HI, When a secured restful URL is hit in the browser, this request will reach the web server ,say wildlfy, first and then touch the keycloak for authentication. I am debugging a wildfly8 adapter to try to understand this workflow. I want to intercept at the moment before adapter to send request to keycloak. I don't know where to set a breakpoint . I have tried several places in the keycloak.adapter.core package but failed.
We are thinking of storing application specific user attributes in Keycloak
so that everything related to user is in one place.
For example users can create favourite lists (i.e. bookmarks), recent
We thought we can just push a json structure to the user attributes but
realise that the value attribute can store only up to 255 characters.
Can't we make this an unlimited field type like a text field so we can then
do things like the above?
Or is there a better way to store these type of values in KeyCloak.
I'm using keycloak 1.5.1.Final.
Is it possible to display a hint on the login page to point out to the
user the password requirements that have been configured via the
authentication UI i.e. length of password, numeric etc?
Our users are having a hard time knowing what the password requirements
are and are only shown an error message AFTER they enter the wrong
With keycloak 1.8.0 RC1,
I'm using user federation (Active directory) for users: the active directory is in Read Only mode.
I can assign roles to user. I can retrieve user federation attributes I need.
I can assign roles and attributes at group level.
To some user, I would like to add attributes not in the Active Directory.
But it fails : 'Error! User is Read Only!'.
Is there a way to specify user attributes in such case : 'user federation is read only' ?
I am customizing keycloak1.5.0 according to my preferences and everytime i
build, the database gets changed. Is there any way to protect the already
existing data?? And also could you give me some pointers on how to change
the default database to mysql on every build. We want to use a MySql
database and not a h2 db.
Thanks in advance.
I have made a few changes to the keycloak code for a little customization
of my own and i am getting the following error while running the command
(mvn install -Pdistribution).
[ERROR] Failed to execute goal on project keycloak-spring-boot-adapter:
Could not resolve dependencies for project
following artifacts could not be resolved:
org.keycloak:keycloak-jetty92-adapter:jar:1.6.0.Final-SNAPSHOT: Could not
org.keycloak:keycloak-tomcat8-adapter:jar:1.6.0.Final-SNAPSHOT in jboss (
http://repository.jboss.org/nexus/content/groups/public/) -> [Help 1]
Anyone has idea as to why this is happening. Thanks in advance.
Is there anyway to quickly change the algorithm type used for the JWT
signatures in the Keycloak instance? For my OpenId Connect clients the
access tokens are sent using RSA256 but I'd like to use one of the HMAC
ones like HS256.
For Hawkular, we were in the need of a simplified way for a REST client
to communicate with our backend. After discussing this with Stian, we
started the "secret-store" module, which was just spun off of Hawkular
into a "standalone" project.
Secret Store is a module for scenarios where the whole OAuth procedure
might be undesirable or not feasible on the client side.
The Secret Store has two sides:
1) a REST endpoint to create opaque tokens backed by OAuth Offline
Tokens composed of a key and secret;
2) An Undertow filter/Proxy server, that translates the opaque tokens
into OAuth bearer tokens, rewriting the incoming request. To your
backend, it's transparent whether an opaque token or a proper OAuth
token was used.
More info here: https://github.com/jpkrohling/secret-store