I'm working on a Java-based wrapper for the REST API, to make it look more
OO, abstracting the access to servers.
It uses methods such as
User bill = realm.getUser("bburke")
List<RoleRepresentation> roles =
It's still in it's early stages, but if you find it interesting, I'd be
happy to create a repo for other Java users to use it, and adapt it based
on suggestions aswell.
We will be doing a demo of a proof of concept of a project we've been
working on by Friday, with keycloak as our security backbone. One of the
questions that has come up in our work is that since the organisation's
own IT staff will be managing the security and assigning of users to
roles etc, there should be the ability to assign a person/persons as
administrators of a particular realm.
In our testing we've always been logging in with the admin of the
"master" realm and navigating to the realm of the application. Is there
a way to make a user in a realm an administrator of only their realm, so
the org's IT staff can take over that task?
Is there currently a way to get all roles for a realm and application? I
found the rest api docs... but when I call
with the appropriate realm and app name I just get the text "Bearer"
returned. Is this still in the works or am I missing something?
Thanks so much!
I am trying to understand the redirect uri configuration on the KeyCloak admin console.
As per the document:
there are two special special redirect uri for application. I have few questions about the http://localhost
1. When I configure my application with the http://localhost and confidential access_type, am I supposed to provide a callback implementation or is is handled by keyclock client libraries that I bundle with my web app?
2. Am I supposed to provide a “port” along with the redirect uri? I.e. http://localhost:8989? It seems like with either configuration gives me “WE’RE SORRY”, “Invalid redirect_uri”.
3. When running KeyCloak and my client application on separate servers, will the http://localhost redirect uri automatically supposed to be replaced with the correct IP address/hostname of the Resource Server provides, I.e. my application?
I understand that this redirect_uri has been made a mandatory field in recent release of KeyCloak and I could not find information related to its configuration in the “Base Part 1” tutorial video.
Any pointers about how to configure this redirect uri for “confidential” access_type would be very helpful.
I am evaluating keycloak and running into this issue when deploying a web application secured using keycloak:
14:12:59,436 INFO [org.jboss.web] (ServerService Thread Pool -- 80) JBAS018210: Register web context: /customer-portal
14:12:59,445 ERROR [org.apache.catalina.startup] (ServerService Thread Pool -- 80) JBWEB001034: Cannot configure an authenticator for method KEYCLOAK
14:12:59,446 ERROR [org.jboss.web] (ServerService Thread Pool -- 80) JBAS018206: Webapp [/customer-portal] is unavailable due to startup errors
I have updated the customer-app/src/main/webapp/WEB-INF/web.xml app with following login-config parameter
I have followed the instructions @ http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html_single/#WAR... and using the following versions of the software:
I have in addition to the instructions above,
to update the modules folder.
Could you please suggest what I can do to fix this?
Hi, I installed keycloak on a EC2 RHEL VM. I can login to the admin console. I then build and deploy the pre-configured-demo examples and imported the demo realm. However, I am unable to invoke the customer-portal. I have tried to change the application URL already in the admin console. Any idea what I may be missing? I get 404 not found error here:
You can login as admin/password to take a look too…
Are there any Strong reasons/recommendation for moving Keycloak backend from H2 database to a different database?
I noticed this in the Reference guide "....you might want to use a better relational database for Keycloak like PostgreSQL"...
Our application is on-premise solution and wouldn't involve with substantially large number of users.
Please advise if we can go with Keycloak & H2 database for production.