Reputation: 1264
How to enable features, like token-exchange, in keycloak from command line
I tried to implement user impersonation with Keycloak but I got this error
"error": "Feature not enabled"
This image shows what I ran in Postman and the error:
To start keycloak I ran Docker, on Windows 10 and then this command:
docker run -p 8080:8080 -e KEYCLOAK_PASSWORD=admin123 -e KEYCLOAK_USER=admin -e DB_VENDOR=H2 jboss/keycloak
so I use jBoss docker image, from RedHat.
So I wanted to enable that missing feature in keycloak, but from keycloak documentation I can't understand where to run this specific command:
For example, to enable docker and token-exchange, enter this command:
bin/kc.[sh|bat] build --features=docker,token-exchange
to have, for example, this token-exchange feature available in keycloak.
I tried to find into jBoss this kc file to run that command but I didn't find it. I found first the jBoss image:
docker exec 42f1c5c8bf55 it bash
then I enter on jboss
sh-4.4$ cd /opt/jboss
sh-4.4$ find . -name "kc.sh"
find: ‘./proc/tty/driver’: Permission denied
find: ‘./var/cache/ldconfig’: Permission denied
find: ‘./lost+found’: Permission denied
sh-4.4$ find . -name "kc.*"
find: ‘./proc/tty/driver’: Permission denied
find: ‘./var/cache/ldconfig’: Permission denied
find: ‘./lost+found’: Permission denied
I searched a lot and I tried different solutions, but non of them worked.
Anyone please give me a little help or at least an ideea how to implement a new feature, like token-exchange or access_token, inside keycloak.
Upvotes: 3
Views: 7018
Answers (3)
Reputation: 3104
Pass the below env variable to enable token exchange feature,
JAVA_TOOL_OPTIONS=-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled -Dkeycloak.profile.feature.token_exchange=enabled
My Docker compose looks like below,
keycloak:
image: jboss/keycloak
container_name: keycloak
ports:
- "8081:8080"
volumes:
- /home/devteam/docker_data/keycloak-data:/data
environment:
KEYCLOAK_USER: keycloak
KEYCLOAK_PASSWORD: kc@123
PROXY_ADDRESS_FORWARDING: true
DB_VENDOR: postgres
DB_ADDR: postgres_url
DB_DATABASE: keycloak
DB_USER: k_user
DB_PASSWORD: k_pass
JAVA_TOOL_OPTIONS: "-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled -Dkeycloak.profile.feature.token_exchange=enabled"
Upvotes: 0
Reputation: 4338
You can enable features using env var JAVA_OPTS_APPEND environment variable
for example to enable Ability for admins to impersonate users just start the container like this:
docker run -p 8080:8080 -e KEYCLOAK_PASSWORD=admin123 -e KEYCLOAK_USER=admin -e DB_VENDOR=H2 -e JAVA_OPTS_APPEND="-Dkeycloak.profile.feature.impersonation=enabled" jboss/keycloak
Upvotes: 3
Reputation: 5815
You can use the KC_ prefixed environment variables in your Docker container. For example, to enable features:
docker run -p 8080:8080 -e KEYCLOAK_PASSWORD=admin123 -e KEYCLOAK_USER=admin -e KC_FEATURES=token-exchange -e DB_VENDOR=H2 jboss/keycloak
Note that the jboss/keycloak image is not the current official Keycloak image anymore. You probably want to migrate to the quay.io/keycloak/keycloak images (see the Keycloak Docker docs).
Upvotes: 3
Related Questions
- How to write unit test with jest to check if-else block that returns the same value
- Jest Unit Testing - how to unit test if/else condition and call method based on true/false inside jest?
- How to check for multiple values in JEST? (OR-operator)
- How to correctly create a test in ReactJs with Jest when the function uses an if statement
- How to unit test condition in function?
- How to test this specific situation in Jest
- How to test if condition using jest
- Conditional React render unit test
- How to achieve a 100% test coverage on these ternary expressions in react components
- Unit testing of a function with conditional statement