Hi Chandra, these videos are super useful. We are working on implementing a key cloak for our company. I need your guidance. Let me know if we can connect directly
Hello sir. i have aws eks cluster brand new. nothing is there yet. just defualt namespaces. i did install helm and created namespace keycloak and deployed keycloak there with helm install command. 2 pods came up but not running. was gonna to check the deployment. when i run kubectl get deployment -n keycloak i see no deployment. please advice
The promised command from the video keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
it would also be great if you can make a Keycloak18 video targetting system admin for deployment using docker image. Since nearly everything is going towards docker images such installation and doing settings as systems admin (dockerfile ,database settings,themes, Java settings...., port, )would be helpful.
Please make video for spring boot and mysql with keycloak embedded project I need only automatically create database and stored data for keycloak clients in table .
We would want to have option to login with Email or Phone number. Login with username need to be removed. Also the design need to be changed based on our own UI. Can you please help me on this. Thanks.,
Dhanapal, login with email is possible out of box. But with Phone number, as it will be custom attribute, there is no out of box feature available. For UI you can create a login theme. Please watch my video on themes. Please subscribe to the channel if not already.
Hi, Can you please help me to provide the solution on how we can authenticate the keycloak with AWS SES SMTP without a password but using the certificate? Is there any possible solution for that?
If I have a framework API running on a docker container behind a nginx proxy, how can I use JWT (with a lifespan let's say, 6 months) to authorize a specific user to query the API ? Any ideas to where to start investigating? Kind regards
Nuno Silva, if this is the only scenario you even don't need Keycloak. You can generate JWT using the available libraries like Nimbusds, JJWT and others. In the backend code, you can validate the JWT and check for username/Id attribute. For validation also, you can make use of APIs. Let me know the detailed scenario if possible and we can see what else we can do.
@@Tekgainers Thanks for the reply....basically I have several systems compliant with OGC (Open Geospatial Consortium) with API's and that return geospatial data to end-users and systems, but with poor authentication systems (most of them is basic auth enabled with user:password on URL...since the end-user could be a GIS client like QGIS desktop or another server consuming Web Map Services (WMS) , how can I implement somekind of a token (valid like say 6 months to users and servers só that the access can be more secure? Kind regards and thanks in advance
If I understand correctly, you don't have control over these APIs.. right? If yes, you can make use of lightweight API gateway which can be used alongwith OAuth 2.0 ( Keycloak ). So, basically your backend APIs are now secured with JWT tokens (expiration you can set as per your requirement). You can register clients individually per application so that every client will have different token. Let me know if this helps. You can connect with me @ discord.gg/XNkgaps7
@@Tekgainers Thanks for your help...I'm not trying to make you do my work, only pointing me in the right direction...is there an email where I can send you a diagram?
Do you have any guide on how to fix localhost:8080/auth? That page is not found apparently. Idk how to fix it since i havent registered any user, thus im unable to access the admin page.
Carl, I think you are using version 17 and above. If yes, "/auth" is not required. URL will be localhost:8080 only. Let me know if that helps. Also, do subscribe to channel if not already. Thanks.
With authorization code flow, Keycloak automatically redirects user back to the redirect url. With device code flow, Keycloak does not redirect user back. Is there any way to automatically redirect user back to the redirect url as the authorization code flow does?
Device code flow is decoupled authentication flow where in user will authenticate in other device. For example, when authenticate the user in Smart TVs, you will be asked to go the url and enter the verification key. So, if the user is using the app on browser or supported medium use Authorization code flow and where the support is limited, use device code flow. Let me know if I misunderstood your query. Subscribe to the channel if not already 🙂
@@TekgainersYes, you’re absolutely right. However, if I use Authorization code flow, I don’t know how to generate an one-time url login as the Device code flow. I need both one-time url of Device code flow and redirect after login success of Authorization code. Moreover, on server side I also need call a webhook after customer login success so that the client no need to poll for access_token. About call webhook, I think I can use event or I can build a service to poll instead of the client.
