Reputation: 527
Keycloak Admin Client in Spring Boot
I’m having some trouble to use keycloak-admin-client in spring boot.
If I try with this code I get 401 (unauthorized):
public Keycloak getKeycloakInstance() {
var keycloak = KeycloakBuilder.builder()
.serverUrl(SERVER_URL)
.realm(REALM)
.username(USERNAME)
.password(PASSWORD)
.clientId(CLIENT_ID)
.build();
return keycloak;
}
Also, if I put .resteasyClient(....) and .clientSecret(...) in the code above i get badrequest.
In the client roles I created a new composite role and gave all realm-management roles to it, maybe I configured something wrong?
Where can I find some documentation on how to use this Admin Client Dependency?
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-admin-client</artifactId>
<version>10.0.0</version>
</dependency>
Upvotes: 4
Views: 9417
Answers (1)
Reputation: 527
Question answered in keycloak discourse by @zonaut. Maybe it helps someone!
"Personally I would choose example 2, creating a dedicated service account client as we are communicating service to service".
Example 1 -> Using a user
- Create new client under your desired realm -> keycloak-admin
- Select public client with only direct access grant enabled
- Create new role, enable composite roles
- type realm-managment into client roles under composite roles
- add available roles that you need
- Select a user and open role mappings tab
- type keycloak-admin in client roles and add needed roles
Code:
Keycloak keycloak = KeycloakBuilder.builder()
.serverUrl("http://localhost:8080/auth")
.grantType(OAuth2Constants.PASSWORD)
.realm("realm-name")
.clientId("keycloak-admin")
.username("username")
.password("password")
.resteasyClient(
new ResteasyClientBuilder()
.connectionPoolSize(10).build()
).build();
keycloak.tokenManager().getAccessToken();
RealmResource realmResource = keycloak.realm("realm-name");
Example 2 -> Using a confidential service account
- Create new client under your desired realm -> keycloak-admin
- Select confidential client with only service account enabled
- Select tab service account roles
- type realm-management into client roles
- add available roles that you need
Code:
Keycloak keycloak = KeycloakBuilder.builder()
.serverUrl("http://localhost:8080/auth")
.grantType(OAuth2Constants.CLIENT_CREDENTIALS)
.realm("realm-name")
.clientId("keycloak-admin")
.clientSecret("1c7e2815-c4dc-401c-af2f-ebddad3b4a79")
.resteasyClient(
new ResteasyClientBuilder()
.connectionPoolSize(10).build()
).build();
keycloak.tokenManager().getAccessToken();
RealmResource realmResource = keycloak.realm("realm-name");
Example 3 -> Using admin account
You could also use the admin user with the password grant and use the existing admin-cli client.
Keycloak keycloak = KeycloakBuilder.builder()
.serverUrl("http://localhost:8080/auth")
.grantType(OAuth2Constants.PASSWORD)
.realm("master")
.clientId("admin-cli")
.username("admin")
.password("password")
.resteasyClient(
new ResteasyClientBuilder()
.connectionPoolSize(10).build()
).build();
keycloak.tokenManager().getAccessToken();
RealmResource realmResource = keycloak.realm("realm-name");
Upvotes: 7
Related Questions
- Keycloak-admin-client always returns null in springboot
- Keycloak Spring boot configuration
- Problem in integrating spring boot application with Keycloak
- Keycloak admin client
- How to access keycloak with the admin-client?
- Assign role to user Keycloak Admin Client
- Keycloak Integration with Spring Boot
- Spring Boot Configuration -- keycloak
- Spring boot and Keycloak
- Integrate Keycloak Admin Client 3.1.0.Final with Spring Boot 1.5.1