Closed jmls closed 3 years ago
Same here. The keycloak container just crushes :(
@jmls, @andagent Okay, guys. I will take a look.
Is there any update on this issue?
use this docker-compose to test
version: '3'
volumes:
postgres_data:
driver: local
services:
postgres:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
keycloak:
image: quay.io/keycloak/keycloak:latest
command: -Dkeycloak.profile.feature.upload_scripts=enabled
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: Pa55w0rd
#JDBC_PARAMS: "ssl=true"
ports:
- 8080:8080
depends_on:
- postgres
i have not fully tested everything but at least can able to import the realm, policy, and users.
Eveything running now but gettting the error of 404:Not Found while login into to the appllication using admin_user and admin_user.
i have replaced the keyloack.json file also while trying to add user into keycloak getting
{
"errno": "ECONNREFUSED",
"code": "ECONNREFUSED",
"syscall": "connect",
"address": "127.0.0.1",
"port": 8080
}
@v-ladynev you have hardcoded this config to connect with realm over locahost IP ? how can i change the configuration to connect the application to my external running keycloak.
@harsh4870 You can try pass the config as a JS object here, for testing purposes https://github.com/v-ladynev/keycloak-nodejs-example/blob/master/lib/keyCloakService.js#L18
format of the configuration object https://github.com/v-ladynev/keycloak-nodejs-example/blob/master/lib/keyCloakService.js#L50
Admin client has a hardcoded URL. Admin client is a separate thing to demo how, for example, work with KeyCloak users.
Thanks for reply. i am on it
@v-ladynev just requires your small suggestion or help.
i understand now the concept of resource, policies, permission, and scopes. Just wanted to check how can we add the roles and auth scopes
to JWT token ? so that we can verify and restrict the user at the API gateway level?
if you can please share you thoughts that would be really helpful.
maybe we are getting roles already in JWT
i fired
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=password&client_id=CAMPAIGN_CLIENT&client_secret=6520dsdfbe5-cb81-4d5c-9fc7-45d1b0c7a75e&username=admin_user&password=admin_user" https://keycloak.example.tk/auth/realms/CAMPAIGN_REALM/protocol/openid-connect/token
so roles we are getting but can we add auth scopes also ?
@harsh4870 Roles are already in JWT. They are used by keycloak-connect
middleware
app.get( '/special', keycloak.protect('special'), specialHandler );
You can try to use Script Mapper
https://keycloak.discourse.group/t/how-to-add-value-to-the-jwt-tokens-scope-attribute/950 https://stackoverflow.com/questions/52518298/how-to-create-a-script-mapper-in-keycloak
Thankyou @v-ladynev
i have tried writing the script in JS but not able to add the auth scopes into the JWT token.
But yes when we are hitting the resource servr uma_auth we are getting all the details by default into the token
curl -X POST \
https://keycloak.example.tk/auth/realms/test-v1/protocol/openid-connect/token \
-H "Authorization: Bearer <TOKEN>" \
--data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket" \
--data "audience=app-client"
any idea how can we get the same details while running command
curl -X POST \
https://keycloak.example.tk/auth/realms/test-v1/protocol/openid-connect/token \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'client_id=app-client&grant_type=password&scope=openid&username=bob&password=bob&client_secret=5242dfddd-cdc9-4ecb-a151-58gy07e0293c'
@harsh4870 if you want to check permissions using user's credentials, you can try to pass a Basic authentication header. Like in the example here https://www.keycloak.org/docs/latest/authorization_services/index.html#_service_obtaining_permissions
curl -X POST \
http://${host}:${port}/auth/realms/${realm}/protocol/openid-connect/token \
-H "Authorization: Basic cGhvdGg6L7Jl13RmfWgtkk==pOnNlY3JldA==" \
--data "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket"
I have fixed everything. Please follow this to start Keycloak with configuration https://github.com/v-ladynev/keycloak-nodejs-example#quick-start
fails with
the mysql system is running
I have no idea on what's wrong or how to even start fixing this ;)