keycloak jwt token : groups missing
I'm trying to make the wildfly quickstart microprofile-jwt work with keycloak 20.0.3 (https://github.com/wildfly/quickstart/tree/main/microprofile-jwt)
Here is my microprofile-config.properties :
mp.jwt.verify.publickey.location=http://localhost:8280/realms/mp_jwt_realm/protocol/openid-connect/certs
mp.jwt.verify.issuer=http://localhost:8280/realms/mp_jwt_realm
In the quickstart README, you can find a generated jwt token : eyJraWQi...ru5Z2NOmc2XPA
If you paste it in https://jwt.io/ you get this payload :
{
"sub": "testUser",
"upn": "testUser",
"iss": "quickstart-jwt-issuer",
"aud": "jwt-audience",
"groups": [
"Echoer",
"Subscriber"
],
"birthdate": "2017-09-15",
"jti": "3b89e56f-b8fd-4d5f-a1ed-080b958873f9",
"iat": 1579886816,
"exp": 1579901216
}
With keycloak, I'm not able to generate the 'groups' entry. As a consequence, I get "403 Forbidden" response after querying http://localhost:8080/microprofile-jwt/Sample/subscription with the token from a POST request to http://localhost:8280/realms/mp_jwt_realm/protocol/openid-connect/token
Note : with the same token, the query http://localhost:8080/microprofile-jwt/Sample/helloworld response is "Hello testuser".
Here is the payload of my token :
{
"exp": 1676989618,
"iat": 1676989318,
"jti": "41e1e5c9-7c96-455f-9655-e0c1424850aa",
"iss": "http://localhost:8280/realms/mp_jwt_realm",
"aud": "account",
"sub": "2e263ca7-ab78-4bca-863b-4d2241b3e69c",
"typ": "Bearer",
"azp": "microprofile-jwt",
"session_state": "f9e6396e-3c08-440e-9567-811cd83a7fc9",
"acr": "1",
"allowed-origins": [
"http://localhost:8080"
],
"realm_access": {
"roles": [
"default-roles-mp_jwt_realm",
"Subscriber",
"offline_access",
"uma_authorization"
]
},
"resource_access": {
"microprofile-jwt": {
"roles": [
"Subscriber"
]
},
"account": {
"roles": [
"manage-account",
"manage-account-links",
"view-profile"
]
}
},
"scope": "email profile",
"sid": "f9e6396e-3c08-440e-9567-811cd83a7fc9",
"email_verified": false,
"birthdate": "1974-01-12",
"preferred_username": "testuser",
"given_name": "",
"family_name": ""
}
What shall I do in keycloak to make the quickstart work ?
Well it looks that the UI in keycloak 20 has changed. Here is an answer : Where is the custom protocol mapper in Keycloak 20.0.2?
Make sure to use the "Group Membership" predefined mapper and "Full group path" OFF.
- Rcpp Rf_warningcall compiler warnings
- Modify the name of factor variables in lm function(summary function)
- Extreme value analysis and quantile estimation using log Pearson type 3 (Pearson III) distribution - R vs Python
- How to hide NAs when using xlsx::saveWorkbook?
- How do I retrieve a simple numeric value from a named numeric vector in R?
- Matching pair-wise columns from left to right across rows in one dataframe to another dataframe and adding new columns with matching values
- Income to outcome flow chart in Sankey plotly R
- color mapping in geom_conn_bundle not showing correctly
- Print R package startup message AFTER automatic package conflict messages instead of before
- Summing a set of R dataframe rows (column-wise), while retaining the first n columns
- Added variable / partial regression plots for groups in an interaction?
- how to make a topoplot in R with coordinates variable distribution
- List of all functions in base R?
- Plotting multiple plots for different initial conditions in one graph
- Printing repetitively on the same line in R
- Generating UI/Server based on initial selection
- Subset dataframe based on pickerInput
- How to let user pick the data in R-shiny?
- Couldn't show my simple bar charts separately on Shiny R dashboardBody
- How to programmatically filter contents of a second shiny app displayed via iframe
- How to select specific interesting groups for the boxplot in R Shiny app?
- Crosstable and Plot grouping with reactive values
- Is there a way to make multiple Shiny picker inputs where the selections must be disjoint?
- Delay/avoid duplication of shiny server side functions until after credentials
- Predictions only returns value "1"
- How to display a busy indicator in a shiny app?
- Append doesn't work when writing to CSV in R
- Changing the start date of a gantt chart in DiagrammeR
- Check for installed packages before running install.packages()
- Compare two columns element-wise