Stack Overflow
Stack Overflow

Questions tagged [keycloak]

Keycloak is an integrated single sign-on (SSO) and identity manager (IDM) for browser apps and RESTful web services. It is built on top of JBoss and WildFly, it complies with the OAuth 2.0, Open ID Connect (OIDC), JSON Web Token (JWT) and SAML 2.0 specifications.

About

Keycloak is a free and open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.

Offers an integrated single sign-on (SSO) and identity manager for browser applications and RESTful web services. Built on top WildFly / JBoss and implements the OAuth 2.0, Open ID Connect and JSON Web Token (JWT) and SAML 2.0 specifications.

Keycloak was initially targeted towards the JBoss and WildFly communities, but it has solutions for many other environments like Tomcat, Jetty, Node.js, Ruby on Rails, Grails, etc. Options are to deploy it with an existing applicationserver, as a black-box appliance, or as an OpenShift, Kubernetes, or Docker service.

Features

  • Single sign-on (SSO) and single log out (SLO) for browser applications
  • Social Broker. Enable Google, Facebook, Yahoo, and Twitter social login without any code required.
  • Optional LDAP(S) or Active Directory identity federation
  • Optional user registration
  • Password and TOTP support (via Google Authenticator or FreeOTP)
  • Client X.509 certificate authentication coming soon
  • User session management from both administrator and user perspective
  • Customizable themes for user facing pages: login, grant pages, account management, emails, and administrator console all customizable!
  • OAuth Bearer token administrator for REST services
  • Integrated browser app to REST service token propagation
  • Administrator REST API
  • OAuth 2.0 Grant requests
  • CORS support
  • CORS Web Origin management and validation
  • Completely centrally managed user and role mapping metadata. Minimal configuration at the application side
  • Admin Console for managing users, roles, role mappings, applications, user sessions, allowed CORS web origins, and OAuth clients
  • Deployable as a WAR, appliance, or an OpenShift, Kubernetes, and Docker service
  • Supports JBoss AS7, EAP 6.x/7.x, and WildFly applications, as well as Node.js, other non-Java applications
  • JavaScript/HTML 5 adapter for pure JavaScript applications
  • Session management from admin console
  • Revocation policies
  • Password policies
  • OpenID Connect Support
  • SAML 2.0 support

Useful links

7431 questions
27
votes
3 answers

Keycloak Realm VS Keycloak Client

I am recently working on Keycloak 6.0.1 for SSO for authentication for multiple applications in organisation. I am confused in difference between clients and realm. If I have 5 different application to be managed for SSO then do I have to create…
Rohan Kadu
  • 1,311
  • 2
  • 12
  • 22
26
votes
5 answers

KeyCloak Server Caused by: java.lang.ClassNotFoundException: java.security.acl.Group

I'm running a KeyCloak server to authenticate users who would like to gain access to a Spring Boot/Spring Web REST API. However, an error occurs while trying to authenticate. The following works: When I access…
Reinhard Behrens
  • 748
  • 1
  • 6
  • 13
26
votes
1 answer

Create a User on Keycloack including password from curl command

I have tried to create a user(without giving any password while creating) on keycloak using CURL command, it's success, but not able to know the password to login. So, how to give password to a user while creating. and also how to set default…
fayaz
  • 261
  • 1
  • 3
  • 3
26
votes
2 answers

How to activate the REST API of keycloak?

I have installed keycloack server 4.3.4. How to activate the REST API of keycloak (Add a user, enabled user, disabled a user ...) ? Regards
AmineParis
  • 351
  • 1
  • 5
  • 11
26
votes
6 answers

Keycloak: Access token validation end point

Running keycloak on standalone mode.and created a micro-service by using node.js adapter for authenticating api calls. jwt token from the keyclaok is sending along with each api calls. it will only respond if the token sent is a valid one. how can…
basith
  • 740
  • 4
  • 13
  • 26
25
votes
9 answers

"You need local access to create the initial admin user" error while keycloak startup in docker

While starting keycloak server on docker, I am getting this error: "You need local access to create the initial admin user". But running it locally, it's working fine. Another thing is that if I want to use Postgres db instead of embedded H2 db then…
gar
  • 389
  • 1
  • 3
  • 8
25
votes
3 answers

Can multi-tenancy in Keycloak be done within a single realm?

First, I'm well aware of the multi-realm approach to multi-tenancy in Keycloak. I've taken over a legacy project where nobody thought of multi-tenancy. Now, two years later, suddenly, the customer needs this feature. Actually, the microservices are…
dajood
  • 3,758
  • 9
  • 46
  • 68
25
votes
6 answers

How to get users by custom attributes in keycloak?

I know that there is admin APIs to get the list of users which returns the user representation array. GET /admin/realms/{realm}/groups/{id}/members returns https://www.keycloak.org/docs-api/2.5/rest-api/index.html#_userrepresentation but is…
Milan Savaliya
  • 500
  • 1
  • 6
  • 12
25
votes
3 answers

KeyCloak User validation and getting token

First of all I am very new to Keycloak and excuse me if something I am asking might be wrong. I have installed the Keycloak server and I can access the Web UI for the same using: http://localhost:8008/auth My requirement is to validate a realm user…
Rohitesh
  • 1,514
  • 7
  • 28
  • 51
25
votes
2 answers

SSO with SAML, Keycloak and Nextcloud

I am trying to setup Keycloak as a IdP (Identity Provider) and Nextcloud as a service. I want to setup Keycloak as to present a SSO (single-sign-on) page. I am running a Linux-Server with a Intel compatible CPU. What is the correct…
MadMike
  • 1,391
  • 1
  • 16
  • 38
25
votes
7 answers

unable to get oauth token from Keycloak

I have an application which is getting Auth from Keycloak. My Access Type is public so I do not have any client secret. I have given access to "Direct Access Grants Enabled" as ON Refer below: I am getting error from postman as below: { …
Shubham Jain
  • 16,610
  • 15
  • 78
  • 125
25
votes
6 answers

Didn't find publicKey for kid ,Keycloak?

I am getting this exception "Didn't find publicKey for kid" while calling endpoint from angular js 2 to the widlfly server . authentication happened in keycloak , however i am calling about 8 endpoints from different clients (different micro…
Ahmed Gamal
  • 1,666
  • 1
  • 17
  • 25
24
votes
7 answers

Why do I get 502 when trying to authenticate

I'm trying to implement authentication for my UI application I'm using https://github.com/joaojosefilho/vuejsOidcClient which I succesffully configured to work with gluu auth server Now I wanted to try with keycloak what happens is that flow is…
mirkash
  • 386
  • 1
  • 2
  • 7
24
votes
5 answers

Getting Keycloak's public key

I realized there are many iterations of this questions. But I can't seem to understand the answer correctly. We have secured our rabbitmq and rest endpoints with a oauth2 spring server similar to this post. But it doesn't have all of the…
Thomas Lann
  • 1,124
  • 5
  • 17
  • 35
24
votes
4 answers

Cant access keycloak rest API methods *404*

I am using the latest keycloak image in docker and can access the standard admin console at http://localhost:9080. However, I cant seem to access any of the paths specified in the documentation for Admin REST api. For instance, the base path /auth…
Taha Rehman Siddiqui
  • 2,441
  • 5
  • 32
  • 58
1 2 3
99 100