOR or a PURCHASER with the only difference being
what Keycloak calls the federated_user_id returned from ACME.
Currently this isn't supported in Keycloak because of the foreign key
constraint on federated_identity table (identity_provider, user_id). If
this constraint is changed to (identity_provider, federated_user_id,
user_id) and the FederatedIdentityEntity.java class is changed to represent
the new constraint then voila I can support multiple IDP's of the same type
per user.
Just wondering if this has ever come up for anyone else before.
Regards,
Ben
5 years, 11 months
Get all users with scope X to resource Y
by Geoffrey Cleaves
Hi, how would I go about getting a list of all the users who have a certain
scope to a resource? Can it be done via the REST API?
"Hey Keycloak, who can edit bank account 7?"
Thanks
5 years, 11 months
