[keycloak-user] Multi tenant plus administration Rest api
Stephen More
stephen.more at gmail.com
Tue Jul 7 12:46:34 EDT 2015
I have tried to add:
org.keycloak.representations.IDToken idToken =
principal.getKeycloakSecurityContext().getIdToken();
org.keycloak.representations.AccessToken token =
principal.getKeycloakSecurityContext().getToken();
writer.write("<br/>Access Token id: " + token.getId());
writer.write("<br/>Access Token String: " +
principal.getKeycloakSecurityContext().getTokenString());
writer.write("<br/>ID Token id: " + idToken.getId());
writer.write("<br/>ID Token String: " +
principal.getKeycloakSecurityContext().getIdTokenString());
writer.write(String.format("<br/><a
href=\"/multitenant/%s/logout\">Logout</a>", realm));
try
{
java.net.URL url = new java.net.URL( "
http://localhost:8080/auth/admin/realms/" +
principal.getKeycloakSecurityContext().getRealm() + "/roles" );
java.net.HttpURLConnection conn =
(java.net.HttpURLConnection)url.openConnection();
conn.setRequestMethod( "GET" );
conn.setRequestProperty("Authorization", "Bearer " +
principal.getKeycloakSecurityContext().getTokenString());
java.io.BufferedReader in = new java.io.BufferedReader( new
java.io.InputStreamReader( conn.getInputStream()));
String line;
while ((line = in.readLine()) != null)
{
writer.write( line );
}
in.close();
}
catch( Exception e )
{
e.printStackTrace();
}
to
keycloak-demo-1.3.1.Final/examples/multi-tenant/src/main/java/org/keycloak/example/multitenant/boundary/ProtectedServlet.java
But I am getting an error:
12:28:28,317 WARN [org.jboss.resteasy.core.ExceptionHandler] (default
task-16) Failed executing GET /admin/realms/tenant1/roles:
org.keycloak.services.ForbiddenException
In stepping through the AdminClient of the admin-access-app I have found an
example bearer token was 1157 characters long.
principal.getKeycloakSecurityContext().getIdTokenString() turned out to be
645 characters long.
principal.getKeycloakSecurityContext().getTokenString() turned out to be
865 characters long.
What is it that I am missing ?
On Tue, Jul 7, 2015 at 10:08 AM, Bill Burke <bburke at redhat.com> wrote:
> The access token should already be available.
>
> On 7/7/2015 10:01 AM, Stephen More wrote:
> > Or perhaps a better question would be: Once a user is already logged
> > into keycloak, how can a
> > org.keycloak.representations.AccessTokenResponse without providing a
> > password a second time ?
> >
> > On Sun, Jul 5, 2015 at 12:00 PM, Stephen More <stephen.more at gmail.com
> > <mailto:stephen.more at gmail.com>> wrote:
> >
> > How could I extend the multi-tenant example (
> > https://github.com/keycloak/keycloak/tree/master/examples/
> > <
> https://github.com/keycloak/keycloak/tree/master/examples/multi-tenant
> >multi-tenant
> > ) to make a Rest admin api call back to keycloak using java ?
> >
> > I think this would be a helpful example in upcoming releases.
> >
> > Thanks
> >
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150707/e5648cf7/attachment.html
More information about the keycloak-user
mailing list