Re: [keycloak-user] Multi tenant plus administration Rest api

I have tried to add: org.keycloak.representations.IDToken idToken = principal.getKeycloakSecurityContext().getIdToken(); org.keycloak.representations.AccessToken token = principal.getKeycloakSecurityContext().getToken(); writer.write("<br/>Access Token id: " + token.getId()); writer.write("<br/>Access Token String: " + principal.getKeycloakSecurityContext().getTokenString()); writer.write("<br/>ID Token id: " + idToken.getId()); writer.write("<br/>ID Token String: " + principal.getKeycloakSecurityContext().getIdTokenString()); writer.write(String.format("<br/><a href=\"/multitenant/%s/logout\">Logout</a>", realm)); try { java.net.URL url = new java.net.URL( "http://localhost:8080/auth/admin/realms/" + principal.getKeycloakSecurityContext().getRealm() + "/roles" ); java.net.HttpURLConnection conn = (java.net.HttpURLConnection)url.openConnection(); conn.setRequestMethod( "GET" ); conn.setRequestProperty("Authorization", "Bearer " + principal.getKeycloakSecurityContext().getTokenString()); java.io.BufferedReader in = new java.io.BufferedReader( new java.io.InputStreamReader( conn.getInputStream())); String line; while ((line = in.readLine()) != null) { writer.write( line ); } in.close(); } catch( Exception e ) { e.printStackTrace(); } to keycloak-demo-1.3.1.Final/examples/multi-tenant/src/main/java/org/keycloak/example/multitenant/boundary/ProtectedServlet.java But I am getting an error: 12:28:28,317 WARN [org.jboss.resteasy.core.ExceptionHandler] (default task-16) Failed executing GET /admin/realms/tenant1/roles: org.keycloak.services.ForbiddenException In stepping through the AdminClient of the admin-access-app I have found an example bearer token was 1157 characters long. principal.getKeycloakSecurityContext().getIdTokenString() turned out to be 645 characters long. principal.getKeycloakSecurityContext().getTokenString() turned out to be 865 characters long. What is it that I am missing ? On Tue, Jul 7, 2015 at 10:08 AM, Bill Burke <bburke(a)redhat.com <mailto:bburke@redhat.com>> wrote: The access token should already be available. On 7/7/2015 10:01 AM, Stephen More wrote: > Or perhaps a better question would be: Once a user is already logged > into keycloak, how can a > org.keycloak.representations.AccessTokenResponse without providing a > password a second time ? > > On Sun, Jul 5, 2015 at 12:00 PM, Stephen More <stephen.more(a)gmail.com <mailto:stephen.more@gmail.com> > <mailto:stephen.more@gmail.com <mailto:stephen.more@gmail.com>>> wrote: > > How could I extend the multi-tenant example ( > https://github.com/keycloak/keycloak/tree/master/examples/ > <https://github.com/keycloak/keycloak/tree/master/examples/multi-tenant>... > ) to make a Rest admin api call back to keycloak using java ? > > I think this would be a helpful example in upcoming releases. > > Thanks > > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user