Stack Overflow
Stack Overflow

Questions tagged [redhat-sso]

Red Hat Single Sign-On (RH-SSO) is based on the Keycloak project and enables you to secure your web applications by providing Web single sign-on (SSO) capabilities based on popular standards such as SAML 2.0, OpenID Connect and OAuth 2.0. The RH-SSO server can act as a SAML or OpenID Connect-based Identity Provider, mediating with your enterprise user directory or 3rd-party SSO provider for identity information and your applications via tokens.

42 questions
20
votes
4 answers

Export all users from KeyCloak

I have a specific use case in which we want to ask Keycloak for all the users and the groups and roles for each user, on a daily basis. For reconciliation purposes with other internal systems. Currently we are using the provided Keycloak endpoints…
Michel
  • 9,220
  • 13
  • 44
  • 59
8
votes
1 answer

Grant a Keycloak client service account permissions to create realm users without using the broad manage-users role

I have a web application that is leveraging Keycloak for IdM. I am using the Resource Owner Password Credentials or Direct Grant flow for authentication which uses REST API calls to /auth/realms/{realm}/protocol/openid-connect/token instead of…
Nick
  • 1,834
  • 20
  • 32
6
votes
1 answer

Keycloak clients setting, SAML private key exposed

I know in SAML protocol, IDP and SP they hold their own key pair, and will not expose their private key to each other. I assume the realm key below is the IDP key pair, which make sense because private key is not exposed. But when I turn on…
Sam YC
  • 10,725
  • 19
  • 102
  • 158
5
votes
1 answer

Keycloak doesn't offer passwordless authentication as the first option during login

I've configured Keycloak authentication for the following behaviour: The user inputs its userid Keycloak should try to authenticate it with the passwordless flow As an alternative the user could switch to password authentication NOTE: The user…
codependent
  • 23,193
  • 31
  • 166
  • 308
5
votes
0 answers

Can the Spring Boot + Spring Security Keycloak adapters automatically refresh the access token contained in the HttpSession on token expiration?

I am using Keycloak to provide SSO through OIDC for a bunch of applications that belong to the same realm. All of these applications are confidential clients that use the Authorization Code flow. They use JSP for the views, and all necessary…
codependent
  • 23,193
  • 31
  • 166
  • 308
5
votes
3 answers

Add healthcheck in Keycloak Docker Swarm service

What's the best way to test the health of Keycloak configured as cluster deployed as docker swarm service? I tried the below healthcheck for testing availability in Keycloak service descriptor: healthcheck: test: ["CMD-SHELL", "curl…
rok
  • 9,403
  • 17
  • 70
  • 126
4
votes
0 answers

Users created from the admin console only store the username when using the Storage Provider SPI

I have created a MongoDbUserStorageProvider to delegate the user storage into MongoDB: public class MongoDbUserStorageProvider implements UserStorageProvider, UserLookupProvider, CredentialInputValidator, …
codependent
  • 23,193
  • 31
  • 166
  • 308
4
votes
2 answers

Is is posible to use a custom authentication logic in Keycloak?

I have configured Keycloak with LDAP User Federation. When a user wants to login into an application, he is redirected to the Keycloak login page, enters the uid/pwd and is authenticated using an LDAP bind. This isn't enough for my requirements…
codependent
  • 23,193
  • 31
  • 166
  • 308
4
votes
0 answers

How to use refresh token by using Keycloak Admin REST API

I'm trying to use Keycloak Admin REST API SDK. Then, I want to use refresh token to generate access token. I know that the following code code can generate access token by refresh token. val token = Keycloak.getInstance(serverUrl, realmName, …
Daiki Kawanuma
  • 41
  • 3
2
votes
1 answer

How to set access token to expire in seconds

I have an issue to configuring Redhat Single SigOn (RHSSO) or Keycloak token expiration in seconds, about 30 seconds. I just found the configuration in minutes. There is a way to adjust it to seconds?
atalhox
  • 21
  • 1
  • 2
2
votes
0 answers

Keycloak - Complete Customization of Login Flow via Action Token SPI

We have specific requirements around the authentication flow and UI/UX that cannot be satisfied through Keycloak's theming engine and extensions to the Authenticator SPI. I looked into the Action Token SPI and it seems like an extension point that…
sherman
  • 159
  • 1
  • 10
2
votes
1 answer

Keycloak multiple domain login

I am using the keycloak as the sso in my project i have 2 domains over there. here the use case in my project is if user is logged in to the one domain. i have to show the same user as logged in in another domain. Issue: Here we have 2 domains.…
Santosh Raju
  • 156
  • 2
  • 13
2
votes
1 answer

Keycloak Custom Form Provider: Form has wrong action url

I have a custom form added to RestCredentialFlow, I can configure the new flow execution and I see the new Form. Looks all good. The only problem is that the form action url points to registration and not reset-credentials,
Torsten
  • 722
  • 6
  • 30
2
votes
2 answers

Newly added admin of realm can't login to the realm in Keycloak

There are 2 realms in Keycloak: master and custom. Both have admin users. Custom realm admin adds new user new_admin and assigns role admin to him via admin console. The user can access his account details at auth/realms/custom/account/. However,…
rok
  • 9,403
  • 17
  • 70
  • 126
2
votes
0 answers

KeyCloak bearer-only client shouldn't be able to invoke a secured endpoint when its credentials are wrong, but he can, why?

I have a Spring Boot application with this configuration: server: port: 9292 keycloak: auth-server-url: http://localhost:8180/auth realm: SampleRealm resource: non-existing public-client: false principal-attribute: preferred_username …
codependent
  • 23,193
  • 31
  • 166
  • 308
1
2 3