How to get the last login session details of a user in Keycloak using keycloak rest endpoints? Example: builder.append(OAuth2Constants.AUDIENCE+"="+clientId+"&"); builder.append(OAuth2Constan...

Let's say I'm using one realm mycomp in Keycloak to handle all users (+ master realm for Keycloak superadmin). I'm have role of Customer Support (CS) that should be able to view users and manage th...

Im tried to create new user with clients role. I have client roles: - Admin - Operator - Manager And during creating user I want to assign user a client role my curl: curl -X POST -H 'Authoriza...

I'am trying to make custom SPI with custom REST endpoint, which should authenticate and authorise incoming requests by evaluating permissions on requested resources. With help of debugger I found o...

I have my own Login page where user enters username/password. This username/password are used to login through Keycloak Rest API. http://localhost:8080/auth/realms/Demo/protocol/openid-connect/tok...

I am very new to Keycloak server and want to use it to protect my front-end app and the backend rest API which are also open over the internet. So far what I understand and did is to create 2 clien...

How do I create Protocol Mappers with the following values (as seen in the attached image) via Keycloak's REST API? I couldn't find it in the documentation - I did find this: Protocol Mapper - but ...

I have setup Keycloak as a SAML broker, and authentication is done by an external IdP provided by the authorities. Users logging in using this IdP are all accepted and all we need from Keycloak is ...

We can use PostgreSQL or MySQL as DB for keycloak but I want to use mongo DB as database for keycloak. is there any way to implement this ?

Let's say we have several micro-services. Each of them uses Keycloak authentication. We have also load balancer based on for ex. nginx which has external URLs and different routes to keycloak (for ...

I have tried to access the keycloak API from the postman. but it is showing 400 bad request. I was calling api in the below format. http://{hostname}:8080/auth/realms/master/protocol/openid-conn...

I'm allowing users logged in an external application to jump into our application with their access token through Keycloak's identity brokering and external to internal token exchange. Now I'd like...

I'm implementing the Keycloak authentication service in my Angular 2 project. I use a service for logging in, logging out etc. Authenticating a user and logging out seems to work. I'm now trying...

keycloak js version -> ^10.0.2 angular -> ^7.2.16 keycloak.json { "realm": "REALM", "auth-server-url": "<auth-url>/auth/", "ssl-required": "external", "resource": "CLIENT_ID", "verif...

I understand that keycloak has built-in clients and we add the users later on. But in general, what is the difference between a client and a user in Keycloak?

I'm using keycloak as authorization server. The users send own username/password to MyWebApp and MyWebApp with grant_type: password get the token and then response token to the user. Now I want to ...

I'm trying to create a Keycloak client through Admin REST API with Python. I've tried the following: import requests import argparse import ast def get_token(): url = 'http://localhost:9003/a...

Keycloak refresh token expiry is tied to SSO timeouts. If SSO Session Idle is set to 30 minutes, the refresh token will only work for 30 minutes. Session Idle can only be as large as Session Max, t...

I need to update from the Keycloak to another proprietary data store information about created users (no matter if created directly in Keycloak or in a connected LDAP/Active directory). I tried to ...

I have tried to create a user(without giving any password while creating) on keycloak using CURL command, it's success, but not able to know the password to login. So, how to give password to a use...

Using the KeyCloak admin console, I am attempting to enact the following use-case. We have Group X and Group Y. The role 'Group X Admin' can do the following: Can create users without a group....

I'm trying to implement the forgot password flow with key-cloak and was able to do it with key-cloak admin UI. But now I want to do this reset flow completely inside the web application without for...

There is an Endpoint to a backend server which gives a JSON response on pinging and is protected by an Apigee Edge Proxy. Currently, this endpoint has no security and we want to implement Bearer on...

Imagine, Following are the 2 clients (2 micro-services) in keyclock. rest-service-1 rest-service-2 Following is the role in rest-service-2 service-2-user To do service to service call, i...

I am new to Keycloak. I want create user using Keycloak admin REST API. I have managed to create a user. But the problem is I also want to assign admin role to the user. Attached is my JSON body....