Hi, I am trying to use single-sign on with keycloak and springboot 2 app
I got local keycloak setup realm and client.
I followed this example : spring-boot-keycloak-tutorial
This works fine, my issue is that I want to implement single sign on. Which means I don't want the user to login using keycloak login page.
If the users are logged in to the network (using Windows machine), and try to access the page, then they should be able to access the application without login because they are valid network users.
I don't seem to find an example on how to setup SSO and pass the credentials directly from windows to keycloak
You can configure your realm to use Kerberos user federation. This will enable SSO using the active directory.
See the official example page
You then need to make sure that your browser to support the SSO.
It turned out that the keycloak-spring-boot-adapter does not work for spring boot 2.0+
I changed my spring version to 1.5.3 instead of 2.0.5 and this solved the problem.
I am not sure if there is an alternative for spring boot 2.0
Related
I'm using Spring Boot + Keycloak + Angular for my application and keycloak-spring-boot-starter uses for the backend. But this is working perfectly on my computer and when I deploy this
Without logging to the system system works perfectly
When login to the system using angular app and make a api request getting 401 from Spring boot backend
In postman without token it gives results
In postman with the token it gives 401
But on angular side (frontend) Authentification and Authorization work perfectly. Further, I have tried to run this application in the machine(angular and Spring boot run in my local machine similar environment to production) using deployed keycloak, it also works perfectly.
Since there is no related error in the console I'm really worried about how to figure out the issue. I'm kindly requesting you to help me regarding this.
Actually, it was my mistake I have set SSL to none in Keycloak configuration but Spring Boot app I have set to external. Therefore it works on my computer and when I deploy it, it didn't work.
We are currently evaluating Keycloak Passwordless login feature which is called Webauthn and follows FIDO2 specification.
I am able to customize authentication flow (through admin console of keycloak) and login with fido2 device (platform authenticator of my Mac), it works fine.
However I cannot find an option to register user through Webauthn flow. Below are the questions:
Is it something currently supported in keycloak ?
Can Webauthn flow be managed programmatically? Using keycloak spring boot starter and etc.
Thanks
I have an architecture where my user application wants to use a basic authentication when accessing a spring service. This service has to use a Keycloak instance to verify the user/pass of the user application. I don't succeed to configure it (and don't know if its possible).
Yes, it is possible. Keycloak has Spring Security adapter that can be configured for Client and/or Resource Server.
https://www.keycloak.org/docs/latest/securing_apps/index.html#_spring_security_adapter
And also a working example here:
https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz-spring-security
I'm currently trying to make a Spring Boot app. I've managed to create successfully user authentication using LDAP and custom logic.
However, I'm trying to add another layer of security on top of that, something like "htaccess" to prevent unauthorized users from even seeing the web page (client requirement), as well as stop Google from indexing the page. This can be a single predefined user (doesn't need to be connected to ldap auth).
I've read about configuring the tomcat realm, tomcat-users etc. but since it's Spring Boot app with embedded tomcat, I can't find a place to successfully configure it.
Does anyone have any idea how to create such setup?
I'd like to give users the option to login to a Spring Boot web application using their Google or Facebook account.
I checked The Spring Cloud Security documentation and also This GitHub issue to add such SSO functionality, but on both they only show how to configure one SSO server, so it's either Google or Facebook.
How can I add both options? on the web front-end I will add a button for each option so the users can choose which account to use, either Google or Facebook.
Or I am choosing the wrong package and should use something different altogether to achieve this?
Thanks!
You basically have to install a separate authentication filter for each provider. There's a tutorial here: https://spring.io/guides/tutorials/spring-boot-oauth2/.