[keycloak-user] Unable to query currently set bindCredentials for LDAP

Dockendorf, Trey tdockendorf at osc.edu
Thu Dec 13 11:44:39 EST 2018


I am using Puppet to automate the configuration of my Keycloak server and one thing I automate is the addition of LDAP authentication backends.  I have discovered that bindCredential comes back as "**********" [1] which prevents Puppet from knowing if the value is set correctly.  Is there a way to have Keycloak return the actual value that’s stored in the database?  I have found where in the database this is stored but I’d rather not have to resort to direct database queries with Puppet as that would severely limit the database backends I can support.

If there is no way to expose actual bindCredential value, is there a way to test that the currently set bind credentials actually work?  I have noticed that something like testLDAPConnection has to be provided the bind credentials rather than reading them from the realm’s configured LDAP.

Thanks,
- Trey

[1]
$ /opt/keycloak/bin/kcadm.sh get components/OSC-LDAP-osc -r osc --no-config --server http://localhost:8080/auth --realm master --user admin --password <OMIT> | jq .config.bindCredential
Logging into http://localhost:8080/auth as user admin of realm master

[
  "**********"
]

--
Trey Dockendorf
HPC Systems Engineer
Ohio Supercomputer Center


More information about the keycloak-user mailing list