3:32 a.m.
Hi
I have read
http://blog.keycloak.org/2015/10/getting-started-with-keycloak-securing.html
for trying to authenicate to KC with username and password through CLI. But
it seems this method does not work with KC 2.5.4, because public client
does not provide Redirect URI field.
See below:
Obtain Token and Invoke Service
First we need to create a client that can be used to obtain the token. Go
to the Keycloak admin console again and create a new client. This time give
it the *Client ID* curl and select public for access type. Under *Valid
Redirect URIs* enter http://localhost.
How can I do this with KC 2.5.4?
Thanks,
Mehdi
5:14 a.m.
New subject: Fwd: Obtain Token and Invoke Service throught CLI
---------- Forwarded message ----------
From: Mehdi Sheikhalishahi <mehdi.alishahi(a)gmail.com>
Date: Sat, Mar 11, 2017 at 10:32 AM
Subject: Obtain Token and Invoke Service throught CLI
To: keycloak-user(a)lists.jboss.org
Hi
I have read http://blog.keycloak.org/2015/10/getting-started-with-
keycloak-securing.html for trying to authenicate to KC with username and
password through CLI. But it seems this method does not work with KC 2.5.4,
because public client does not provide Redirect URI field.
See below:
Obtain Token and Invoke Service
First we need to create a client that can be used to obtain the token. Go
to the Keycloak admin console again and create a new client. This time give
it the *Client ID* curl and select public for access type. Under *Valid
Redirect URIs* enter http://localhost.
How can I do this with KC 2.5.4?
Thanks,
Mehdi
6:18 a.m.
New subject: Fwd: Obtain Token and Invoke Service throught CLI
What is it that you do exactly, and what error do you get?
On Mon, Mar 13, 2017 at 11:14 AM, Mehdi Sheikhalishahi <
mehdi.alishahi(a)gmail.com> wrote:
---------- Forwarded message ----------
From: Mehdi Sheikhalishahi <mehdi.alishahi(a)gmail.com>
Date: Sat, Mar 11, 2017 at 10:32 AM
Subject: Obtain Token and Invoke Service throught CLI
To: keycloak-user(a)lists.jboss.org
Hi
I have read http://blog.keycloak.org/2015/10/getting-started-with-
keycloak-securing.html for trying to authenicate to KC with username and
password through CLI. But it seems this method does not work with KC 2.5.4,
because public client does not provide Redirect URI field.
See below:
Obtain Token and Invoke Service
First we need to create a client that can be used to obtain the token. Go
to the Keycloak admin console again and create a new client. This time give
it the *Client ID* curl and select public for access type. Under *Valid
Redirect URIs* enter http://localhost.
How can I do this with KC 2.5.4?
Thanks,
Mehdi
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
7:05 a.m.
New subject: Fwd: Obtain Token and Invoke Service throught CLI
First of all, in curret KC public client does not provide Redirect URI
field.
Then, I've create a client without this field.
When I issue the following commnad:
RESULT=`curl --data
"grant_type=password&client_id=curl&username=user&password=password"
http://localhost:8180/auth/realms/master/protocol/openid-connect/token`
I get the following error:
{"error":"invalid_grant","error_description":"Invalid
user credentials"}
access_token\n
On Mon, Mar 13, 2017 at 12:18 PM, Marko Strukelj <mstrukel(a)redhat.com>
wrote:
What is it that you do exactly, and what error do you get?
On Mon, Mar 13, 2017 at 11:14 AM, Mehdi Sheikhalishahi <
mehdi.alishahi(a)gmail.com> wrote:
> ---------- Forwarded message ----------
> From: Mehdi Sheikhalishahi <mehdi.alishahi(a)gmail.com>
> Date: Sat, Mar 11, 2017 at 10:32 AM
> Subject: Obtain Token and Invoke Service throught CLI
> To: keycloak-user(a)lists.jboss.org
>
>
> Hi
>
> I have read http://blog.keycloak.org/2015/10/getting-started-with-
> keycloak-securing.html for trying to authenicate to KC with username and
> password through CLI. But it seems this method does not work with KC
> 2.5.4,
> because public client does not provide Redirect URI field.
>
> See below:
>
> Obtain Token and Invoke Service
>
> First we need to create a client that can be used to obtain the token. Go
> to the Keycloak admin console again and create a new client. This time
> give
> it the *Client ID* curl and select public for access type. Under *Valid
> Redirect URIs* enter http://localhost.
