You need to assign the view-users role from the realm-management client, for the desired user. That would be the configuration for the user: Then you can grab all the users from the ${keycloakUri}/admin/realms/${keycloakRealm}/users endpoint. That’s the info retrieved from the enpoint, accesed via Postman: Also, unrelated to the asked question, I strongly encourage you not … Read more
This step is overview. 1 Find master access token URL In my demo URL, http://localhost:8180/auth/realms/master/protocol/openid-connect/token This may help long life of access-token time if you needs to more space time to handle step 3 and 4 2 Get master token run postman, use #1-4 URL assign variable in tests tab access-token variable will be use … Read more
What worked for me was adding wildchar ‘*’. Although for production builds, I am going to be more specific with the value of this field. But for dev purposes you can do this. Setting available under, keycloak admin console -> Realm_Name -> Cients -> Client_Name. EDIT: DO NOT DO THIS IN PRODUCTION. Doing so creates … Read more
Update 03-02-2020 @s.j.meyer has written an updated guide which works with Superset 0.28.1 and up. I haven’t tried it myself, but thanks @nawazxy for confirming this solution works. I managed to solve my own question. The main problem was caused by a wrong assumption I made regarding the flask-openid plugin that superset is using. This … Read more
There used to be another property auth-server-url-for-backend-requests but was removed by pull request #2506 as a solution to issue #2623 on Keycloak’s JIRA. In the description of this issue, you’ll find the reasons why and possible workarounds: that should be solved at the DNS level or by adding entries to the host file. So there … Read more
After some research I found the answer to my problem. The problem is that java.security.acl.Group is being deprecated since JRE 9 and marked for removal in future versions. java.security.acl.Group is being replaced by java.security.Policy I was running my Spring-Boot application on JRE 14 in which this class appeared to be no longer available. So once … Read more
you can use PUT /auth/admin/realms/{realm}/users/{id}/reset-password {id} is the user id in keycloak (not the login) Here is s sample body. { “type”: “password”, “temporary”: false, “value”: “my-new-password” }
As pointed out in the comments by @Kuba Šimonovský the accepted answer is missing other important factors: Actually, it is much much much more complicated. TL;DR One can infer that the refresh token lifespan will be equal to the smallest value among (SSO Session Idle, Client Session Idle, SSO Session Max, and Client Session Max). … Read more
The magic of Script Mappers can be understood by looking at the keycloak sources here: Source The script can return something by using the exports variable like this exports = “Claim Value” The different types: user: Source JavaDoc realm: Source JavaDoc token: Source JavaDoc userSession: Source JavaDoc keycloakSession: Source JavaDoc Here is an example script: … Read more
I was fighting with KeyCloak and CORS and all of this for about two weeks, and this is my solution (for keycloak 3.2.1): Its all about configuring KeyCloak server. It seems to be, that WebOrigin of your Realm needs to be * Only one origin “*”. Thats all, what was needed for me. If you … Read more