You can’t use Keycloak adapters with spring-boot 3 for the reason you found, plus a few others related to transitive dependencies. As most Keycloak adapters were deprecated in early 2022, it is very likely that no update will be published to fix that. Directly use spring-security 6 libs for OAuth2 instead. Don’t panic, it’s an … Read more
Full transparency—I am by no means a Keycloak, OAuth, or OIDC expert and what I know is mostly from reading the docs, books, good ol’ YouTube and playing around with the tool. This post will be comprised of two parts: I’ll attempt to answer all your questions to the best of my ability I’ll show … Read more
You need to assign the view-users role from the realm-management client, for the desired user. That would be the configuration for the user: Then you can grab all the users from the ${keycloakUri}/admin/realms/${keycloakRealm}/users endpoint. That’s the info retrieved from the enpoint, accesed via Postman: Also, unrelated to the asked question, I strongly encourage you not … Read more
What worked for me was adding wildchar ‘*’. Although for production builds, I am going to be more specific with the value of this field. But for dev purposes you can do this. Setting available under, keycloak admin console -> Realm_Name -> Cients -> Client_Name. EDIT: DO NOT DO THIS IN PRODUCTION. Doing so creates … Read more
I was fighting with KeyCloak and CORS and all of this for about two weeks, and this is my solution (for keycloak 3.2.1): Its all about configuring KeyCloak server. It seems to be, that WebOrigin of your Realm needs to be * Only one origin “*”. Thats all, what was needed for me. If you … Read more
Starting with Keycloak 17 for the Quarkus distribution: The new distribution introduces a number of breaking changes, including: Configuring Keycloak has significantly changed Quarkus is not an application server, but rather a framework to build applications /auth removed from the default context path Custom providers are packaged and deployed differently Because of the third bullet … Read more
Update Feb 2022: Keycloak 17+ (e.g. quay.io/keycloak/keycloak:17.0.0) doesn’t support autogeneration of selfsigned cert. Minimal HTTPS working example for Keycloak 17+: 1.) Generate selfsigned domain cert/key (follow instructions on your terminal): openssl req -newkey rsa:2048 -nodes \ -keyout server.key.pem -x509 -days 3650 -out server.crt.pem 2.) Update permissions for the key chmod 755 server.key.pem 3.) Start Keycloak … Read more
With recent keycloak version 4.6.0 the client id is apparently no longer automatically added to the audience field ‘aud’ of the access token. Therefore even though the login succeeds the client rejects the user. To fix this you need to configure the audience for your clients (compare doc [2]). Configure audience in Keycloak Add realm … Read more