7:10 a.m.
I'm trying to call via REST through POSTMAN the list of users through the get path:
http://localhost:8180/auth/admin/realms/school-domain/users
Here my keycloak configuration where I create 2 users, 4 roles, a 'school' client
and a 'school-domain' realm:
{
"realm": "school-domain",
"enabled": true,
"accessTokenLifespan": 60,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"ssoSessionIdleTimeout": 600,
"ssoSessionMaxLifespan": 36000,
"sslRequired": "external",
"registrationAllowed": true,
"resetPasswordAllowed": true,
"editUsernameAllowed": true,
"loginWithEmailAllowed": false,
"duplicateEmailsAllowed": true,
"privateKey":
"MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
"publicKey":
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"requiredCredentials": [
"password"
],
"users": [
{
"username": "root",
"enabled": true,
"email": "lsflashboss62(a)gmail.com",
"credentials": [
{
"type": "password",
"value": "gtn"
}
],
"realmRoles": [
"admin"
],
"clientRoles": {
"account": [
"manage-account"
]
}
},
{
"username": "HUHUJJJKJJKN",
"enabled": true,
"email": "luca.stancapiano(a)vige.it",
"firstName": "Luca",
"lastName": "Stancapiano",
"credentials": [
{
"type": "password",
"value": "gtn"
}
],
"realmRoles": [
"pupil"
],
"clientRoles": {
"account": [
"manage-account"
]
}
}
],
"clients": [
{
"clientId": "school",
"rootUrl": "http://localhost:8080/school",
"enabled": true,
"redirectUris": [
"http://localhost:8080/school/*"
],
"webOrigins": [
"http://localhost:8080"
],
"publicClient": false,
"secret": "bce5816d-98c4-404f-a18d-bcc5cb005c79",
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": true,
"authorizationSettings": {
"allowRemoteResourceManagement": true,
"policyEnforcementMode": "ENFORCING",
"resources": [
{
"name": "Default Resource",
"type": "urn:school:resources:default",
"ownerManagedAccess": false,
"attributes": {
},
"_id": "c338b2be-da73-471c-9bb0-77ad52e1f88f",
"uris": [
"/*"
]
}
],
"policies": [
{
"id": "edb01393-180e-4d95-afd3-92b3ac5a6d41",
"name": "Default Policy",
"description": "A policy that grants access only for users within
this realm",
"type": "js",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"code": "// by default, grants any permission associated with this
policy\n$evaluation.grant();\n"
}
},
{
"id": "1f5dce97-54e3-4dcf-92bd-a2a59120286f",
"name": "Default Permission",
"description": "A permission that applies to the default resource
type",
"type": "resource",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"defaultResourceType": "urn:school:resources:default",
"applyPolicies": "[\"Default Policy\"]"
}
}
],
"scopes": []
}
}
],
"roles": {
"realm": [
{
"name": "admin",
"description": "Administrator privileges"
},
{
"name": "schooloperator",
"description": "School Operator privileges"
},
{
"name": "teacher",
"description": "Teacher privileges"
},
{
"name": "pupil",
"description": "Pupil privileges"
}
]
}
}
Keycloak starts on the 8180 port. I configured POSTMAN with OAuth 2.0. Here the Oauth
configuration used to receive the token:
Token Name: Token Name
Grant Type: Authorization Code
Callback URL: http://localhost:8080/school
Auth URL: http://localhost:8180/auth/realms/school-domain/protocol/openid-connect/auth
Access Token URL:
http://localhost:8180/auth/realms/school-domain/protocol/openid-connect/t...
Client ID: school
Client Secret: bce5816d-98c4-404f-a18d-bcc5cb005c79
Client Authentication: Send as Basic Auth header
The Callback URL is an active simple web app starting on the 8080 port. The token creation
is ok but when I call the server with the created token I get a 401 Unauthorized error.
What I miss?