Can you please tell me the use case where you are requiring both flows? For which channel (browser, native mobile etc) is the application you are building
@@Tekgainers Actually, Authorization Code flow is ok for my use case. But I want more secure by using one-time url. It means to init the flow the backend of mobile app need to call my OAuth to have the one-time login url instead of the app directly redirect user to my OAuth login form along with client_id, redirect_url, response_type, challenge_code and so on. That’s my thinking, if there are any issues please correct me. Thank you in advance.
@@Tekgainers I have found out the “pushed authorization request” extension, we can use this extension with the Authorization code flow. The flow will initial from the backchannel, after that the Oauth server will return a request_uri, then the Oauth client will compose an authorization link using this request_uri, then redirect user to the link. So, this link is a dynamic and one-time use link, it solved my issue. Thank you and hope this comment can help the others in future to save the time.
Hi, In my organisation they have requirement to have swagger functionality support and avoid default database from DB2 to Postgres. So for that they want it to get the clone of keycloak and make the changes. So, I want it to ask is it required to get the clone and make the changes in the source code and build it? Will appreciate your early response Thanks.
Ashish, database integration is configuration based. No need of cloning the Keycloak. Swagger support for Keycloak Product REST APIs you are referring to?
Hey Ashish, that doesn't makes sense to amend Keycloak code only for swagger thing. Also, keycloak APIs are designed not in a way that a generic developer will understand. The thing you can propose and makes sense also is to have postman collection which everyone can also use.
Hello Linh... Please follow the Keycloak guide, database section www.keycloak.org/docs/latest/server_installation/#_database . Let me know if you face any challenges. Do subscribe the channel if you find it useful.👍
is keycloack have a feature to auto synchronize to source of truth database? so that we create user access to other application based on that source of truth
I didn't get your question completely. But if you mean to have "Authorization Capabilities", YES keycloak does have that feature. You can create resources, apply policies and also you can test your use-cases within keycloak as well. Can you please elaborate your use-case with scenario so that I can understand clearly? Thanks for subscribing :)
Not tried before. But you can check the url that is called on click of login with LinkedIn and add it as a link in your custom app. Try this and let me know.
Hi, can you show how to change password in keycloak, specifically those users linked in Active Directory or LDAP in User Federation. This was the usual error messsage I get when I try to change the password "Error! Could not modify attribute for DN [CN=testuser,OU=Faculty,DC=sampletest,DC=net]". Hoping for your help. Thank you.
@CrowdTweet, can you pls mention the time where you are getting this issue? Or is this a generic issue you are facing? Please elaborate so that I can help you out. Please subscribe to the channel if not already. Thanks.
@@crowdtweet are you able to see your Keycloak instance UP in logs? Do you see any exceptions in logs. Which version of Keycloak you are running? I have seen such issue in case of Java version compatibility.
@@crowdtweet Keycloak 18 runs on Quarkus and for Quarkus minimum java version required is 11. Can you please verify once with Java 11 and up with Keycloak 18.
Deep, the url you mentioned is of Public JWKS of Keycloak from where based on kid and alg we can get the JWK to validate the signature of JWS. Token generated from Keycloak will have kid from this JWKS endpoint only. Please elaborate your scenario in case you want to do something different.
@Nicearthes what is the exact issue you are facing? I hope you are replacing "${realm-name}" with your realm name. You can mail your issue with screenshots on tekgainers@gmail.com
The best video of Keycloak...Thanks...
Thanks a lot :) Please do SUBSCRIBE to the channel if not. Also, let me know if any topic you want me to make video on, Happy to have it publish. :)
best video on keycloak ever
Thanks a lot 😊
Thanks, brother very helpful video
Thanks Vicky. 🙏. Please do subscribe to the channel if not already.
Hi Chandra, these videos are super useful. We are working on implementing a key cloak for our company. I need your guidance. Let me know if we can connect directly
Hello sir. i have aws eks cluster brand new. nothing is there yet. just defualt namespaces. i did install helm and created namespace keycloak and deployed keycloak there with helm install command. 2 pods came up but not running. was gonna to check the deployment. when i run kubectl get deployment -n keycloak i see no deployment. please advice
The promised command from the video
keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
Thanks Akilan 👍👍
Thank you!
