498 questions
0
votes
0
answers
18
views
Keycloak doesn't allow creating resources with the same ID in different realms
I use Keycloak server 26.2.0. I have several realms (for multitenancy). Each realm has a client with the same name, which has authorization enabled. I'm trying to create resources using the Keycloak ...
- 43
0
votes
0
answers
114
views
Refit client returns cached responses despite no-cache headers and HttpMessageHandler
I'm experiencing a caching issue with Refit when calling Keycloak Admin API endpoints. Despite setting various no-cache headers and implementing a custom HttpMessageHandler, I'm still getting cached ...
- 1
0
votes
1
answer
64
views
Is there a way I can use different layout for keycloak's forgot password and updatepassword
When we click on 'Forgot Password', an email gets delivered with a reset link. This Reset link redirects to login-update-password.ftl.
The same FTL is called from the account management page when the ...
- 15
0
votes
0
answers
46
views
Automatically log in to keycloak after update_password via executeActionsEmail
I have a registration workflow on my app that does not use keycloak registration page.
The user enter his login and name and I programatically invoke the executeActionsEmail with UPDATE_PASSWORD so it ...
- 153
1
vote
0
answers
104
views
When using org.keycloak.admin.client.resource.UserResource update(), how can I get details from the exception?
When using the update() method of org.keycloak.admin.client.resource.UserResource, and assuming the user name and/or email address already exists, Keycloak throws a 409 error via org.jboss.resteasy....
- 1,750
2
votes
1
answer
109
views
How can I create a service account in the master realm with the same admin capabilities as the admin user in Keycloak 26.2.5
I have created a client (ntrcpt_service) and selected "Service account roles". I have added the "admin" role to the client's service account roles. I am able to authenticate with ...
- 27
1
vote
1
answer
2k
views
Keyclaok Health Check not working on version 26
I am using Keycloak 26 on Docker (locally) and the health check does not work.
According to documentation, I added this configuration for it:
- KC_HEALTH_ENABLED=true
- KC_METRICS_ENABLED=true
- ...
- 11
1
vote
1
answer
113
views
Setting keycloak TOTP execution as REQUIRED
I am writing integration tests in which I use testcontainers with keycloak 24.0.5. I want to enable totp for the admin realm. It's easy to set this setting in the GUI but I need to set it ...
user7849416
0
votes
0
answers
23
views
Keycloak getIdentityProviderMappersStream deprecated
I have a keycloak extension that performs this
private List<IdentityProviderMapperModel> getAllMappersForExistingRole(RealmModel realm, RoleModel existingRole) {
return realm....
2
votes
2
answers
983
views
How can I programmatically create a permanent admin in Keycloak 26.1.2 using the Admin CLI?
I’m automating a Keycloak 26.1.2 installation and need to create a permanent admin (aka “superuser") entirely via shell script and the Admin CLI (kcadm.sh/kc.sh), not via the web UI. My ...
- 757
0
votes
1
answer
124
views
Quarkus Keycloak Admin Rest Client initially works but then fails with ClassNotFoundException: org.keycloak.representations.AccessTokenResponse
I am using Quarkus 3.21.4 in dev mode with Keycloak 26.1.3 running in a container.
My app uses the keycloak admin client to set some custom properties in keycloak for a user. All works correctly after ...
- 1,750
0
votes
1
answer
44
views
Managing Multiple Keycloak Realms via REST API: How to Handle Oversized JWT Tokens from a Master Realm Service Account?
I'm using a client/service account in Keycloak's master realm (with an admin role) to manage multiple realms via REST APIs. The client application uses this credentials to obtain an access token and ...
- 768
0
votes
0
answers
67
views
Custom field in event_entity table - Keycloak
Is there a way to insert a custom field in the column details_json of an event in event_entity?
I have tried to build a custom Event Listener, but that doen not seems to be inserting anything.
I am ...
- 21
0
votes
0
answers
44
views
Why does an exchanged token in keycloak still show the original token holder profile?
Worded this question the best I could...
I'm following this guide to enable token exchange between two users in Keycloak.
The idea here is to log in as userA in realmA, and then exchange that access ...
- 1,437
0
votes
1
answer
265
views
Keycloak EventListener - Update Events Details in Keycloak 18
I'm working with a custom EventListenerProvider in Keycloak 18 to handle LOGIN and LOGIN_ERROR events. I aim to modify the Event object details by adding a custom attribute (like orgId) and have the ...
- 51
1
vote
1
answer
828
views
Keycloak LDAP Sync: Existing Keycloak User Not Linking to New LDAP User with Same Username
I’m facing an issue with Keycloak LDAP integration related to user synchronization. The LDAP sync works fine when a user only exists in LDAP—Keycloak automatically creates the user upon sync. However, ...
