We are wondering how to achieve "multi tenant" on a resource.
We have a spring boot backend with an angular front end, and are using Spring Security and keycloak-angular adapters.
We have one keycloak used to authenticate and authorize users to the application, that configuration is ok.
But now, for a set of resources (angular paths and REST services), we need to authenticate to an other Keycloak server, which we don't know much of because it is somebody else's.
How can we handle having 2 different Keycloak for a set a resources?
How can we tell in Spring Boot and Angular which AccessToken is the right one ?
Is it possible to check if AccessToken is valid on 2 different Keycloak and only for some paths ?
At first, we thought about user federation... but we don't want to be able to log in to the application just with the 2nd Keycloak. We have to be logged in with the first Keycloak on all paths, and for some paths we want to also be logged in to the 2nd Keycloak.
Thank you for your time,
Léonore DES PLAS MATTEI
Ingénieure Etudes et Développement - Aix en Provence SIG
I am using Keycloak 3.4.3.Final as SSO solution for my applications. I want to display session inactivity popup if user is inactive for certain time, I want to know in how much time session is going to be expired, so that he can click on continue button to keep session continue, or he can logout immediately by clicking logout button in popup.
I there any way to know session expiry time? I tried with ActiveToken's API isExpired() but it doesn't serve my purpose.Is there any way to know session is expired or active?Please help me.
we implemented custom Identity provider that extends from
AbstractOAuth2IdentityProvider and some Required Actions. It’s works pretty
good, but we have one new Requirement, that is to call an external Endpoint
ONCE after all Required Actions are done. My Question: is there some method
to override, that is executed once after all Required Actions have been
processed. Something like ‘@Override public void importNewUser()’ but just
after required actions are ready.
After having received so many good reviews about Keycloak, We are
implementing Keycloak as the access management system to our client
organization. Thanks to all the contributors.
I am stuck in getting the login complete with the User Federation SPI. I am
in need of sending an additional parameter from the client during login
which I wanted to be available in the User Federation layer. So that based
on that parameter, I shall make an appropriate request to our legacy system
for validating the password.
Currently, I do this,
curl -X POST \
-H 'Accept: application/json' \
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/x-www-form-urlencoded' \
How can I add one another custom param to the body and make it available in
the federation layer before making the login request to the legacy system?
Any help will be much appreciated.
It is possible to add authenticator options on the login page. So that the user can select through which authenticator wants to login.
For example having as options: passwords, secret question, etc.
I have been considering setting up a series of live events for Keycloak.
The plan would be once a month to have a live event with presentations from
the Keycloak team and we would also be happy to invite others that want to
talk about Keycloak.
Topics would include presentations on new features, archicture/design on
upcoming features and perhaps open Q&A sessions.
Now the question is how many would attend? Let me know on the mailing list
or on Doodle (https://doodle.com/poll/qadckvmkgi6eyukd) if you are
interested. I'm also interested in knowing if you are not interested.
Suggestions for other topics are also welcome.
I have trouble fetching info from some endpoints
When I’m trying to fetch roles from client everything works.
Get all roles for the realm or client
But when I’m trying to reach specific role or users with specific role it return 403 Forbidden error
Get a role by name
Is this an issue on api side or I’m forgetting something?
Hope you can help me! Thanks!
I want to assign permissions to client-level roles to do so I create policies
for the client-level roles which need to be assigned to permissions. I need
to assign these policies for client-level roles to permission via REST from
my project but I can't find the REST URI in documentation and project.
Sent from: http://keycloak-user.88327.x6.nabble.com/