Multi tenant on a given resource
by DES PLAS Leonore
Hi there,
We are wondering how to achieve "multi tenant" on a resource.
We have a spring boot backend with an angular front end, and are using Spring Security and keycloak-angular adapters.
We have one keycloak used to authenticate and authorize users to the application, that configuration is ok.
But now, for a set of resources (angular paths and REST services), we need to authenticate to an other Keycloak server, which we don't know much of because it is somebody else's.
How can we handle having 2 different Keycloak for a set a resources?
How can we tell in Spring Boot and Angular which AccessToken is the right one ?
Is it possible to check if AccessToken is valid on 2 different Keycloak and only for some paths ?
At first, we thought about user federation... but we don't want to be able to log in to the application just with the 2nd Keycloak. We have to be logged in with the first Keycloak on all paths, and for some paths we want to also be logged in to the 2nd Keycloak.
Thank you for your time,
Léonore DES PLAS MATTEI
Ingénieure Etudes et Développement - Aix en Provence SIG
7 years, 6 months
Want Session expired or not from keycloak server
by mukesh Harshwal
Hi all,
I am using Keycloak 3.4.3.Final as SSO solution for my applications. I want to display session inactivity popup if user is inactive for certain time, I want to know in how much time session is going to be expired, so that he can click on continue button to keep session continue, or he can logout immediately by clicking logout button in popup.
I there any way to know session expiry time? I tried with ActiveToken's API isExpired() but it doesn't serve my purpose.Is there any way to know session is expired or active?Please help me.
Thanks,Mukesh Harshwal
7 years, 6 months
Custom IdentityProvider lifecycle
by Tanja Schaefer
Hi,
we implemented custom Identity provider that extends from
AbstractOAuth2IdentityProvider and some Required Actions. It’s works pretty
good, but we have one new Requirement, that is to call an external Endpoint
ONCE after all Required Actions are done. My Question: is there some method
to override, that is executed once after all Required Actions have been
processed. Something like ‘@Override public void importNewUser()’ but just
after required actions are ready.
Best regards,
Tanja
7 years, 6 months
Send additional parameter on keycloak login
by Vignesh S
Hello All,
After having received so many good reviews about Keycloak, We are
implementing Keycloak as the access management system to our client
organization. Thanks to all the contributors.
I am stuck in getting the login complete with the User Federation SPI. I am
in need of sending an additional parameter from the client during login
which I wanted to be available in the User Federation layer. So that based
on that parameter, I shall make an appropriate request to our legacy system
for validating the password.
Currently, I do this,
curl -X POST \
http://localhost:8080/auth/realms/<realm-name>/protocol/openid-connect/token
\
-H 'Accept: application/json' \
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d
'username=<username>&password=<password>&grant_type=password&client_id=<client-id>'
How can I add one another custom param to the body and make it available in
the federation layer before making the login request to the legacy system?
Any help will be much appreciated.
Thanks,
Vignesh
7 years, 6 months
Authenticator options on login page
by Daicy Duarte
Hi!
It is possible to add authenticator options on the login page. So that the user can select through which authenticator wants to login.
For example having as options: passwords, secret question, etc.
Best regards,
7 years, 6 months
Keycloak Live Events?
by Stian Thorgersen
All,
I have been considering setting up a series of live events for Keycloak.
The plan would be once a month to have a live event with presentations from
the Keycloak team and we would also be happy to invite others that want to
talk about Keycloak.
Topics would include presentations on new features, archicture/design on
upcoming features and perhaps open Q&A sessions.
Now the question is how many would attend? Let me know on the mailing list
or on Doodle (https://doodle.com/poll/qadckvmkgi6eyukd) if you are
interested. I'm also interested in knowing if you are not interested.
Suggestions for other topics are also welcome.
7 years, 6 months
Sync of OpenID Connect Profile
by Graham Burgess
So I am attempting to use Keycloak to use an external IDP transparently. I have managed to get it to go through the first broker login flow but it has me wondering, does it keep the Keycloak profile in sync with the external? I suspect not, and if that is the case, I was wondering if any one had any suggestions on how to implement that sort of functionality?
Best regards,
Graham Burgess
RΛZΞR|stormmore
Sr. DevOps Engineer (USA)
Email: graham.burgess(a)razer.com
[http://assets.razerzone.com/email/email-sig.jpg]
Razer.com<https://www.razer.com/> | Razer Game Store<https://gamestore.razer.com/> | Razer Insider<https://insider.razer.com/> | Razer zVault<https://zvault.razer.com/>
[https://upload.wikimedia.org/wikipedia/commons/thumb/c/c2/F_icon.svg/200p...]<https://www.facebook.com/Razer> [Twitter_Social_Icon_Rounded_Square_Color] <https://twitter.com/Razer> [glyph-logo_May2016] <https://www.instagram.com/razer/> [youtube_social_squircle_red] <https://www.youtube.com/Razer?sub_confirmation=1>
Razer Inc. (San Francisco)
201 3rd Street, Suite 900
San Francisco CA 94103, USA
Tel: +1 (415) 266 5300
Razer Inc. Stock Code: 1337.HK
IMPORTANT NOTICE: This e-mail may be confidential, legally privileged or otherwise protected from disclosure. If you are not an intended recipient, do not copy, distribute or use its contents. Do inform the sender that you have received the message in error and delete it from your system. E-mails are not secure and may suffer errors, computer viruses, delay, interception and amendment. Razer accepts neither risk nor liability for any damage or loss caused by this e-mail. To the extent permitted by applicable law, Razer reserves the right to retain, monitor and intercept e-mails to and from its systems.
7 years, 6 months
Can’t get specific role or users by specific role
by Yura Srohiy
I have trouble fetching info from some endpoints
When I’m trying to fetch roles from client everything works.
Get all roles for the realm or client
GET /{realm}/clients/{id}/roles
But when I’m trying to reach specific role or users with specific role it return 403 Forbidden error
Get a role by name
GET /{realm}/clients/{id}/roles/{role-name}
Is this an issue on api side or I’m forgetting something?
Hope you can help me! Thanks!
7 years, 6 months