- 133
2
votes
1
answer
293
views
How to dynamically set keycloak theme from the URL?
I am been looking at keycloak documentation, and while I have figured out how to create custom login pages, I can not seem to find the way to send information to keycloak, in the url, about what theme ...
- 39
0
votes
1
answer
104
views
Type 'org/jboss/resteasy/specimpl/ResteasyUriBuilderImpl' (current frame, stack[0]) is not assignable to 'javax/ws/rs/core/UriBuilder'
I am upgrading from Keycloak 12 to Keycloak 26 and adapting custom providers for this version. During a procedure, I get the following error:
2025-01-30 15:12:45,024 ERROR [org.keycloak.events....
- 1
2
votes
0
answers
79
views
Do I need two Keycloak clients for Google login (via Keycloak JS) and direct username/password login in a single realm?
I have a backend written in Java and a frontend in ReactJS, where I am using Keycloak for authentication. My frontend handles two types of login flows:
Google Login via Keycloak Identity Provider
...
- 1,634
0
votes
0
answers
27
views
Keycloak Domain Extension: "No query defined for that name [findByRealm]" Error
I'm working on a domain extension in Keycloak 21.0.2 and facing an issue when trying to fetch data through its endpoint. I haven’t modified the code from the example. I simply compiled it, added the ...
- 83
1
vote
1
answer
2k
views
How to define custom user attributes in Keycloak 26's realm user profile via the Java Admin Client?
I'm working with Keycloak 26 and want to define custom user attributes (e.g. user_type ) at the realm level so they appear in the user profile.
Here's what I've tried in my Java (Spring Boot) service, ...
- 1,096
0
votes
0
answers
37
views
401 when accessing newly created realm in Keycloak
I have an installation service so I can programmatically create a new tenant which includes setting up a Keycloak Realm.
In order to do this, I am using the Keycloak.Net.Core library and I have ...
- 21
0
votes
1
answer
380
views
Introspection and UserInfo Endpoint of KeyCloak server- Returning 401 unauthorized
I am trying to add a wrapper function over /openid-connect/token/introspect endpoint and openid-connect/token/userinfo.
I tried with the validate the token by passing the token in the body of the ...
1
vote
0
answers
71
views
Get google refresh token from keycloak
To integrate google-calendar in my backend i needs the end-user refresh token from google.
the needs is to reuse this refresh_token to push data into the end-user calendar when i get events in my ...
1
vote
1
answer
750
views
Keycloak: Retrieve Client Scopes Mapped to a Specific Role
In my Keycloak setup, I have several client scopes and roles:
Scopes represent specific permissions (e.g., entity.create,
entity.view, entity.delete).
Roles aggregate these permissions (e.g., the &...
1
vote
0
answers
206
views
Keycloak Client Remove UserSession
I want to remove all the users sessions only for the specify client in Keycloak but I am not finding a way. What I did until now is as below:
List<UserSessionModel> userSessions = session....
- 69
1
vote
1
answer
349
views
Keycloak as a Broker saml client
I need to change my current Keycloak configuration to set up a Keycloak broker that queries a remote SAML Identity Provider (IdP).
Here is the metadata.xml. I’m unsure if I need to configure both an ...
- 41
0
votes
1
answer
342
views
Is it possible to edit / update Keycloak's Infinispan cache?
Keycloak offers several REST calls to retrieve client or user sessions from it's builtin Infinispan cache. It is also possible to delete sessions via the REST API.
I'd like to know if it is possible ...
- 163
0
votes
0
answers
48
views
HTTP 404 response from KeycloakBuilder java
I am trying to execute this code:
Keycloak keycloak = KeycloakBuilder.builder()
//http://localhost:8080/realms/API/protocol/openid-connect/token
//.serverUrl("http://...
1
vote
1
answer
787
views
How to Register Users in Keycloak Using Keycloak-js
I'm building a Next.js application and I have implemented a custom registration page for users. I want to use Keycloak-js to handle user registration directly within the Next.js app, allowing for a ...
- 27
1
vote
1
answer
1k
views
KeyCloak Java Service Account Create User
I am new to Keycloak and trying to wrap my head around how to properly register a user using the Keycloack admin client
The documentation doesn't have concrete examples and there a ton of screen shots ...
- 481
1
vote
1
answer
630
views
client-credentials is unsupported_grant_type
I am creating FastApi + KeyCloak application. Created realm, client and user
Client configuration
My user configuration
I can obtain token with help of this request
But for grant_type client-...
- 1,748
0
votes
0
answers
151
views
Keycloak token request taking time in minutes
Keycloak 22 some token requests tokes time in minutes, and some execute very fast, what may be the reason of longer duration ?