Thanks, but doc page not available
it would also be great if you can make a Keycloak18 video targetting system admin for deployment using docker image. Since nearly everything is going towards docker images such installation and doing settings as systems admin (dockerfile ,database settings,themes, Java settings...., port, )would be helpful.
Sure, you will soon get to see video on that. Please subscribe to channel if not already to get the notification.
I hope you got the notification of my new video.. a big thanks to you Can AtConsico to bring this topic..👍
@42:00 what if you want to migrate users with password already hashed with bcrypt !? how can we override it internal hashing algorithm ?
where in the descriptions are the stuff? REST APIS???
Manuel, please check the description again. I have updated. Thanks for pointing out.
Please subscribe to channel if not already.
Hello sir, it would be great to have a video about the latest version of Keycloak too! Let me know if you ever create it :)
Sure. Will plan one. Thanks 👍🏼
Good content 🤗 thank you so much
This video help me alot for implementation
Thanks a lot for viewing and appreciating 😊😊
Please make video for spring boot and mysql with keycloak embedded project I need only automatically create database and stored data for keycloak clients in table .
Thanks for watching!! You can check my video on Keycloak complete guide with docker for keycloak with mysql.
I could not see the command in the description, could please give me the command here
Please make a video on how to implement recaptcha in Keycloak 25.0.0 with code login theme
Excellent
where is the command that you shared
How to setup keycloak version 17 in cluster mode?
Rajkumar, documentation is still not upto mark for Keycloak Quarkus Distribution. I am working on the setup. Will post something soon.
great video!
Thanks a lot Sagar. Do subscribe to the channel ( if not already) for more videos.
We would want to have option to login with Email or Phone number. Login with username need to be removed. Also the design need to be changed based on our own UI. Can you please help me on this. Thanks.,
Dhanapal, login with email is possible out of box. But with Phone number, as it will be custom attribute, there is no out of box feature available.
For UI you can create a login theme. Please watch my video on themes.
Please subscribe to the channel if not already.
Hi, Can you please help me to provide the solution on how we can authenticate the keycloak with AWS SES SMTP without a password but using the certificate? Is there any possible solution for that?
If I have a framework API running on a docker container behind a nginx proxy, how can I use JWT (with a lifespan let's say, 6 months) to authorize a specific user to query the API ? Any ideas to where to start investigating? Kind regards
Nuno Silva, if this is the only scenario you even don't need Keycloak. You can generate JWT using the available libraries like Nimbusds, JJWT and others. In the backend code, you can validate the JWT and check for username/Id attribute. For validation also, you can make use of APIs. Let me know the detailed scenario if possible and we can see what else we can do.
@@Tekgainers Thanks for the reply....basically I have several systems compliant with OGC (Open Geospatial Consortium) with API's and that return geospatial data to end-users and systems, but with poor authentication systems (most of them is basic auth enabled with user:password on URL...since the end-user could be a GIS client like QGIS desktop or another server consuming Web Map Services (WMS) , how can I implement somekind of a token (valid like say 6 months to users and servers só that the access can be more secure? Kind regards and thanks in advance
If I understand correctly, you don't have control over these APIs.. right? If yes, you can make use of lightweight API gateway which can be used alongwith OAuth 2.0 ( Keycloak ). So, basically your backend APIs are now secured with JWT tokens (expiration you can set as per your requirement). You can register clients individually per application so that every client will have different token.
Let me know if this helps. You can connect with me @ discord.gg/XNkgaps7
@@Tekgainers Thanks for your help...I'm not trying to make you do my work, only pointing me in the right direction...is there an email where I can send you a diagram?
Yes Nuno. Please mail me here: tekgainers@gmail.com
Links for Rest API are not valid, please update
is keycloak19.0.1 setup similar???
Kind of similar. But soon you will get a starter video on 19 as well.
Please subscribe to the channel if not already for more videos.
