英文:
Am getting status code 401 when access Keycloak users list even after adding realm-management roles
问题
Am running keycloak version 10.0.2. I have set up a new Realm Screenshot for creation of realm
I have also created created a client called demo-app Screenshot for creation of client
I went a head and created user. On role mapping tab i assigned two realm-management role one view-realm and the other view-users screenshot for realm-management
After those configurations i tried this curl request to obtain access key
curl --location --request POST 'http://localhost:8080/auth/realms/test realm/protocol/openid-connect/token'
--header 'Content-Type: application/x-www-form-urlencoded'
--data-urlencode 'client_id=demo-app'
--data-urlencode 'username=benmuuo'
--data-urlencode 'password=1234'
--data-urlencode 'grant_type=password';
after getting the access token i did this request
curl --location --request GET 'http://127.0.0.1:8080/auth/admin/realms/test realm/users'
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJROWZUcUtwWm9vZWRCSFZObmNZb19EUGRyc09BejhlMzMzZjhOMjJCRVBvIn0.eyJleHAiOjE1OTc0MTgxNzMsImlhdCI6MTU5NzQxNzg3MywianRpIjoiMjhjOGFiMzItODUyNi00OWJjLWEzZjQtNTU5OTFlNjNjZTlhIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL3Rlc3QlMjByZWFsbSIsImF1ZCI6WyJyZWFsbS1tYW5hZ2VtZW50IiwiYWNjb3VudCJdLCJzdWIiOiI2NmQ3MDY3Ny05Mjk2LTQ2NTUtYTY0Zi1kYmI0YTZkY2I5M2QiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJkZW1vLWFwcCIsInNlc3Npb25fc3RhdGUiOiI5YWQ4YTZjMS1hNDRiLTRmNTMtOTRhYy0xNzc4MGQ5ZDE1NjYiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJhZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsicmVhbG0tbWFuYWdlbWVudCI6eyJyb2xlcyI6WyJ2aWV3LXJlYWxtIiwidmlldy11c2VycyIsInF1ZXJ5LWdyb3VwcyIsInF1ZXJ5LXVzZXJzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6ImJlbm11dW8ifQ.drQwz61b1f6B7E2e5g5k0poDPucEav4yd5FIN7kPjbl2Kgo8w96i9M98htcBkFkk6_EcWGx7U5H4TgAng4x_VVrCC8KgtIM_Jbmz0h_7bx_4LCkCcxmka-zuxBm4BKjF42XHOApKmL26dAnRbFgckp3SZ8v14Xz77Va0tPcH4R_Ap0VgkD0X3kj5rbInsvtrBDgQyinFSPZxe9fzW9ZybkQ4UmN_Plj6zbDwOmPbA1vOEuhPRmddgM5TfDr46bmeiuw6jrqD-1IA6glkt4H2P9ebjFWVHePLw9eyE8F0onRqOVajQgN60d2hNSSi-FsHHr-DoQG5mEQx797yrr4TVQ'
this is when am getting the 401 error
{
"error": "HTTP 401 Unauthorized"
}
What could be causing the issue cause i don't get it.
