I created a custom User Federation Provider and deployed it as per the documentation. It worked in earlier versions (1.1 Beta-1) but it appears that the location of Keycloak war in Wildfly has changed in 1.1 Beta-2 version and it is no longer inflated. Can someone suggest where exactly I have to place the Federation provider jar in 1.1 Beta-2 version?
We are in the process of securing our REST APIs using Keycloak.
We would like to be able to use the Push Revocation feature. Please clarify the following:
1. What is the expected behavior of this feature?
2. Is this feature handled by the application server adapter, and if so, where? Or do we need to modify the application itself to support this feature?
- Mikhail Kuznetsov
My jee web application uses its bearer token when issuing AJAX requests to
other REST services within the realm (but at different origins). It does it
by reading the exposed bearer token prior to making an AJAX request. Is
there a mechanism by which the application may find out when the bearer
token is refreshed, to make it possible to read the bearer token only when
Br / Hubert.
I want to pass a username to the login screen. I know the parameter login_hint, but how can I pass a value for this parameter, if I invoke the application like this:
I'm looking for information on how to implement single logout across
applications in the realm. There is an Admin URL setting per application in
the realm admin GUI which is to be set if the application supports "the
adapter REST API", but I failed to find any information about this API. Is
this the API to use for single logout ?
Br / Hubert.
I must admit that OAuth sometimes appears a little complex for me and I
have a use that I'd like to submit in order to collect opinion and/or best
My application components are :
- a keycloak server configured.
- a REST API (/api) protected using WAR adapter
- a Angular GUI client of this REST API using JS Adapter
- another REST API (/tools)
The /tools API is accessed by the Angular GUI but is also a client of the
REST API (/api)
The /tools application have a rest-api-client.jar embedded that support
Credentials Client Grant to ensure OAuth authentication in order to access
the /api REST interface.
What I expected to do was to allow the Angular JS to propagate its
authentication in order to allow the /tools application to access /api
I'm facing the problem on how to propagate the JS Adapter authentication to
the /tools application to allow it to use in the rest client ?
I did not mention that the /tools application is a background task manager
that could run a long time away after tool job submission...
I'm pretty lost in all the OAuth grant scenari and any suggestion should be
Thanks in advance, Jérôme.
Am having the following behaviour within keycloak :
# 1 / Open my application home page which brings me to the keycloak login
# 2 / Click on Forgot Password then enter my login and validate. Keep this
page open in my browser -this page contains a link : back to login;
# 3 / Open the received mail and click on the link to reset password which
opens a new tab in my browser;
# 4 / Switch to the previous tab where i left the login page open and click
on the link back to login;
# 5 / A new page opens with the message : We're sorry ... Unknown code,
please login again through your application.
Could any one tell me why am getting this ?
Thanks for your help.