KeyCloak Account Management Console
How do I disable the menus authenticator, sessions, applications, log and my resources options from the Account Management Console in KeyCloak as marked in the picture? I just want to have the Account and Password option to be available for the users.
Are you using the new or the old account console?
With the new account console you may simply want to adjust the content.json file
Check out this quickstart for details
With the old account console, I guess you will need to adjust the template.ftl in your own theme.
Note: Please be aware that this will only change the theme and users will still be able to use the APIs directly.
Related
I created a client called my-app in myrealm realm, the Always Display in Console and Consent Required options of which are also enabled.
According to the help message of the Always Display in Console option which says:
Always list this client in the Account Console, even if the user does not have a active session.
And then, I logged in the user console via <mydomain>/auth/realms/myrealm/account, but there is no application named my-app in the application (only one named Account Console listed here).
Is there anything I missed for the configurations?
I tried filling out the Base URL field on the client, and the application was listed in the Application List in the Account Console.
How do you access or enable the old KeyCloak user account console? In this blog post about the new user account console, they say "The old account console is still available for those who need it", but I cannot find out where to enable that.
You need to :
Go to your Realm;
And in Account Theme explicitly chose "keycloak"
Click Save
In the Account dropdown menu you will see at least the follow:
base;
keycloak;
keycloak.v2.
By default the new version is selected keycloak.v2. keycloak refers to the "old" version.
Numerous forum posts and documentations specify extracting login info for the Kubernetes install from ~/.kube/config.
The problem I found: mine doesn't have a proper user account, it specifies a name and a token.
How do I get the account name so I can use the kubernetes-cockpit UI? Surprisingly there appears to be nothing on that topic - what to do if the config doesn't contain an account.
It depends on how you use Cockpit.
According to cockpit official page:
Used in a standard cockpit session:
If a user is able to use kubectl successfully when at their shell terminal, then that same user will able to use Kubernetes dashboard when logged into Cockpit
I suppose this is your scenario, so if you didn't change default settings, the cockpit will look for .kube/config itself, i.e. you should be able to login without specifying your account.
I am using the AspNetIdentity sample from the IdentityServer3 Samples file. When I start up the application the first page shows links for the Identity Server Welcome page and the Identity Manager User admin. When I click on the Identity manager admin link it automatically logs into the server and you can create, update etc any users, roles etc. How can this be modified to require a login? It seems obvious to me that this should not automatically log in and allow this access - am I missing something?
Identity Manager's default security is "Local Host" security. This means the caller/user is considered trusted if that caller is browsing from the same machine that is hosting Identity Manager. This is just the default, other security modes are available. Brock has a good video that explains the other modes.
Our web application will require API access to be enabled in the Google Apps control panel to take advantage of the Directory API (Admin SDK). Is there a way to prompt the domain administrator to enable it during their initial authorization with our application (if it is not enabled) or another alternative?
If the APIs are not enabled, the specific error you'll see will be:
Error 403: Domain cannot use apis. - domainCannotUseApis
when setting up your application, you should perform a simple Directory API request call, maybe something like users.get() for the admin user logged into your application. If you get the above error, you should prompt the admin to enable the APIs in the CPanel.