Questions tagged [keycloak]

Integrated Single Sign On (SSO) and Identity Manager (IDM) for browser apps and RESTful web services. Built on top of JBoss / Wildfly and complies with OAuth 2.0, Open ID Connect, JSON Web Token (JWT) and SAML 2.0 specifications.

About

Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.

Integrated Single Sign On (SSO) and Identity Manager for browser apps and RESTful web services. Built on top Wildfly / JBoss and implements the OAuth 2.0, Open ID Connect and JSON Web Token (JWT) and SAML 2.0 specifications.

Keycloak was initially targeted towards the JBoss and Wildfly communities but has solutions for many other environments like Tomcat, Jetty, Node.js, RAILS, GRAILS, etc. Options are to deploy it with an existing app server, as a black-box appliance, or as an Openshift cloud service and/or cartridge.

Links

Features

SSO and Single Log Out for browser applications
Social Broker. Enable Google, Facebook, Yahoo, Twitter social login with no code required.
Optional LDAP/Active Directory integration
Optional User Registration
Password and TOTP support (via Google Authenticator). Client cert auth coming soon.
User session management from both admin and user perspective
Customizable themes for user facing pages: login, grant pages, account management, emails, and admin console all customizable!
OAuth Bearer token auth for REST Services
Integrated Browser App to REST Service token propagation
Admin REST API
OAuth 2.0 Grant requests
CORS Support
CORS Web Origin management and validation
Completely centrally managed user and role mapping metadata. Minimal configuration at the application side
Admin Console for managing users, roles, role mappings, applications, user sessions, allowed CORS web origins, and OAuth clients.
Deployable as a WAR, appliance, or an Openshift cloud service (SaaS).
Supports JBoss AS7, EAP 6.x, and Wildfly applications. Plans to support Node.js, RAILS, GRAILS, and other non-Java applications.
Javascript/HTML 5 adapter for pure Javascript apps
Session management from admin console
Revocation policies
Password policies
OpenID Connect Support
SAML 2.0 support

31 questions

votes

2 answers

KEYCLOAK + MYSQL + DOCKER --> Failed to start

I am trying to start a Keycloak instance which uses a custom mysql database instead of the embedded H2. Since I am planning to use docker, I created a network for Keyclock docker to communicate with mysql. docker network create…

mysql docker keycloak

asked Jan 30 '20 at 01:41

Renjith

votes

0 answers

Keycloak login error destination_invalid

I'm currently trying to set up keycloak to provide single sign on to a nextcloud and gitlab instance. All three services are running inside a docker compose network with an nginx server as proxy to each of them. I can browse to keycloak, nextcloud…

nginx docker-compose keycloak

asked Feb 08 '21 at 20:06

Shelling

votes

1 answer

Howto traefik->keycloak gatekeeper->service?

My question is: Specifically, how do I configure traefik to double proxy through keycloak gatekeepr to authenticate my services as outlined below? I know my authentication chain looks like the title suggests but I'm completely missing the…

reverse-proxy authentication proxypass keycloak

asked Mar 29 '19 at 03:26

Karl N. Redman

votes

2 answers

How can I resolve "SAML Providers must reference at least one SAML assertion issuer" message?

I want to setup a SSO solution using Keycloak 10.0.2 as the Identity Provider. The first application I want to setup is AWS. I followed this tutorial to enable Keycloak to sign me in using SAML. I noticed, that this tutorial is guiding me to…

amazon-web-services single-sign-on saml keycloak

asked Jun 16 '20 at 13:06

user540468

votes

0 answers

Keycloak takes a long time to wake up if unused during a day or more

I installed Keycloak with a docker compose, behind an NGINX reverse proxy. Keycloack is only installed now for testing. When I stop using it for a days or more, next time I have a "Request Time-out" error, I need to refresh the page two times…

docker docker-compose keycloak

asked May 24 '20 at 22:06

Tom DARBOUX

votes

1 answer

Invalid keycloak URL error when installing alfresco-dbp with helm in Kubernetes on AWS

