[keycloak-user] get users from postman
Luca Stancapiano
luca.stancapiano at vige.it
Thu Dec 6 10:01:05 EST 2018
Hi Joan, the problem is not the token. The Oauth 2.0 interface just generates a bearer token . Also if I change the Oauth 2.0 Authorization in Bearer token I have the same problem. So the problem is not the token
> Il 6 dicembre 2018 alle 15.08 Joao Paulo Ramos <jramos at redhat.com> ha scritto:
>
>
> Hello Luca,
>
> In your webapp's Keycloak Client, try putting it as baerer only.
> Also, in the the HTTP request that you make, be sure you are setting the
> token in the header of the HTTP request, with the following parameter:
>
> {"Authorization" : "bearer " + $TOKEN}
>
> Thanks,
>
> JOÃO PAULO RAMOS
>
> Red Hat Brasil
> <https://red.ht/sig>
>
>
> On Thu, Dec 6, 2018 at 11:13 AM Luca Stancapiano <luca.stancapiano at vige.it>
> wrote:
>
> > I'm trying to call via REST through POSTMAN the list of users through the
> > get path: http://localhost:8180/auth/admin/realms/school-domain/users
> >
> > Here my keycloak configuration where I create 2 users, 4 roles, a 'school'
> > client and a 'school-domain' realm:
> >
> > {
> > "realm": "school-domain",
> > "enabled": true,
> > "accessTokenLifespan": 60,
> > "accessCodeLifespan": 60,
> > "accessCodeLifespanUserAction": 300,
> > "ssoSessionIdleTimeout": 600,
> > "ssoSessionMaxLifespan": 36000,
> > "sslRequired": "external",
> > "registrationAllowed": true,
> > "resetPasswordAllowed": true,
> > "editUsernameAllowed": true,
> > "loginWithEmailAllowed": false,
> > "duplicateEmailsAllowed": true,
> > "privateKey":
> > "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
> > "publicKey":
> > "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
> > "requiredCredentials": [
> > "password"
> > ],
> > "users": [
> > {
> > "username": "root",
> > "enabled": true,
> > "email": "lsflashboss62 at gmail.com",
> > "credentials": [
> > {
> > "type": "password",
> > "value": "gtn"
> > }
> > ],
> > "realmRoles": [
> > "admin"
> > ],
> > "clientRoles": {
> > "account": [
> > "manage-account"
> > ]
> > }
> > },
> > {
> > "username": "HUHUJJJKJJKN",
> > "enabled": true,
> > "email": "luca.stancapiano at vige.it",
> > "firstName": "Luca",
> > "lastName": "Stancapiano",
> > "credentials": [
> > {
> > "type": "password",
> > "value": "gtn"
> > }
> > ],
> > "realmRoles": [
> > "pupil"
> > ],
> > "clientRoles": {
> > "account": [
> > "manage-account"
> > ]
> > }
> > }
> > ],
> > "clients": [
> > {
> > "clientId": "school",
> > "rootUrl": "http://localhost:8080/school",
> > "enabled": true,
> > "redirectUris": [
> > "http://localhost:8080/school/*"
> > ],
> > "webOrigins": [
> > "http://localhost:8080"
> > ],
> > "publicClient": false,
> > "secret": "bce5816d-98c4-404f-a18d-bcc5cb005c79",
> > "serviceAccountsEnabled": true,
> > "authorizationServicesEnabled": true,
> > "authorizationSettings": {
> > "allowRemoteResourceManagement": true,
> > "policyEnforcementMode": "ENFORCING",
> > "resources": [
> > {
> > "name": "Default Resource",
> > "type":
> > "urn:school:resources:default",
> > "ownerManagedAccess":
> > false,
> > "attributes": {
> >
> > },
> > "_id":
> > "c338b2be-da73-471c-9bb0-77ad52e1f88f",
> > "uris": [
> > "/*"
> > ]
> > }
> > ],
> > "policies": [
> > {
> > "id":
> > "edb01393-180e-4d95-afd3-92b3ac5a6d41",
> > "name": "Default Policy",
> > "description": "A policy
> > that grants access only for users within this realm",
> > "type": "js",
> > "logic": "POSITIVE",
> > "decisionStrategy":
> > "AFFIRMATIVE",
> > "config": {
> > "code": "// by
> > default, grants any permission associated with this
> > policy\n$evaluation.grant();\n"
> > }
> > },
> > {
> > "id":
> > "1f5dce97-54e3-4dcf-92bd-a2a59120286f",
> > "name": "Default
> > Permission",
> > "description": "A
> > permission that applies to the default resource type",
> > "type": "resource",
> > "logic": "POSITIVE",
> > "decisionStrategy":
> > "UNANIMOUS",
> > "config": {
> >
> > "defaultResourceType": "urn:school:resources:default",
> > "applyPolicies":
> > "[\"Default Policy\"]"
> > }
> > }
> > ],
> > "scopes": []
> > }
> > }
> > ],
> > "roles": {
> > "realm": [
> > {
> > "name": "admin",
> > "description": "Administrator privileges"
> > },
> > {
> > "name": "schooloperator",
> > "description": "School Operator privileges"
> > },
> > {
> > "name": "teacher",
> > "description": "Teacher privileges"
> > },
> > {
> > "name": "pupil",
> > "description": "Pupil privileges"
> > }
> > ]
> > }
> > }
> >
> > Keycloak starts on the 8180 port. I configured POSTMAN with OAuth 2.0.
> > Here the Oauth configuration used to receive the token:
> >
> > Token Name: Token Name
> > Grant Type: Authorization Code
> > Callback URL: http://localhost:8080/school
> > Auth URL:
> > http://localhost:8180/auth/realms/school-domain/protocol/openid-connect/auth
> > Access Token URL:
> > http://localhost:8180/auth/realms/school-domain/protocol/openid-connect/token
> > Client ID: school
> > Client Secret: bce5816d-98c4-404f-a18d-bcc5cb005c79
> > Client Authentication: Send as Basic Auth header
> >
> > The Callback URL is an active simple web app starting on the 8080 port.
> > The token creation is ok but when I call the server with the created token
> > I get a 401 Unauthorized error. What I miss?
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
More information about the keycloak-user
mailing list