Stack Overflow
Stack Overflow

Questions tagged [keycloak]

Keycloak is an integrated single sign-on (SSO) and identity manager (IDM) for browser apps and RESTful web services. It is built on top of JBoss and WildFly, it complies with the OAuth 2.0, Open ID Connect (OIDC), JSON Web Token (JWT) and SAML 2.0 specifications.

About

Keycloak is a free and open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.

Offers an integrated single sign-on (SSO) and identity manager for browser applications and RESTful web services. Built on top WildFly / JBoss and implements the OAuth 2.0, Open ID Connect and JSON Web Token (JWT) and SAML 2.0 specifications.

Keycloak was initially targeted towards the JBoss and WildFly communities, but it has solutions for many other environments like Tomcat, Jetty, Node.js, Ruby on Rails, Grails, etc. Options are to deploy it with an existing applicationserver, as a black-box appliance, or as an OpenShift, Kubernetes, or Docker service.

Features

  • Single sign-on (SSO) and single log out (SLO) for browser applications
  • Social Broker. Enable Google, Facebook, Yahoo, and Twitter social login without any code required.
  • Optional LDAP(S) or Active Directory identity federation
  • Optional user registration
  • Password and TOTP support (via Google Authenticator or FreeOTP)
  • Client X.509 certificate authentication coming soon
  • User session management from both administrator and user perspective
  • Customizable themes for user facing pages: login, grant pages, account management, emails, and administrator console all customizable!
  • OAuth Bearer token administrator for REST services
  • Integrated browser app to REST service token propagation
  • Administrator REST API
  • OAuth 2.0 Grant requests
  • CORS support
  • CORS Web Origin management and validation
  • Completely centrally managed user and role mapping metadata. Minimal configuration at the application side
  • Admin Console for managing users, roles, role mappings, applications, user sessions, allowed CORS web origins, and OAuth clients
  • Deployable as a WAR, appliance, or an OpenShift, Kubernetes, and Docker service
  • Supports JBoss AS7, EAP 6.x/7.x, and WildFly applications, as well as Node.js, other non-Java applications
  • JavaScript/HTML 5 adapter for pure JavaScript applications
  • Session management from admin console
  • Revocation policies
  • Password policies
  • OpenID Connect Support
  • SAML 2.0 support

Useful links

7431 questions
197
votes
33 answers

keycloak Invalid parameter: redirect_uri

When I am trying to hit from my api to authenticate user from keycloak, but its giving me error Invalid parameter: redirect_uri on keycloak page. I have created my own realm apart from master. keycloak is running on http. Please help me.
VIJAY THAKUR
  • 2,205
  • 3
  • 11
  • 7
192
votes
13 answers

What are Keycloak's OAuth2 / OpenID Connect endpoints?

We are trying to evaluate Keycloak as an SSO solution, and it looks good in many respects, but the documentation is painfully lacking in the basics. For a given Keycloak installation on http://localhost:8080/ for realm test, what are the OAuth2…
Amir Abiri
  • 8,847
  • 11
  • 41
  • 57
191
votes
14 answers

M1 docker preview and keycloak 'image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8)' Issue

I just downloaded Docker Preview v3.1 https://docs.docker.com/docker-for-mac/apple-m1/ and tried running keycloak. Anyone else running into this issue? docker run -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin…
Etep
  • 2,721
  • 4
  • 17
  • 28
189
votes
4 answers

Resources, scopes, permissions and policies in Keycloak

I want to create a fairly simple role-based access control system using Keycloak's authorization system. The system Keycloak is replacing allows us to create a "user", who is a member of one or more "groups". In this legacy system, a user is given…
Doctor Eval
  • 3,541
  • 3
  • 20
  • 20
117
votes
6 answers

Do Keycloak Clients have a Client Secret?

Does keycloak client id has a client secret? I tried to create a client in keycloak admin but I was not able to spot client secret. Is it auto generated? Where can I get the secret?
王子1986
  • 3,019
  • 4
  • 31
  • 43
82
votes
4 answers

How to specify refresh tokens lifespan in Keycloak

Keycloak refresh token lifetime is 1800 seconds: "refresh_expires_in": 1800 How to specify different expiration time? In Keycloak admin UI, only access token lifespan can be specified:
rok
  • 9,403
  • 17
  • 70
  • 126
78
votes
7 answers

Avoid keycloak default login page and use project login page

I am working on creating an angular.js web application and looking for how to integrate keycloak into the project. I have read and watched many tutorials and I see that most of them have users logging/registering through the default login page of…
krs8888
  • 1,239
  • 4
  • 19
  • 26
75
votes
15 answers

Keycloak 8: User with username 'admin' already added

I cannot start Keycloak container using Ansible and Docker Compose. I'am getting error: User with username 'admin' already added to '/opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json' I have 3 Ansible jobs: Create network: -…
user3714967
  • 1,575
  • 3
  • 14
  • 29
71
votes
10 answers

Is there an API call for changing user password on keycloak?

I am trying to implement my own form for changing a user's password. I tried to find an API for changing a user's password in Keycloak but I couldn't find anything in the documentation. Is there an API for doing it?
Itay k
  • 4,163
  • 4
  • 31
  • 39
67
votes
4 answers

Refresh access_token via refresh_token in Keycloak

I need to make the user keep login in the system if the user's access_token get expired and user want to keep login. How can I get newly updated access_token with the use of refresh_token on Keycloak? I am using vertx-auth for the auth…
RaiBnod
  • 2,141
  • 2
  • 19
  • 25
65
votes
9 answers

Keycloak Missing form parameter: grant_type

I have keycloak standalone running on my local machine. I created new realm called 'spring-test', then new client called 'login-app' According to the rest documentation: POST:…
Borislav Stoilov
  • 3,247
  • 2
  • 21
  • 46
62
votes
11 answers

Logout user via Keycloak REST API doesn't work

I have issue while calling Keycloak's logout endpoint from an (mobile) application. This scenario is supported as stated in its documentation: /realms/{realm-name}/protocol/openid-connect/logout The logout endpoint logs out the authenticated…
Manh Ha
  • 1,617
  • 2
  • 14
  • 18
61
votes
4 answers

keycloak bearer-only clients: why do they exist?

I am trying to wrap my head around the concept of bearer-only clients in Keycloak. I understand the concept of public vs confidential and the concept of service accounts and the grant_type=client_credentials stuff. But with bearer-only, I'm…
kurtgn
  • 8,140
  • 13
  • 55
  • 91
54
votes
3 answers

Keycloak integration in Swagger

I have a Keycloak protected backend that I would like to access via swagger-ui. Keycloak provides the oauth2 implicit and access code flow, but I was not able to make it work. Currently, Keycloak's documentation is lacking regarding which url should…
melistik
  • 541
  • 1
  • 4
  • 4
53
votes
4 answers

Login to Keycloak using API

I have 2 different applications: say Application1 and Application2. I have integrated Application2 with keycloak and I am able to login to this application using Keycloak's login page. Now what I want is, if I login to my Application1 (without…
Akhil Prajapati
  • 1,221
  • 3
  • 14
  • 23
1
2 3
99 100