>
>
> How can I do this with KC 2.5.4?
>
> Thanks,
> Mehdi
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
9:34 a.m.
New subject: Fwd: Obtain Token and Invoke Service throught CLI
The field definitely exists. If you use web Admin Console to create a new
client, you won't see that field at first. Just click 'Save', and then you
will get a full list of fields including 'Valid Redirect URIs'.
Take a look at Admin CLI (https://keycloak.gitbooks.io/
documentation/server_admin/topics/admin-cli.html) which exists precisely to
allow you to perform Admin REST operations from CLI.
Or if you only need dynamic registration of clients, check out Client
Registration CLI (https://keycloak.gitbooks.io/documentation/securing_apps/
topics/client-registration/client-registration-cli.html).
For that you don't need to create a new client. Every realm automatically
has a public client called 'admin-cli' which is used by default by Admin
CLI, and Client Registration CLI.
However, if you insist on using curl that's possible as well but more
complicated. See
http://lists.jboss.org/pipermail/keycloak-user/2016-July/006793.html.
On Mon, Mar 13, 2017 at 1:05 PM, Mehdi Sheikhalishahi <
mehdi.alishahi(a)gmail.com> wrote:
First of all, in curret KC public client does not provide Redirect
URI
field.
Then, I've create a client without this field.
When I issue the following commnad:
RESULT=`curl --data
"grant_type=password&client_id=curl&username=user&password=password"
http://localhost:8180/auth/realms/master/protocol/openid-connect/token`
<http://localhost:8180/auth/realms/master/protocol/openid-connect/token>
I get the following error:
{"error":"invalid_grant","error_description":"Invalid
user credentials"}
access_token\n
On Mon, Mar 13, 2017 at 12:18 PM, Marko Strukelj <mstrukel(a)redhat.com>
wrote:
> What is it that you do exactly, and what error do you get?
>
> On Mon, Mar 13, 2017 at 11:14 AM, Mehdi Sheikhalishahi <
> mehdi.alishahi(a)gmail.com> wrote:
>
>> ---------- Forwarded message ----------
>> From: Mehdi Sheikhalishahi <mehdi.alishahi(a)gmail.com>
>> Date: Sat, Mar 11, 2017 at 10:32 AM
>> Subject: Obtain Token and Invoke Service throught CLI
>> To: keycloak-user(a)lists.jboss.org
>>
>>
>> Hi
>>
>> I have read http://blog.keycloak.org/2015/10/getting-started-with-
>> keycloak-securing.html for trying to authenicate to KC with username and
>> password through CLI. But it seems this method does not work with KC
>> 2.5.4,
>> because public client does not provide Redirect URI field.
>>
>> See below:
>>
>> Obtain Token and Invoke Service
>>
>> First we need to create a client that can be used to obtain the token. Go
>> to the Keycloak admin console again and create a new client. This time
>> give
>> it the *Client ID* curl and select public for access type. Under *Valid
>> Redirect URIs* enter http://localhost.
>>
>>
>> How can I do this with KC 2.5.4?
>>
>> Thanks,
>> Mehdi
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
12:41 p.m.
On 03/11/2017 04:32 AM, Mehdi Sheikhalishahi wrote:
Hi
I have read
http://blog.keycloak.org/2015/10/getting-started-with-keycloak-securing.html
for trying to authenicate to KC with username and password through CLI. But
it seems this method does not work with KC 2.5.4, because public client
does not provide Redirect URI field.
See below:
Obtain Token and Invoke Service
First we need to create a client that can be used to obtain the token. Go
to the Keycloak admin console again and create a new client. This time give
it the *Client ID* curl and select public for access type. Under *Valid
Redirect URIs* enter http://localhost.
How can I do this with KC 2.5.4?
The keycloak-httpd-client-install too (written in Python) has examples
of using Keycloak's REST interface. The project is here:
https://github.com/jdennis/keycloak-httpd-client-install
And here is a class that authenticates as an admin using a
username/password such that it can perform admin actions using the REST
interface.
https://github.com/jdennis/keycloak-httpd-client-install/blob/master/keyc...
--
John
3326
days inactive
3328
days old
5 comments
3 participants
participants (3)
-
John Dennis -
Marko Strukelj -
Mehdi Sheikhalishahi