Questions tagged [keycloak]

Integrated Single Sign On (SSO) and Identity Manager (IDM) for browser apps and RESTful web services. Built on top of JBoss / Wildfly and complies with OAuth 2.0, Open ID Connect, JSON Web Token (JWT) and SAML 2.0 specifications.

About

Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.

Integrated Single Sign On (SSO) and Identity Manager for browser apps and RESTful web services. Built on top Wildfly / JBoss and implements the OAuth 2.0, Open ID Connect and JSON Web Token (JWT) and SAML 2.0 specifications.

Keycloak was initially targeted towards the JBoss and Wildfly communities but has solutions for many other environments like Tomcat, Jetty, Node.js, RAILS, GRAILS, etc. Options are to deploy it with an existing app server, as a black-box appliance, or as an Openshift cloud service and/or cartridge.

Links

Features

SSO and Single Log Out for browser applications
Social Broker. Enable Google, Facebook, Yahoo, Twitter social login with no code required.
Optional LDAP/Active Directory integration
Optional User Registration
Password and TOTP support (via Google Authenticator). Client cert auth coming soon.
User session management from both admin and user perspective
Customizable themes for user facing pages: login, grant pages, account management, emails, and admin console all customizable!
OAuth Bearer token auth for REST Services
Integrated Browser App to REST Service token propagation
Admin REST API
OAuth 2.0 Grant requests
CORS Support
CORS Web Origin management and validation
Completely centrally managed user and role mapping metadata. Minimal configuration at the application side
Admin Console for managing users, roles, role mappings, applications, user sessions, allowed CORS web origins, and OAuth clients.
Deployable as a WAR, appliance, or an Openshift cloud service (SaaS).
Supports JBoss AS7, EAP 6.x, and Wildfly applications. Plans to support Node.js, RAILS, GRAILS, and other non-Java applications.
Javascript/HTML 5 adapter for pure Javascript apps
Session management from admin console
Revocation policies
Password policies
OpenID Connect Support
SAML 2.0 support

35 questions

vote

1 answer

graviteeio - management-rest-api oauth role mappings

Gravitee manager can be configured with keycloak authentication as described here. They state in their documentation, that role mapping could be addressed on their gravitee.yml configuration: security: providers: - type: oidc …

single-sign-on keycloak

asked Jan 31 '21 at 15:24

Patricio

vote

0 answers

Unable to add users from Keycloack on FreeIPA via LDAP although Keycloack host has permissions set in FreeIPA

I have the following setup: FreeIPA 4.8.7 via docker (freeipa/freeipa-server:centos-8) Keycloack 12.0.1 The FreeIPA users are in cn=users,cn=accounts,dc=freeipa,dc=example,dc=com Keycloack DN:…

ldap freeipa keycloak

asked Jan 15 '21 at 10:30

sschueller

votes

0 answers

Multiple Kerberos Providers in Keycloak

I have a Keycloak with 2 different LDAP Providers which include Kerberos Authentication. Provider A is on first priority, provider B on second priority. Both provider settings provide their different kerberos realm. We are talking about two ADs with…

kerberos keycloak

asked Jul 20 '23 at 15:51

Lithilion

votes

0 answers

Keycloak Docker fails to start due to "Negative Delay." Error

Running a keycloak container (21.0 - 21.1.1) on a Debian 11 Bullseye recently stopped working after host restart (MariaDB didn't start up, leading to keycloak also exiting. When the issue was noticed we started mariadb with --restart=always): Most…

docker keycloak

asked Jun 30 '23 at 14:57

Simon

votes

0 answers

How to scrape Prometheus secured with OAuth2-proxy and Keycloak

I have 2 prometheuses, both are with forward-auth via the oauth2-proxy, which have the same client credentials in a single keycloak. I would like one prometheus to federate the other one. This is my config snippet for authentication in…

prometheus oauth keycloak oauth2-proxy openid-connect

asked Apr 25 '23 at 07:35

simonszu

votes

0 answers

keycloak: Sharing autentication beetween different domain

my company has multiple top domains, eg. foo.com bar.net baz.org I have created a subdomain for each authentication domain: auth.foo.com auth.bar.net auth.baz.org and behind each subdomain there is the same keycloak instance. The authentication…

keycloak

asked Mar 08 '23 at 09:59

ar099968

votes

1 answer

Can I use keycloak as an Idp for kibana installed using the ElasticSearch Operator in kubernetes?

