I have a project in springboot + springSecurity oauth2
this project is work correctly.
I want to add keycloak to this project.
I want to authorize users in my project and get access_token from keycloak.
Is this possible?
Here is an article, how to use oauth2 with spring security and keycloak
Related
i am currently working on a project where my backend uses Spring Boot, Spring security + keycloak and runs on localhost:8081.
My frontend (svelte) runs on http://127.0.0.1:5173/ and the url http://127.0.0.1:5173/products needs to access data from localhost:8081/products (which needs a login) but the login page from keycloak doesnt appear.
In other words, what i am trying to achieve:
I want that the url http://127.0.0.1:5173/products redirects to localhost:8081/products which redirects to keycloak login page and after a successfull login i want to return to http://127.0.0.1:5173/products where i will be able to see the data.
is there an elegant solution to this problem? Im really stuck on this problem and this is one of my first projects.
Thanks in advance!!
Some OAuth2 wording:
Keycloak is an authorization-server (OIDC complient)
Svelte app is a client
Spring REST API is a resource-server
Ensure that a "public" client is declared in Keycloak.
Configure your Svelte client with an existing OIDC lib (component) of your choice to:
use the "public" client deckared in Keycloak
authenticate users against Keycloak (socket is not the same as spring API)
add an authorization header with a JWT access-token retrieved from Keycloak (when issuing requests to your secured REST endpoints)
Configure Spring API as a secured resource-server with a JWT decoder.
You can refer to this article for configuring Keycloak and resource-server with JWT access-tokens.
We are trying to implement spring boot oauth2 authentication and then role based authorization for the front-end application routing.
following is an example what we are trying to achieve. after authentication is done we want to get the groups from jwt or from an api by using the access token and if the groups are there user will be be able to login otherwise will get 403. We have done this for on prem security but trying with oatuh2 but not luck so far.
.antMatchers(getProtectedURIs()).hasAnyAuthority(userConfig.getUserGroups())
I want to build web application in Spring Boot and React as frontend.
This application must have user authorization with roles and this is my question.
Are the Basic Spring Eecurity allow to share roles into frontend or I should use JWT?
If you use js framework (React etc.) so you need to generate and provide jwt (access & refresh token) from backend. Also you can use keycloak for implementing authorization functionality.
I'm tring SSO Login with Spring Boot and OAuth2.
I have an oauth2 client running on http://localhost:8001/demo and an oauth2 authorization server running on http://localhost:9001/uaa
In result, after approval page it direct to the approval page again and again.I'm getting back "org.springframework.security.authentication.BadCredentialsException: Could not obtain access token" from the client.
I have no idea what's going on. I did this with Spring Boot1.5 everything seems to be find
Code
I am using Keycloak with my Spring Boot application. I want to use Okta as Identity Provider without success, this configuration:
Spring configuration:
security.oauth2.resource.userInfoUri=https://dev-XXXXXX.oktapreview.com/oauth2/default/v1/userinfo
security.oauth2.resource.tokenInfoUri=https://dev-XXXXXX.oktapreview.com/oauth2/default/v1/introspect
security.oauth2.resource.preferTokenInfo=false
security.oauth2.client.accessTokenUri=https://dev-XXXXXX.oktapreview.com/oauth2/default/v1/token
security.oauth2.client.userAuthorizationUri=https://dev-XXXXXX.oktapreview.com/oauth2/default/v1/authorize
security.oauth2.client.clientId=CLIENT_ID
security.oauth2.client.scope=openid profile email
Okta Identity Provider configuration:
But this configuration is always leading me to HTTP 400:
What I am missing?
You should configure your Spring Boot to work with Keycloak and then Keycloak to work with Okta.
The following article describes how to configure Keycloak with Okta SAML Provider
https://ultimatesecurity.pro/post/okta-saml/
I cannot answer it with surety, but have you added redirect-url to the trusted origins of Okta dashboard?
https://developer.okta.com/code/javascript/okta_sign-in_widget?_ga=2.16453941.2053718723.1521541302-1766190875.1521541302