I am using the latest keycloak image in docker and can access the standard admin console at http://localhost:9080. However, I cant seem to access any of the paths specified in the documentation for Admin REST api. For instance, the base path /auth and Resource Get clients belonging to the realm Returns a list of clients belonging to the realm: /{realm}/clients I am getting a 404. So is for any other method in the documentation. The only path returning a valid 200 json response is http://localhost:9080/auth/realms/{realm-name}/ which according to the documentation be reachable at basepath + "/{realm-name}". Am I missing something or trying to access with a wrong base path. The keycloak version in docker is 3.4.3.Final which is the latest version of keycloak according to the documentation.
-
3Have you tried `http://localhost:9080/auth/admin/realms/{realm}/clients` instead? – Alex Karasev Jan 30 '18 at 10:09
4 Answers
I'm almost sure you are trying to call the endpoint like this:
http://localhost:9080/auth/admin/realms/demo/clients
However, you've missed this part/auth/admin/realms
Please, don't forget to authorize your call first as stated here
UPDATE
Here are my steps to see the results:
$ docker run -d -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin jboss/keycloak
Getting access_token:
$ curl -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'username=admin&password=admin&client_id=admin-cli&grant_type=password' \
http://localhost:9080/auth/realms/master/protocol/openid-connect/token
EDIT: With keycloak 17.0+ the /auth path segment should be omitted, so the correct URL is http://localhost:9080/realms/master/protocol/openid-connect/token
Reference: https://stackoverflow.com/a/71634718/3692110
Copy and paste obtained access_token to Authorization header:
$ curl -X GET \
-H 'Authorization: Bearer <access_token_goes_here>' \
http://localhost:9080/auth/admin/realms/master/clients
- 2,943
- 15
- 22
- 1,108
- 2
- 13
- 24
-
2Doesn't work (even after replacing demo with a valid realm). I have tried using AdvancedRESTClient sending the same Authorization header as used by the admin console but still getting a 404. And I have tried this with a dockerized keycloak and a standalone one. – Taha Rehman Siddiqui Jan 30 '18 at 16:32
-
Your other point 'missing authorization' was helpful in my case because, strangely, accessing the same url from browser did not work for me(after authenticating). But when I sent the bearer token to same URL through postman, it was successful. – tryingToLearn Jul 17 '19 at 09:13
-
3@TahaRehmanSiddiqui, it help to 9 persons. Maybe it's time to accept the answer ;-) – Alex Karasev Aug 15 '19 at 13:10
-
1@AlexKarasev Thanks. But my issue is for different API. I get 400 when creating a new client role with this URL `POST /auth/admin/realms/master/clients/7534ac42-fe8b-4cde-b6c6-c385f4958e3b/roles` ... I don't see any error on the server . In the KC documentation the URL is `/{realm}/clients/{client}/roles` but that URL returns 404. Doc: https://www.keycloak.org/docs-api/14.0/rest-api/ – xbmono Jul 28 '21 at 08:16
At the version 17.0.1 to use rest API I eventually came up with:
http://localhost:8080/admin/realms/{realm name}/clients
- 31
- 1
They have now updated it to be:
http://localhost:9080/realms/demo/clients
I struggled the whole day only to figure out it's different from how the documentation says it should be.
Config endpoints can be found on the Keycloak console under realm settings. On the endpoints part, it will show you all the endpoints you need.
- 7,102
- 69
- 48
- 77
- 33
- 6
In my case it was because the documentation is misleading:
the full path to use should contain the admin keywork like:
https://myhost.com/auth/admin/realms/myrealm/users/
instead of:
https://myhost.com/auth/realms/myrealm/users/
This is an issue that was never fixed: https://issues.redhat.com/browse/KEYCLOAK-7966
Also the endpoint might require an access token like:
curl -H "Authorization: bearer YOUR_ACCESS_TOKEN" https://myhost.com/auth/admin/realms/myrealm/users/"
- 69
- 1
- 2
- 5