I'm currently trying to deploy Alfresco Content Services on AWS following this guide. I got as far as to "Creating File Storage for Alfresco Content Services Community" where I have to create an EFS storage using another guide. In step 4 "Deploy the…

amazon-web-services kubernetes alfresco helm keycloak

asked Apr 23 '20 at 06:15

Felix Engelmann

vote

1 answer

Keycloak w/ EKS + ALB (401 after auth)

I’m currently trying to get Keycloak to run in EKS behind ALB and for the life of me, I can’t get it to work. I get the redirect to a login screen and after I log in - I instantly get presented with 401 Authorization required. Infrastructure as…

amazon-web-services amazon-alb amazon-eks helm keycloak

asked Jul 28 '22 at 09:13

iotanum

vote

0 answers

Wrong redirect_uri on keycloak

I am trying to use keycloak to authenticate my service that are provided in a tomcat 8 docker by following https://github.com/keycloak/keycloak-documentation/blob/main/securing_apps/topics/oidc/java/tomcat-adapter.adoc After i finished to configure…

nginx tomcat8 keycloak

asked Jan 19 '22 at 07:22

Winter

vote

0 answers

Keycloak: Difference between Authentication sessions and User Sessions

I was going through the documentation https://www.keycloak.org/docs/latest/server_installation/#cache Here they have described different types of caches. I didn't quite understand the definitions they provided for Authentication sessions and User…

authentication cache session keycloak

asked Dec 04 '21 at 10:14

MrRobot9

vote

0 answers

Indirect Group Membership with Keycloak and oauth2-proxy

I'm using oauth2-proxy/oauth2-proxy with Keycloak-oidc provider for authentication for some pods in my Kubernetes cluster. I can specify which groups are allowed to access a resource using the --allowed-group argument such as below -…

freeipa keycloak

asked Dec 03 '21 at 21:25

cclloyd

vote

0 answers

JBoss: How does in the standalone-ha.xml work?

This file contains the usual Keycloak server configuration with the addition of WildFly10 High Availability extensions like Infinispan HA cache and JGroups HA communication channels and their configuration settings. …

networking amazon-web-services jboss wildfly8 keycloak

asked Nov 15 '21 at 15:47

MrRobot9

vote

1 answer

Keycloak install with helm on GKE with Cloud SQL (external) database

I'm trying to install keycloak on GKE cluster in GCP with external database, i.e. CloudSQL postrges db. I want to use helm to install it, so: helm repo add bitnami https://charts.bitnami.com/bitnami I've downloaded Values.yml file from bitnami…

google-cloud-platform google-kubernetes-engine google-cloud-sql keycloak

asked Sep 17 '21 at 11:18

Michał Z

vote

1 answer

Logging username in KeyCloak access-log

In KeyCLoak 15.0 (that is WildFly 23.0), I’m trying to configure access-log to also include username (or any ID of the user) when a user is logged in. In keycloak/standalone/configuration/standalone.xml, I…

logging wildfly keycloak

asked Jul 30 '21 at 11:23

McLayn

vote

1 answer

graviteeio - management-rest-api oauth role mappings

Gravitee manager can be configured with keycloak authentication as described here. They state in their documentation, that role mapping could be addressed on their gravitee.yml configuration: security: providers: - type: oidc …

single-sign-on keycloak

asked Jan 31 '21 at 15:24

Patricio

vote

0 answers

Unable to add users from Keycloack on FreeIPA via LDAP although Keycloack host has permissions set in FreeIPA

I have the following setup: FreeIPA 4.8.7 via docker (freeipa/freeipa-server:centos-8) Keycloack 12.0.1 The FreeIPA users are in cn=users,cn=accounts,dc=freeipa,dc=example,dc=com Keycloack DN:…

ldap freeipa keycloak

asked Jan 15 '21 at 10:30

sschueller

2 3 Next