I have setup a kubernetes cluster in a private network and I'm using a gateway machine for accessing the cluster. In the kubernetes cluster I have installed the elasticsearch operator and through that I have created an elastic cluster and a kibana…

kubernetes elasticsearch keycloak

asked Feb 24 '23 at 22:47

user2835131

votes

0 answers

How to create an ready-enabled user in Active Directory with one LDAP query?

I am trying to use Keycloak to store my users in Active Directory. It creates the users, but they are not enabled by default. I create them with a random password and with a pwdLastSet attribute so that the user is ready to be enabled. But it seems…

active-directory keycloak

asked Feb 04 '23 at 08:14

francisaugusto

votes

0 answers

MetalLB doesn't assign IP address to Keycloak service

I have installed both MetalLB and Keylcloak to my cluster. Both Keycloak's and MetalLB's pods are running, but the main Keycloak Load balance service is expecting IP (EXTERNAL-IP is in pending state). Here is my MetalLB config map: apiVersion:…

kubernetes helm keycloak

asked Oct 31 '22 at 10:08

pysquirrel

votes

0 answers

Upgrade to KeyCloak 18 fails

I have a KeyCloak 17.0.1 that is apparently working without issues on my server, configured to use MariaDB. I say "apparently" because, as of today, it's not in production yet, albeit it starts in production mode, but it is on a development server…

mariadb ext4 keycloak

asked Apr 26 '22 at 11:32

Lucio Crusca

votes

2 answers

How to get the client-id and client-secret from keycloak?

For a web application I need the client-id and client-secret from Keycloak. How can I access these in the web interface?

keycloak

asked Apr 18 '22 at 18:56

sm-a

votes

0 answers

Conteinerized Keycloak behind Nginx reverse proxy requests localhost

Working setup I have a configuration of external VPS with public IP that has Nginx reverse proxy (A) internal server with Nginx (B) standalone application (not containerized) Keycloak 17.0.1 Which looks like this. I had a domain registrered for…

nginx docker reverse-proxy nginx-reverse-proxy keycloak

asked Apr 04 '22 at 11:24

hrust

votes

0 answers

next-auth ECONNREFUSED 127.0.0.1:80

I am using Next-auth with keycloak and docker-compose and I get this error: [next-auth][error][GET_AUTHORIZATION_URL_ERROR] arcade-iori | https://next-auth.js.org/errors#get_authorization_url_error connect ECONNREFUSED 127.0.0.1:80…

docker docker-compose keycloak

asked Feb 17 '22 at 01:20

Crisgarlez

votes

2 answers

Wildfly standalone.xml - passing secret to KeyCloak SPI from elytron credential store

I'm migrating KeyCloak v15 (WildFly v23) passwords from the old vault to elytron credential store. It works fine for the standard use case. In standalone.xml, I have: /server/extensions/extension:

configuration wildfly keycloak

asked Sep 07 '21 at 09:37

McLayn

votes

1 answer

Unable to use service account to get userinfo for Keycloak 12.0.4

I am running keycloak version 12.0.4. Previously when I was running version 11.0.2. I am able to use my service account and call the endpoint {{KEYCLOAK_URL}}/auth/realms/{{REALM}}/protocol/openid-connect/userinfo. However, when I upgrade it to…

keycloak

asked Apr 30 '21 at 03:04

shadow

Prev 1

3 Next