Starting with Keycloak 17 for the Quarkus distribution: The new distribution introduces a number of breaking changes, including: Configuring Keycloak has significantly changed Quarkus is not an application server, but rather a framework to build applications /auth removed from the default context path Custom providers are packaged and deployed differently Because of the third bullet … Read more
You can’t use Keycloak adapters with spring-boot 3 for the reason you found, plus a few others related to transitive dependencies. As most Keycloak adapters were deprecated, it is very likely that no update will be published to fix that. Directly use spring-security OAuth2 instead. Don’t panic, it’s an easy task with spring-boot. “Official” staters … Read more
Update Feb 2022: Keycloak 17+ (e.g. quay.io/keycloak/keycloak:17.0.0) doesn’t support autogeneration of selfsigned cert. Minimal HTTPS working example for Keycloak 17+: 1.) Generate selfsigned domain cert/key (follow instructions on your terminal): openssl req -newkey rsa:2048 -nodes \ -keyout server.key.pem -x509 -days 3650 -out server.crt.pem 2.) Update permissions for the key chmod 755 server.key.pem 3.) Start Keycloak … Read more
To add custom attributes you need to do three things: Add attributes to admin console Add claim mapping Access claims The first one is explained pretty good here: https://www.keycloak.org/docs/latest/server_admin/index.html#user-attributes Add claim mapping: Open the admin console of your realm. Go to Clients and open your client This only works for Settings > Access Type confidential … Read more
With recent keycloak version 4.6.0 the client id is apparently no longer automatically added to the audience field ‘aud’ of the access token. Therefore even though the login succeeds the client rejects the user. To fix this you need to configure the audience for your clients (compare doc [2]). Configure audience in Keycloak Add realm … Read more