英文:
Am running keycloak version 10.0.2. I have set up a new Realm Screenshot for creation of realm
I have also created created a client called demo-app Screenshot for creation of client
I went a head and created user. On role mapping tab i assigned two realm-management role one view-realm and the other view-users screenshot for realm-management
After those configurations i tried this curl request to obtain access key
curl --location --request POST 'http://localhost:8080/auth/realms/test realm/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=demo-app' \
--data-urlencode 'username=benmuuo' \
--data-urlencode 'password=1234' \
--data-urlencode 'grant_type=password'
after getting the access token i did this request
curl --location --request GET 'http://127.0.0.1:8080/auth/admin/realms/test realm/users' \
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJROWZUcUtwWm9vZWRCSFZObmNZb19EUGRyc09BejhlMzMzZjhOMjJCRVBvIn0.eyJleHAiOjE1OTc0MTgxNzMsImlhdCI6MTU5NzQxNzg3MywianRpIjoiMjhjOGFiMzItODUyNi00OWJjLWEzZjQtNTU5OTFlNjNjZTlhIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL3Rlc3QlMjByZWFsbSIsImF1ZCI6WyJyZWFsbS1tYW5hZ2VtZW50IiwiYWNjb3VudCJdLCJzdWIiOiI2NmQ3MDY3Ny05Mjk2LTQ2NTUtYTY0Zi1kYmI0YTZkY2I5M2QiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJkZW1vLWFwcCIsInNlc3Npb25fc3RhdGUiOiI5YWQ4YTZjMS1hNDRiLTRmNTMtOTRhYy0xNzc4MGQ5ZDE1NjYiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJhZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsicmVhbG0tbWFuYWdlbWVudCI6eyJyb2xlcyI6WyJ2aWV3LXJlYWxtIiwidmlldy11c2VycyIsInF1ZXJ5LWdyb3VwcyIsInF1ZXJ5LXVzZXJzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6ImJlbm11dW8ifQ.drQwz61b1f6B7E2e5g5k0poDPucEav4yd5FIN7kPjbl2Kgo8w96i9M98htcBkFkk6_EcWGx7U5H4TgAng4x_VVrCC8KgtIM_Jbmz0h_7bx_4LCkCcxmka-zuxBm4BKjF42XHOApKmL26dAnRbFgckp3SZ8v14Xz77Va0tPcH4R_Ap0VgkD0X3kj5rbInsvtrBDgQyinFSPZxe9fzW9ZybkQ4UmN_Plj6zbDwOmPbA1vOEuhPRmddgM5TfDr46bmeiuw6jrqD-1IA6glkt4H2P9ebjFWVHePLw9eyE8F0onRqOVajQgN60d2hNSSi-FsHHr-DoQG5mEQx797yrr4TVQ'
this is when am getting the 401 error
{
"error": "HTTP 401 Unauthorized"
}
What could be causing the issue cause i don't get it.
答案1
得分: 3
抱歉,Keycloak在具有包含非URL友好字符(比如空格)的realm名称方面存在问题。你可以查看 https://issues.redhat.com/browse/KEYCLOAK-7844 和 https://github.com/keycloak/keycloak/pull/5375#issuecomment-405343026 以获取更多细节。
目前(截至Keycloak 11.0.2版本),唯一可行的解决方案是禁止创建此类realm,例如通过更改主题以在输入字段中对realm名称进行任何验证。
尝试将realm名称更改为 test-realm,然后你可以将 Test Realm 用作realm显示名称。
英文:
Unfortunately, Keycloak has problems with realms that have names containing non URL-friendly characters (such as a space). You can see https://issues.redhat.com/browse/KEYCLOAK-7844 and https://github.com/keycloak/keycloak/pull/5375#issuecomment-405343026 for more details.
The only viable solution (for now, that is Keycloak 11.0.2-) is to forbid the creation of such realms, for example by changing the theme to have any validation of the realm names in the input fields.
Try to change the realm name to test-realm and you can use Test Realm as a realm display name.
答案2
得分: 1
首先,您应该使用管理员(主用户)配置执行此请求。
curl --location --request POST
'http://localhost:8080/auth/realms/master/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=admin-cli' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=admin' \
--data-urlencode 'grant_type=password'
在获取访问令牌后,请尝试以下请求。
curl --location --request GET
'http://localhost:8080/auth/admin/realms/test realm/users' \
--header 'Authorization: Bearer your-access-token'
英文:
Firstly you should do this request with admin(master) profile
curl --location --request POST
'http://localhost:8080/auth/realms/master/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=admin-cli' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=admin' \
--data-urlencode 'grant_type=password'
After getting the access token, try this request
curl --location --request GET
'http://localhost:8080/auth/admin/realms/test realm/users' \
--header 'Authorization: Bearer your-access-token
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论