Questions tagged [keycloak]

Integrated Single Sign On (SSO) and Identity Manager (IDM) for browser apps and RESTful web services. Built on top of JBoss / Wildfly and complies with OAuth 2.0, Open ID Connect, JSON Web Token (JWT) and SAML 2.0 specifications.

About

Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.

Integrated Single Sign On (SSO) and Identity Manager for browser apps and RESTful web services. Built on top Wildfly / JBoss and implements the OAuth 2.0, Open ID Connect and JSON Web Token (JWT) and SAML 2.0 specifications.

Keycloak was initially targeted towards the JBoss and Wildfly communities but has solutions for many other environments like Tomcat, Jetty, Node.js, RAILS, GRAILS, etc. Options are to deploy it with an existing app server, as a black-box appliance, or as an Openshift cloud service and/or cartridge.

Links

Features

SSO and Single Log Out for browser applications
Social Broker. Enable Google, Facebook, Yahoo, Twitter social login with no code required.
Optional LDAP/Active Directory integration
Optional User Registration
Password and TOTP support (via Google Authenticator). Client cert auth coming soon.
User session management from both admin and user perspective
Customizable themes for user facing pages: login, grant pages, account management, emails, and admin console all customizable!
OAuth Bearer token auth for REST Services
Integrated Browser App to REST Service token propagation
Admin REST API
OAuth 2.0 Grant requests
CORS Support
CORS Web Origin management and validation
Completely centrally managed user and role mapping metadata. Minimal configuration at the application side
Admin Console for managing users, roles, role mappings, applications, user sessions, allowed CORS web origins, and OAuth clients.
Deployable as a WAR, appliance, or an Openshift cloud service (SaaS).
Supports JBoss AS7, EAP 6.x, and Wildfly applications. Plans to support Node.js, RAILS, GRAILS, and other non-Java applications.
Javascript/HTML 5 adapter for pure Javascript apps
Session management from admin console
Revocation policies
Password policies
OpenID Connect Support
SAML 2.0 support

57 questions

votes

2 answers

How do I create a permanent admin account in Keycloak 26.0.0?

I installed Keycloak 26.0.0 on Ubuntu and was able to create a temporary admin account. When I log in a banner says: You are logged in as a temporary admin user. To harden security, create a permanent admin account and delete the temporary…

keycloak

asked Oct 11 '24 at 04:05

tsmigiel

votes

2 answers

KEYCLOAK + MYSQL + DOCKER --> Failed to start

I am trying to start a Keycloak instance which uses a custom mysql database instead of the embedded H2. Since I am planning to use docker, I created a network for Keyclock docker to communicate with mysql. docker network create…

mysql docker keycloak

asked Jan 30 '20 at 01:41

Renjith

votes

0 answers

Keycloak login error destination_invalid

I'm currently trying to set up keycloak to provide single sign on to a nextcloud and gitlab instance. All three services are running inside a docker compose network with an nginx server as proxy to each of them. I can browse to keycloak, nextcloud…

nginx docker-compose keycloak

asked Feb 08 '21 at 20:06

Shelling

votes

2 answers

How to get the client-id and client-secret from keycloak?

For a web application I need the client-id and client-secret from Keycloak. How can I access these in the web interface?

keycloak

asked Apr 18 '22 at 18:56

sm-a

votes

1 answer

Howto traefik->keycloak gatekeeper->service?

My question is: Specifically, how do I configure traefik to double proxy through keycloak gatekeepr to authenticate my services as outlined below? I know my authentication chain looks like the title suggests but I'm completely missing the…

reverse-proxy authentication proxypass keycloak

asked Mar 29 '19 at 03:26

Karl N. Redman

votes

2 answers

Keycloak Integration with a Linux Server

I've set up a Keycloak server and I'm working on integrating it with a Linux server to allow users from Keycloak to authenticate into the Linux server using their Keycloak credentials. Ideally, I'd like it so that when users run the ssh…

linux ssh pam keycloak

asked Jan 25 '24 at 14:27

Tisighe Livinstone

votes

0 answers

Can't get Keycloak to add new users/groups to OpenLDAP

I've been banging my head against the wall for two days on this one now. I have setup fresh Keycloak and OpenLDAP instances, and I want to use OpenLDAP as the source of truth for all user data. I want to use Keycloak to create and edit users. Then,…

openldap keycloak federated

asked Aug 23 '22 at 07:06

Dominic P

votes

1 answer

Logging username in KeyCloak access-log

In KeyCLoak 15.0 (that is WildFly 23.0), I’m trying to configure access-log to also include username (or any ID of the user) when a user is logged in. In keycloak/standalone/configuration/standalone.xml, I…

logging wildfly keycloak

asked Jul 30 '21 at 11:23

McLayn

votes

2 answers

How can I resolve "SAML Providers must reference at least one SAML assertion issuer" message?

I want to setup a SSO solution using Keycloak 10.0.2 as the Identity Provider. The first application I want to setup is AWS. I followed this tutorial to enable Keycloak to sign me in using SAML. I noticed, that this tutorial is guiding me to…

amazon-web-services single-sign-on saml keycloak

asked Jun 16 '20 at 13:06

user540468

votes

0 answers

Keycloak takes a long time to wake up if unused during a day or more

I installed Keycloak with a docker compose, behind an NGINX reverse proxy. Keycloack is only installed now for testing. When I stop using it for a days or more, next time I have a "Request Time-out" error, I need to refresh the page two times…

docker docker-compose keycloak

asked May 24 '20 at 22:06

Tom DARBOUX

votes

1 answer

Invalid keycloak URL error when installing alfresco-dbp with helm in Kubernetes on AWS

I'm currently trying to deploy Alfresco Content Services on AWS following this guide. I got as far as to "Creating File Storage for Alfresco Content Services Community" where I have to create an EFS storage using another guide. In step 4 "Deploy the…

amazon-web-services kubernetes alfresco helm keycloak

asked Apr 23 '20 at 06:15

Felix Engelmann

vote

2 answers

How can I programmatically create a permanent admin in Keycloak 26.1.2 using the Admin CLI?

I’m automating a Keycloak 26.1.2 installation and need to create a permanent admin user entirely via shell script and the Admin CLI (kcadm.sh/kc.sh), not via the web UI. My installation script does the following steps: 1. Bootstrap temporary…

keycloak

asked May 10 '25 at 06:33

Dawid

vote

0 answers

Keycloak can't change AD passwords

I have a Keycloak instance that is talking to an AD on Server 2016 via LDAPS. I have verified that the connection to the server is working, that the connection is encrypted, and that the Bind user in keycloak can authenticate. AND YET, when…

active-directory ldap keycloak

asked Dec 15 '24 at 19:38

Vincent Guttmann

vote

1 answer

Keycloak throws Network response was not ok

I'm testing Keycloak and wanted to integrate it with OpenShift. I'm following these instructions I got the bit where you configure the client scope and keycloak immediately dies with: Default install, this is all I've done to it. Refreshing does…

active-directory authentication keycloak

asked Jul 15 '24 at 19:38

Grant Curell

1,188

vote

0 answers

SSO not working between a browser and a Keycloak using an user federation with kerberos integration to a windows AD

I am trying to get SSO working using a browser(Chrome or firefox) and keycloak configured with an user federation AD Domain(kerberos is configured). First I present the overview of what I have and after I add more details. The Overview: Calling the…

active-directory kerberos single-sign-on keycloak spnego

asked Oct 25 '23 at 13:01

Afonso R.

2 3 4 Next