Tried updating keycloak version, but if there is any way to reduce token ...
- 1
2
votes
1
answer
742
views
Keycloak admin API. Method not allowed for put user profile
I'm trying to execute some requests to the Keycloak Admin API Rest to perform some operations.
I need to add a new attribute to the realm user profile. In the documentation: Keycloak Admin REST API ...
- 295
1
vote
0
answers
306
views
Cannot use `execute-actions-email` API in Keycloak non-master realm
In Keycloak 21.1, I was able to send the execute-actions-email request for the master realm users using the following endpoint:
curl --location --request PUT 'http://<your_ip>:<your_port>/...
- 428
0
votes
1
answer
200
views
Keycloak: Client in non-master realm gets 403 Forbidden when using User Search API
I have a non-master realm in my Keycloak instance which is called camunda-platform (it is deployed with the official Docker Compose configuration file of Camunda 8 Self-Managed).
I want to use the ...
- 428
0
votes
1
answer
1k
views
Keycloak redirect to client after user/owner authentication failing with 404 because 302 wrong redirect url
The setup works only if Keycloak(localhost:8700) and spring boot client(localhost:8180) are in same machine(localhost).
when keycloack(https://cloud.keycloak.com) is in cloud with iis reverse proxy ...
- 1
0
votes
1
answer
428
views
How to Configure Keycloak in .NET for Multiple Clients in a Single Realm?
I'm a beginner with Keycloak and I'm learning how to create a Keycloak authentication server for a .NET application, where I can have multiple clients within a Realm, and these clients may or may not ...
0
votes
0
answers
509
views
Keycloak Admin REST API getting 404 not found using Postman
I am using Keycloak latest version, where I have created a realm using Standard Flow running on port http://127.0.0.1:5001/. The admin UI is running as expected on http://127.0.0.1:5001/auth
The ...
- 17.5k
0
votes
0
answers
2k
views
KeyCloak - How to configure the Username policy
I am currently required to configure the Username and Password policy from the KeyCloak app.
Surely, I could configure the Password Policy, from the Authenticatio -> Password Policy Screen. However,...
- 956
3
votes
1
answer
1k
views
Keycloak Token exchange Error - Client is not within the token audience
I'm working on a token-exchange request of keycloak wherein trying to get the access token of client2 while being authenticated with client1.
Have enabled token_exchange and admin_fine_grained_authz ...
- 4,906
1
vote
0
answers
177
views
Keycloak added custom endpoint
I use keycloak version 21.1.1, I added new custom endpoint(test endpoint), here link to my sample project - https://github.com/j-developer-days/keycloak-rest-endpoint/tree/Option1
in github I ...
- 11
1
vote
1
answer
1k
views
How can I create a custom grant type in Keycloak?
I'm working on a project where I need to implement a custom grant type in Keycloak to meet specific authentication requirements. I've looked through the Keycloak documentation, but I'm having trouble ...
- 11
1
vote
1
answer
890
views
Problem saving custom attribute for keycloak users
Context
I have a php website. Keycloak is used for auth. This part works fine.
I now try to save user related state to keycloak directly via its REST API (to not need another user db).
The Problem
...
- 6,068
1
vote
1
answer
1k
views
Keycloak, cannot add user roles to the id/ access token, version 25.0.0
I don't see the user specified client roles added to the id token in the latest version as well. They mentioned it was fixed (https://github.com/keycloak/keycloak/issues/14617)
Role added to user as ...
- 755
0
votes
1
answer
275
views
React Keycloak cant login to a client credentials getting 401
The reason why i want to use client authentication is to use the token to add users/group/roles and and most of the api functions.
I have been trying to use the ReactKeyClaokProvider from keycloak ...
0
votes
1
answer
226
views
retrieve google refresh token in keycloak
Keycloak, by default, does not forward tokens received from external Identity Providers (IDPs), such as Google. To access resources like the Google Calendar, it is necessary to obtain the refresh and ...
0
votes
1
answer
510
views
Keycloak Admin password with external rds database
I have created a keyclock deployment/pod using the below yaml in my EKS kubernetes cluster. The keycloak is connected to external postgres rds database.
I created the admin user and password during ...
- 79
1
vote
1
answer
130
views
How get the client of a composite in Keycloak API
I need to get the clients of the composites of a role in the keycloak API
When I try to get the composite of a role the API returns JSON like this:
{
"id": "3bb6c58e-17c6-497f-...
0
votes
1
answer
648
views
Keycloak admin client 24.0.3 keycloak builder HTTP 404 or 400
keycloak = KeycloakBuilder.builder()
.serverUrl("http://localhost:8084") // 404:without /auth 400:with /auth
.realm( "my-group-dev")
....
- 51