Hello,
We're using Identity Brokering feature and we use external IDP. So, user
logs in into external IDP UI, then KeyCloak broker client receives JWT
token from external IDP and KeyCloak provides JWT with which we access our
resources. We've set up "Default Identitiy Provider" feature, so external
IDP login screen is displayed to the user on login. That means that users
and their passwords are stored on external IDP.
The problem occurs when we need to log in using "Direct Access Grant"
(Resource Owner Password grant) programatically in our tests. As password
is not stored on KeyCloak, we always get 401 Unauthorized error from
KeyCloak on login. When I tried to change user password it started to work,
so the problem is that user password is not provisioned on KeyCloak and
using "Direct Access Grant" KeyCloak doesn't invoke external IDP.
Is there any way it can be fixed? For example to call identity broker on
"Direct Access Grant", so that KeyCloak provides us it's valid token?
Regards,
Yuriy
Show replies by date