Integration Keycloak with phyton application
by Pablo N
Hello,
I am starting to use Keycloak as IDM inside my actual Project. I have to
projects, Java and Phyton projects and I want to use Keycloak as SSO. I
manage to integrate Java project with Keycloak running in Wildfly, but I
don´t know how I should proceed with Phyton project.
Currently we are using this Phyton plugin to connect with Django:
http://python-social-auth.readthedocs.org/en/latest/
Could you help us about what steps should be done to use Keycloak with this
plugin?
Thank you in advanced,
Pablo Nuño
10 years, 5 months
Realm update through REST API
by Alexander Chriztopher
Hi guys,
Just wondering wether you have an example to do any kind of update on a
realm through REST.
Many thanks for any help.
Regards.
10 years, 5 months
Query about SP & IDP
by Kamal Jagadevan
Hello,
We are doing a feasibility study to replace one of the existing OAUTH solution with Keycloak.
And we were wondering if the following things are possible
1.) Can Keycloak act as Service Provider
2.) In the previous post Stian mentioned keycloak can act as IDP (Identity provider). But can Keycloak be integrated with external IDP over SAML.
Please advise
Thanks
Kamal
10 years, 5 months
Removing totp authentication in a realm doesn't disable it in the realm.
by Ricardo Martinelli de Oliveira
Hello,
I created a realm for my applications and just for testing purposes I added totp as a required user credentials and it worked (I could use Google Authenticator to login to my applications) but after removing it the keycloak login page still asks for the Google Authenticator token.
Is it required to remove the token configuration in Google Authenticator to definitely remove this step or there's something else I'm missing?
Regards,
Ricardo Martinelli de Oliveira
10 years, 5 months
Admin REST API - create new user problem
by Marko Radinovic
Hi,
I'm trying to make REST call to create new user account.
HttpPost post = new HttpPost(KeycloakUriBuilder
.fromUri(getBaseUrl(request) + "/auth")
.path("/admin/realms/{realm-name}/users")
.build("EHR Cloud"));
UserRepresentation userRepresentation = new UserRepresentation();
userRepresentation.setUsername("radinovic.marko");
userRepresentation.setEmail("markoradinovic79(a)gmail.com");
userRepresentation.setEnabled(true);
userRepresentation.credential(CredentialRepresentation.PASSWORD, "marko");
userRepresentation.attribute("institutionId", "4");
userRepresentation.attribute("institution", "ZipSoft");
userRepresentation.setRealmRoles(Arrays.asList(new String[] {"ehr
-user-doctor"}));
After executing post, user is created, but user credentials and realm roles
are not saved.
Also, I try to update user, but still there is no credentials and realm
roles.
HttpPost post = new HttpPost(KeycloakUriBuilder
.fromUri(getBaseUrl(request) + "/auth")
.path("/admin/realms/{realm-name}/users")
.build("EHR Cloud"));
I check in database, and there is no credentials and roles.
10 years, 5 months
Keycloak 1.0.1.Final finally in Maven Central
by Stian Thorgersen
Keycloak 1.0.1.Final is finally in Maven Central. I forgot to mark it as released in JBoss Nexus, which is why it never synced to Central.
Sorry for any inconvenience,
Stian
10 years, 5 months
1.0.1 Problems & Questions
by Conrad Winchester
Hi all,
I have just upgrade from 1.0-beta 3 to 1.0.1 final and am running into some serious issues.
First a question: when will keycloak-core 1.0.1 be available from maven central? I am having to use 1.0-final in my war - is that compatible with 1.0.1 keycloak war - which is running on my server.
I upgraded by doing a complete wipe of the keycloak database, and reinstalling 1.0.1 over my wildly configuration. I am able to use the keycloak admin screens flawlessly.
Now onto my problem.
In 1.0.3-beta I used to have a access type bearer-only application which used the rest api to register and login users to keycloak.
After upgrading I have found that even if I set the application to be bearer-only, keycloak still throws an invalid redirect uri error whenever I try to use the rest end points (surely this should not happen with a bearer-only application). In order to fix this I have moved the application over to access type confidential (it is sitting on the same server as keycloak) - are there any pointers to the correct config for this in 1.0.1? Basically my application is the backend to a mobile app that is using keycloak for access control - at the moment I am not allowed to use the keycloak login/register screens so must proxy it through the server. I am now able to register users using this configuration, but would prefer to go back to bearer-only
I also have a Direct Grant Only client which I use for the mobile application itself. I am able to get an access token by using the TOKEN_SERVICE_DIRECT_GRANT_PATH via the proxy server but when I try to access a resource with that bearer token set in the header I am still getting an unauthorised response.
My applications keycloak.json looks like this
{
"realm": "shift",
"realm-public-key": “**",
"auth-server-url": "http://.../auth",
"ssl-required": "none",
"resource": "shift-server",
"credentials": {
"secret": “**"
}
}
and my client JSON looks like this (although this is not put anywhere in my application war)
{
"realm": "shift",
"realm-public-key": “***",
"auth-server-url": "http://.../auth",
"ssl-required": "none",
"resource": "shift-ios",
"public-client": true
}
I can login in with a correct username and password setting the client id to ‘shift-ios’. However when I try to access a protected resource like this
GET /shift/feed HTTP/1.1
Host: www…..com
Connection: keep-alive
Accept: */*
User-Agent: shift-ios-client/1.0 CFNetwork/711.0.6 Darwin/14.0.0
Accept-Language: en-us
Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJuYW………...5lXDBvPGu3bI7msV6Xh34g2PG1E2-d0GchWLFb4kGWofDbexDgIJoP1eeSHnKmahAHHbcl_LZkI3ayKYCgF-o3vfk0yh4T-zptEdK1EHFDndz4SkJlrPsyawueekf1mJD-drilFlL55nLIfFqjpaNdQDr5R3lAjUb0
Accept-Encoding: gzip, deflate
where the Bearer header is the access token I get from logging in, then I get a 403 unauthorised response.
This used to work perfectly in beta 3, but I seem unable to make this work in 1.0(.1) final.
Could this be because I am using 1.0-core instead of 1.0.1-core
Please help, as this has stopped all work on the product, and I am completely stuck. Whats the best way to go about debugging this?
Conrad
10 years, 5 months