Default custom realm in keycloak - keycloak

Our team is working on a project that integrates into Keycloak. We created a custom realm, say ProjectX and enable our custom theme on it to be applied in the login page of Keycloak.
Since our theme is applied on the realm ProjectX and not in master, then how can we default the custom realm to be displayed(with the theme) when we first access the keycloak login page?

Not sure which project you are building and how you are configure keycloak in your ProjectX project. Ok lets ignore all these thing and see how we generally browse keycloak .We Simply hit https://<IP ADDRESS>:<PORT>/auth then it will show some link and we click to Administration Console and it will redirect to MASTER realm url.
Which look like this https://<IP ADDRESS>:<PORT>/auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=https%3A%2F%2F135.250.138.93%3A8666%2Fauth%2Fadmin%2Fmaster%2Fconsole%2F%3Fredirect_fragment%3D%252Frealms%252Fbasic-auth%252Ftheme-settings&state=47381ff9-eb03-4419-bac3-8824d57f9c0d&nonce=be95ef5a-0737-49a3-be0b-4577f7a050ae&response_mode=fragment&response_type=code&scope=openid
Now in your case you want to access the url for particular realm and not default(Master) realm,So here is the Solution hit below url.
https://<IP ADDRESS>:<PORT>/auth/realms/<REALM-NAME>/account
But make sure you created user for your realm and give proper rights to particular user.

Related

SSO Configuration on a Keycloak with existing user federation

I am trying to set up SSO between two Keycloaks. The target Keycloak, where I want to configure the SSO has user federation set up in place and the user management is disabled. I was thinking of configuring IdP brokering between my source Keycloak and the target Keycloak so that I can use the same authentication token.
I have configured login redirection and when I try to login to the target system, I was promptly redirected to the source Keycloak. Unfortunately, upon entering the username and password, I was presented with a dialog box stating that my user already exists and offering me to either Review the profile or Add to existing profile.
Initially, I thought it is because the user modification is disabled by the user federation. I have manually created the same username on the system, which is providing a list of the users but even with this in place, I am still unable to log in and am presented with exactly the same error message.

Access TypoScript Configuration within Authentication Service

I want to do OpenID Connect 1.0 authentication for frontend users on my site.
In order to do so, I've developed an authentication service (as described in the docs). Within this service I'd like to access TypoScript configuration values to fetch the OpenID configuration (.well-known-URL, client ID and secret).
To do so, I simply inject TYPO3\CMS\Extbase\Configuration\ConfigurationManagerInterface into the authentication service - but this class only wraps the real configuration manager, which in this case is an instance of TYPO3\CMS\Extbase\Configuration\BackendConfigurationManager - although I am in frontend context. This also affects other places, for example is TYPO3 not able to get the correct plugin configuration (because it is not present in the backend).
I've tracked this down to TYPO3\CMS\Extbase\Configuration\ConfigurationManager::initializeConcreteConfigurationManager, where the existence of $GLOBALS['TYPO3_REQUEST'] is checked - if it does not exist, the BackendConfigurationManager is used as fallback.
So my question: How do I correctly fetch TypoScript configuration within a TYPO3 authentication service?
As already written by Chris. TypoScript is not initialized at this time and I also don't suggest to do so by yourself.
Your options are:
Use the extension configuration which is described here
Use the site settings which are described here
Which one you want to use depends on the usecase. The extension configuration is global and even more lowlevel as now site is used. If you need different setttings for a multi-site installation, the site settings are the prefered choice

Change Keycloak logout redirect url

I would like to set a Keycloak redirect url. After click on Sign out button in template.ftl template which is set in account directory
It is represented by list item:
<li>${msg("doSignOut")}</li>
How it is now:
I'm redirect to the main site of keycloak (actually it is a site of login into keycloak)
What I want:
change this site and redirect user to main page of project. How can I define it as
I use Keycloak version 12.0.2
I haven't found any appropriate settings in realmName.json file or Administration Console which is available at http://localhost:8088/auth/admin/master/console/#/realms/realmName

GitHub OAuth is not configured. Configure OAuth in the che.properties file

I am getting error to configure the OAuth in the che.property. but I am not able to find the location of the file and the syntax to add the configurations. I am using Ubuntu 18.04
For single-user Che, see https://www.eclipse.org/che/docs/che-7/version-control/#configuring-github-oauth_version-control.
For multi-user Che:
Go to the keycloak page (http://keycloak-che.192.168.99.170.nip.io/)
login as admin
click Identity Providers.
In the Add provider drop-down list, click GitHub. The Add identity provider window is displayed.
In the Add identity provider window:
The Redirect URI field, depending on your Eclipse Che installation,
type the Authorization callback URL.
Copy the client ID and the client secret from GitHub and paste them
in the Client ID and the Client Secret fields, respectively.
In the Homepage URL and the Authorization callback URL field,
depending on your Eclipse Che installation, type the two URLS.
In the Default Scopes field, type repo, user, write:publick_key.
Set Store Tokens and Stored Tokens Readable to ON.
Click Save.
The Success! The github provider has been created. message indicates success. And, the GitHub provider is added to the Identity Providers window.
Perform the following steps to set role mapping for non-administrative users.
Expand the Manage tab and then click Users.
Click the Role Mappings tab.
Click the Client Roles drop-down menu and click broker.
In the Available Roles list, click read-token.
Click Add selected.
In the Effective Roles list, click read-token.
The GitHub OAuth is now set for the user.

Keycloak created user enabled

I am using keycloak 4.8.3 Final for my project. I have been reading keycloak documentation for 6 days.
I am using keycloak registration page. When i register, user always enabled, but in my scenario admin has to enable created user. I do not know why but i can not find it in keycloak documantation. I tried to change register flow but nothing change.
I found that we can't change this in 4.8.3 Final version. You can change java code and rebuild it, or you can use REST API.