Video is out. Subscribe to the channel if not already.
Could you please share some resources ? I want to apply keycloak in ecommerce MERN App.
Sudip, via my channel I try to explain the concept with hands-on demoes. I don't have any ready to use apps.
Do you have any guide on how to fix localhost:8080/auth? That page is not found apparently. Idk how to fix it since i havent registered any user, thus im unable to access the admin page.
Carl, I think you are using version 17 and above. If yes, "/auth" is not required. URL will be localhost:8080 only. Let me know if that helps.
Also, do subscribe to channel if not already. Thanks.
@@Tekgainers i tried running localhost:8080 only but it always redirects me back to the /auth page.
@@heycarlxyz pls join here discord.gg/y6rcSWvH54
can we disable the keycloak logo in dashboard(which after logged in page)? is thr any posibilties? pls sir reply?
Yes, we can disable by using themes. Please watch my video for themes which will help you out. You need to work on theme for security admin console.
@@Tekgainers thank u for the reply!
@@praveenchakravarthy2776 please subscribe to the channel if not already.
Bro ur direct getting 8443 port but I'm not getting in version 20.0.3
With authorization code flow, Keycloak automatically redirects user back to the redirect url. With device code flow, Keycloak does not redirect user back. Is there any way to automatically redirect user back to the redirect url as the authorization code flow does?
Device code flow is decoupled authentication flow where in user will authenticate in other device. For example, when authenticate the user in Smart TVs, you will be asked to go the url and enter the verification key. So, if the user is using the app on browser or supported medium use Authorization code flow and where the support is limited, use device code flow.
Let me know if I misunderstood your query.
Subscribe to the channel if not already 🙂
@@TekgainersYes, you’re absolutely right. However, if I use Authorization code flow, I don’t know how to generate an one-time url login as the Device code flow. I need both one-time url of Device code flow and redirect after login success of Authorization code. Moreover, on server side I also need call a webhook after customer login success so that the client no need to poll for access_token. About call webhook, I think I can use event or I can build a service to poll instead of the client.
Can you please tell me the use case where you are requiring both flows? For which channel (browser, native mobile etc) is the application you are building
@@Tekgainers Actually, Authorization Code flow is ok for my use case. But I want more secure by using one-time url. It means to init the flow the backend of mobile app need to call my OAuth to have the one-time login url instead of the app directly redirect user to my OAuth login form along with client_id, redirect_url, response_type, challenge_code and so on. That’s my thinking, if there are any issues please correct me. Thank you in advance.
@@Tekgainers I have found out the “pushed authorization request” extension, we can use this extension with the Authorization code flow. The flow will initial from the backchannel, after that the Oauth server will return a request_uri, then the Oauth client will compose an authorization link using this request_uri, then redirect user to the link. So, this link is a dynamic and one-time use link, it solved my issue. Thank you and hope this comment can help the others in future to save the time.
Hi, In my organisation they have requirement to have swagger functionality support and avoid default database from DB2 to Postgres. So for that they want it to get the clone of keycloak and make the changes. So, I want it to ask is it required to get the clone and make the changes in the source code and build it? Will appreciate your early response Thanks.
Ashish, database integration is configuration based. No need of cloning the Keycloak. Swagger support for Keycloak Product REST APIs you are referring to?
@@Tekgainers Yes, they want swagger documentation for the keycloak product rest API'S. So what can be done about it?
@@Tekgainers Hi, Could you please address me on the above query about swagger implementation? Your early response will be highly helpful. Thanks.
Hey Ashish, that doesn't makes sense to amend Keycloak code only for swagger thing. Also, keycloak APIs are designed not in a way that a generic developer will understand.
The thing you can propose and makes sense also is to have postman collection which everyone can also use.
where is the command under description
hi you. i want to connect keycloak with oracle database. how can i config for it
Hello Linh... Please follow the Keycloak guide, database section www.keycloak.org/docs/latest/server_installation/#_database . Let me know if you face any challenges.
Do subscribe the channel if you find it useful.👍
@@Tekgainers sorry. i can not find guide for oracle DB. can you help me please!!
