I am quite aware that REST API is the only way for non-interactive integration to setup Realm, Application, and Users in Keycloak.
Having said that even before invoking desired api, we need Client ID (Account), Client Secret, Username and password (after resetting) to obtain the access token.
1. what is the best way to obtain these values for subsequent API invocations?
2. I observed there is a mechanism to upload a JSON file with Realm configuration but how can I export it at the first place.
Please share your thoughts.
I installed Docker on my Windows Server 2012 R2 machine and tried to use
the Keycloak Docker image. I ran "docker run -it -p 8080:8080 -p
9090:9090 jboss/keycloak" and received the following error:
java.lang.IllegalArgumentException: Failed to instantiate class
nager.handlers.PeriodicRotatingFileHandler" for handler "FILE"
... 19 more
Caused by: java.io.FileNotFoundException:
(No such file or directory)
at java.io.FileOutputStream.open(Native Method)
I am trying to integrate Keycloak, RestEasy and Swagger. I got most of the stuff to work with the exception of a redirect URL problem.
The scenario is if I am not yet authorized to a Restful service, then in Swagger, I can click on their authorize button and that is supposed to bring me to the Keycloak login screen. I am basically doing what is described in this article if that helps:
The problem I am facing is: It seems for Keycloak redirect to work, there is a state parameter. For example, this works:
How do I programmatically get this state parameter?
I saw that there is already a JIRA issue for this, but I was wondering
whether there are any plans to add support for i18n in keyclaok themes?
Here's the issue: https://issues.jboss.org/browse/KEYCLOAK-301
To be more precise, we'd need to provide different messages and labels in
log-in and registration templates based on the browser language.
My application is checking the access token timeout and refreshing it if expired. The thing is, the tokens are being invalidated after the SSO session timeout. So if I have the access token timeout set to 4 hours, and the SSO timeout set to 15 minutes, the access token and refresh tokens are both invalidated after only 15 minutes.
Date: Thu, 21 Aug 2014 17:34:16 -0400
From: Bill Burke <bburke(a)redhat.com<mailto:email@example.com>>
Subject: Re: [keycloak-user] SSO Session Idle Timeout for Direct
Content-Type: text/plain; charset=windows-1252; format=flowed
I don't agree...
Your application should be checking for token timeouts and performing a
refresh. The response from direct-grant gives you a refresh token as
well as an access token as well as a timeout (which you could check from
the access token).
Since you have a refresh token, you can refresh the access token. You
still want the same setup: Short access token lifespan
(seconds/minutes) with a longer refresh timeout minutes/hours. This is
for revocation checks, permission changes, etc.
I could set up a different SSO timeout/access token timeout for grant
requests if you want, but that would have to be after 1.0.final.
I created one realm with many applications associated. I would like to know
if it is possible to find out which app that was called in my
When some app from my realm is called, I discover the app that was called
and I show login page with specific css for it.
Thanks in advance.
I am unable to start Keycloak beta 4 on EC2. When I clicked on the Admin Console, I got HTTPS required.
I did the same configuration changes (standalone.xml) for Keycloak beta 3 and it worked on EC2.
What else do I need to configure for beta 4?
Here is the URLs:
Beta 4 doesn’t work:
Beta 3 works:
Hi, I was wondering if there is a plan to implement multiple login screens.
We have the need for more than one type of login screen here, for different
flows, and I imagine we're not the only ones who will be interested in such
Something that allows you to select between the screens you created for a
given style, and have one by default maybe.
Are there any alternative ways like command line or shortcuts to update the Realm settings or user settings in Keycloak.
Though it is possible to set it up through Admin console but trying to avoid the setup steps through UI.
Looks like during application bootstrap these are few settings like admin password to be reset & Direct Grant API access being disabled.
Is there any other better way to modify other than UI or directly updating them in database.
Please let us know. This is critical for our post install steps while integrating with Keycloak.