March 2019 - keycloak-user - Jboss List Archives

OpenID Connect: Is storing access token in browser sercure?

by Timurhan Sungur

<https://security.stackexchange.com/questions/205837/openid-connect-is-sto...> Hi, I'm currently in the phase of integrating my web-site to OpenID Connect provided by KeyCloak. The web-site is not a single page application. However, different parts of the application are delivered by different web services. In each site delivered by these different web services, the user can call a standard REST API. This REST API can only be accessed with an access token received from KeyCloak. Thus, … [View More]

6 years

3
5
0 / 0

node adapter

by Greet Robijns

Hi all, I followed the instructions on https://www.keycloak.org/docs/latest/securing_apps/index.html#_nodejs_ada... to add a keycloak to my express server. my routes are handled by react on the client side. However I only get "access denied" and no redirection to the authentication page? My configuration: var session = require("express-session"); var Keycloak = require("keycloak-connect"); connectWithRetry(); var memoryStore = new session.MemoryStore(); let kcConfig = { realm: "… [View More]

6 years

2
4
0 / 0

Document how to generate a custom signed JWT when user is authenticated

by HILEM Youcef

Hi, I do not find documentation that provides instructions on how to implement a custom JWT for Keycloack. My need is to create Custom Tokens for Google Firestore ( https://firebase.google.com/docs/auth/admin/create-custom-tokens). Firebase gives you complete control over authentication by allowing you to authenticate users or devices using secure JSON Web Tokens (JWTs). You generate these tokens on your server, pass them back to a client device, and then use them to authenticate via the … [View More]

6 years

2
1
0 / 0

X509 Client Authentication regex replacement possible?

by Page, Raymond (Techical Solutions )

To those that assisted me, thanks for the assistance yesterday, I finally got the logging that I needed enabled. When using auth-x509-client-username-form, is it possible to specify a regex *replacement* instead of simply a regex sub-string match for the identity? I'm mapping a numeric unique identifier in the client certificates to the UPN attribute in AD of the form '1234@domain'. Since the numeric unique identifier (i.e. '1234') is not in a dedicated attribute in AD, I cannot simply … [View More]

6 years

1
0
0 / 0

Javascript Adapter vs Node Adapter

by Adnan Khan

Hi folks, I'm a junior javascript developer and am looking into ways to implement SSO using keycloak. My applications are javascript with backend rest node and front-end vue. Before I go deeper into implementation I wanted to understand why is there a javascript adapter and a node adapter as well. I understand that the javascript adapter is client side and the node adapter is server side. How do you authenticate a resource(end-point) from a client-side adapter? Another thing that's confusing … [View More]

6 years

2
2
0 / 0

Retrieving user information through the admin client on springboot

by Vikram

Hi all, Versions in use: Springboot version : 2.1.3 FINAL Keycloak version : 4.8.2 Springboot adapter version: 4.8.3 FINAL Keycloak admin client 4.8.2 FINAL So I am trying to get all the users that have a role "customer" and belong to a group "group1". I am using the following code. RoleResource roleResource = realmResource.roles().get("customer"); Set<UserRepresentation> customers= roleResource.getRoleUserMembers(); ArrayList<UserRepresentation… [View More]

6 years

2
1
0 / 0

jaxrs integration

by mhd wrk

The project I'm working on uses JAXRS/Jersey for REST and Spring Boot for wiring (DI). As of now we have our own Authentication/Authorization components based on JAXRS filters. What's the best way to replace the in-house components with KeyCloak? BTW, looking at the adapters under oidc adapters <https://github.com/keycloak/keycloak/tree/master/adapters/oidc>, seems to me the *jaxrs-outh-client* and *spring-boot2* might be the right candidates. However the first one is deprecated and the … [View More]

6 years

2
1
0 / 0

Restrict max number of users in a realm

by Bruce Wings

Is it possible to restrict number of users creation in a realm to say 500 , 1000 etc? Where can I find the config for the same?

6 years

2
1
0 / 0

keycloak-gatekeeper test with example-usage-and-configuration, but fail

by 毕务刚

PNG

6 years

2
1
0 / 0

Keycloak Gatekeeper + API Key + Service Account

by Sylvain Malnuit

Hi, Using Keycloak , it's possible to declare client like a service account . Client secret becomes API key. In my case, I'm going to generate 10 clients (10 API keys). I have tried to use Keycloak-gatekeeper to cover this use case but GK support only one client. In my case, I 'm understanding that I must create 10 instances of GT :(. Is there a way to associate various client to one instance of GT (different paths .) ? Thxs for your help. Regards, Sylvain

6 years

2
1
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

keycloak-user March 2019