@@LinhNguyen-tt1kj It uses the JDBC driver. www.oracle.com/database/technologies/appdev/jdbc.html
Hi how can I trigger a welcome email when a new user is added.
I have a video on this Prasad. welcome email title.
Please subscribe to the channel if not already.
is keycloack have a feature to auto synchronize to source of truth database? so that we create user access to other application based on that source of truth
I didn't get your question completely. But if you mean to have "Authorization Capabilities", YES keycloak does have that feature. You can create resources, apply policies and also you can test your use-cases within keycloak as well.
Can you please elaborate your use-case with scenario so that I can understand clearly?
Thanks for subscribing :)
How can integrate LinkedIn login on custom login page and then login through keycloak to LinkedIn and after to custom landing page of the application.
Not tried before. But you can check the url that is called on click of login with LinkedIn and add it as a link in your custom app. Try this and let me know.
Email Verification with keycloak rest api via postman , show this bro
Do you mean "Email Verification" as required user action upon creating a user via Keycloak rest API?
@@Tekgainers yes please
Sure. I will cook the video this weekend. Please do subscribe to the channel if not already.
Check the latest video.
I am a new dev thank you for this video is this free?
If you are watching on TH-cam it is free.
Hi, can you show how to change password in keycloak, specifically those users linked in Active Directory or LDAP in User Federation. This was the usual error messsage I get when I try to change the password "Error! Could not modify attribute for DN [CN=testuser,OU=Faculty,DC=sampletest,DC=net]". Hoping for your help. Thank you.
Looks like you don't have write access as I can see the error itself says modification not allowed.
The Edit mode in my user federation is writable. What should be the possible cause?
Does the mode in group mapper also affect? The choices are read only, ldap only, and import. What should I choose among those?
Can you please upload keycloak-19.0.0
Sure 👍
@@Tekgainers With https for prod plz :)
hi, I am getting ssl error in external requests
Can you please send me the logs @ tekgainers@gmail.com
Do subscribe to the channel if not already for more videos 🙂
@@Tekgainers I wrote thanks.
I am facing issue of file not found when try to run it
@CrowdTweet, can you pls mention the time where you are getting this issue? Or is this a generic issue you are facing? Please elaborate so that I can help you out.
Please subscribe to the channel if not already. Thanks.
@@Tekgainers I am facing issue when run standalone file and after try to open it on browser
@@crowdtweet are you able to see your Keycloak instance UP in logs? Do you see any exceptions in logs. Which version of Keycloak you are running?
I have seen such issue in case of Java version compatibility.
@@Tekgainers I am using java8 latest version also when trying to run 18.02 kyclock facing JNI error
@@crowdtweet Keycloak 18 runs on Quarkus and for Quarkus minimum java version required is 11. Can you please verify once with Java 11 and up with Keycloak 18.
brother where is key?
Hamza can you please elaborate more?
Cmd that's you say I'll put into discarption
I didn't found those cmd
Comic sans hurt my eyes
Sorry to hear this...any suggestions on font?? Most welcome 😃
How we can use kid rather then realm key from keyclosk_url/auth/realms/openid-connect/certs
Deep, the url you mentioned is of Public JWKS of Keycloak from where based on kid and alg we can get the JWK to validate the signature of JWS. Token generated from Keycloak will have kid from this JWKS endpoint only. Please elaborate your scenario in case you want to do something different.
I had a problem logging into my realm (console). 22:32
Try "localhost:8484/auth/admin/${realm-name}/console"
@Nicearthes what is the exact issue you are facing? I hope you are replacing "${realm-name}" with your realm name. You can mail your issue with screenshots on tekgainers@gmail.com
Also, pls subscribe to channel if not already for more useful videos.
@@Tekgainers i had a 404 error when i tried to enter without "auth", the realm-name was correct.
Yes. This tells that you are using keycloak version < 17. Because /auth was removed in Quarkus Distribution ( KeycloakX and Keycloak Ver 17)
@@Tekgainers ahh got it :)