Client secret not provided in request [unauthorized_client] - keycloak

Here what i tried login to server where keyclock deploy and use the below directory /keycloak/bin/
and run following command
./kcadm.sh config credentials --server https://<IP ADRESS>:8666/auth --realm master --user admin --password admin
But this command throw error.
Client secret not provided in request [unauthorized_client]
Why client information is required ? I have to do this through Admin CLI
Login into the keycloak
Create a New realm
Create User and userGroup.
So according to me in this case client secret or any such information not require but admin-cli command complaining about same.

Here is the solution of the above problem.After installation the keycloak .Keycloak will by default create few clients(account,admin-cli,broker,master-realm,security-admin-console) and in these all clients admin-cli will be come with access-type=public So if you are trying to login through keycloak u have to fire below command from /keycloak/bin directory
./kcadm.sh config credentials --server https://<IP ADDRESS>:8666/auth --realm master --user admin --password admin --client admin-cli
As i am using https you may get the below error as well
Failed to send request - sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
To overcome this issue please generate the certificate and put inside /keycloak/security/ssl folder and then fire this command
kcadm.sh config truststore --trustpass $PASSWORD ~/.keycloak/truststore.jks
Now question how to create the realm then after login through admin-cli client use below command
./kcadm.sh create realms -s realm=demorealm -s enabled=true

Related

Disable ssl in Keycloak 20.0.1

I'm trying to disable https:
I started the sever using bin/kc.sh start-dev
And then I tried to disable ssl using:
root#server:/opt/keycloak#
root#server:/opt/keycloak# /opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin –-password admin
Logging into http://locahost:8080/auth as user admin of realm master
Enter password: *****
null [RESTEASY003210: Could not find resource for full path: http://localhost:8080/auth/realms/master/protocol/openid-connect/token]
root#server:/opt/keycloak#
Do you know what is the proper way to execute the command?
PS:
Working commands:
/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin –-password admin
/opt/keycloak/bin/kcadm.sh update realms/master -s sslRequired=NONE
If you're using Spring Boot you can configure it in application.yml
keycloak:
ssl-required: none
Since you're using Keycloak 20.0.1 you don't need /auth in server path, therefore, you need to modify command for configuring Keycloak as shown bellow:
/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin –-password admin
After that you should be able to disable SSL:
/opt/keycloak/bin/kcadm.sh update realms/master -s sslRequired=NONE

How to use the command kcadm.sh when after successfull login it says HTTPS required in Keycloak?

I am trying also to disable HTTPS, based on a stackoverflow question, an Answer was
to
docker exec -it {contaierID} bash
cd keycloak/bin
./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin
./kcadm.sh update realms/master -s sslRequired=NONE
but after executing the third command I am getting the error of HTTPS Required
Image
Version 19.0.2 of Keycloak

Keycloak deactivate Kerberos auth without been auth

I'm trying to use Keycloak in order to success a login configuration with Kerberos. (Which is a big failure)
I've made a mistake which is Kerberos : Required.
In other word I opened Authentication > Select Browser > Requirement : Required on Kerberos
So I can't connect anymore, I got a "Invalid username or password" when logging on "http://localhost:8080/auth"
Has someone had an issue to resolve this without deleting and reconfiguring the server?
Found something which help me a lot. I solved my problem so, i will explain how
I've used in my bin directory : kcadmin.bat (or .sh)
Opened in a CMD
Login with kcadmin
kcadm.bat config credentials --server http://localhost:8080/auth --realm master --user admin
Next, i get the ID i need to update the flow (master) :
kcadmin.bat get authentication/flows/{FLOW}/executions
Next, i put in a JSON file {"id":"ID_of_my_flow", "requirement":"ALTERNATIVE"}
Save my file and finaly just wrote
kcadmin.bat update authentication/flows/master/executions -r REALM -f myfile.json
Thanks.

Unable to create repository on IBM Cloud

I'm able to login successfully with : ibmcloud cr login
but when i try to create a repository in the registry, i have the following error :
docker push registry.eu-gb.bluemix.net/fdutreg/ksrepo
The push refers to repository [registry.eu-gb.bluemix.net/fdutreg/ksrepo]
428c97da766c: Preparing
unauthorized: The login credentials are not valid, or your IBM Cloud account is not active.
Any idea ?
Replace registry.eu-gb.bluemix.net by registry.eu-de.bluemix.net and now this is ok.
2 years later but probably someone could be experimenting the same issue. The thing is that you are not authenticate to the registry. You can authenticate with an API key using:
docker login -u iamapikey -p apikey registry_url
For the apikey field you can create an apikey in Manage > IAM > APIkeys > Create an IBM Cloud API key in ibm.cloud.com
It is important to know that Using --password via the CLI is insecure. Use --password-stdin. You can find alternatives in https://cloud.ibm.com/docs/Registry?topic=Registry-registry_access
Log your local Docker daemon into the IBM Cloud Container Registry.run the following command:
ibmcloud cr login

How to avoid certificate prompt when using jboss-cli with a https connection

When I run a command with jboss-cli.sh against a Wildfly server that has HTTPS configured on the management interface, I get the message:
Accept certificate? [N]o, [T]emporarily, [P]ermanently
How can I avoid this?
The solution is to set the javax.net.ssl.trustStore system property to the self signed certificate:
./jboss-cli.sh -Djavax.net.ssl.trustStore=/opt/wildfly/domain/configuration/https.store --user=admin --password=password --connect --controller=https-remoting://10.0.0.1:9990 -c "deploy /tmp/hawtio.war --all-server-groups"