Am getting status code 401 when access Keycloak users list even after adding realm-management roles

huangapple go评论75阅读模式
英文:

Am getting status code 401 when access Keycloak users list even after adding realm-management roles

问题

Am running keycloak version 10.0.2. I have set up a new Realm Screenshot for creation of realm

I have also created created a client called demo-app Screenshot for creation of client

I went a head and created user. On role mapping tab i assigned two realm-management role one view-realm and the other view-users screenshot for realm-management

After those configurations i tried this curl request to obtain access key

curl --location --request POST 'http://localhost:8080/auth/realms/test realm/protocol/openid-connect/token'
--header 'Content-Type: application/x-www-form-urlencoded'
--data-urlencode 'client_id=demo-app'
--data-urlencode 'username=benmuuo'
--data-urlencode 'password=1234'
--data-urlencode 'grant_type=password';

after getting the access token i did this request

curl --location --request GET 'http://127.0.0.1:8080/auth/admin/realms/test realm/users'
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJROWZUcUtwWm9vZWRCSFZObmNZb19EUGRyc09BejhlMzMzZjhOMjJCRVBvIn0.eyJleHAiOjE1OTc0MTgxNzMsImlhdCI6MTU5NzQxNzg3MywianRpIjoiMjhjOGFiMzItODUyNi00OWJjLWEzZjQtNTU5OTFlNjNjZTlhIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL3Rlc3QlMjByZWFsbSIsImF1ZCI6WyJyZWFsbS1tYW5hZ2VtZW50IiwiYWNjb3VudCJdLCJzdWIiOiI2NmQ3MDY3Ny05Mjk2LTQ2NTUtYTY0Zi1kYmI0YTZkY2I5M2QiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJkZW1vLWFwcCIsInNlc3Npb25fc3RhdGUiOiI5YWQ4YTZjMS1hNDRiLTRmNTMtOTRhYy0xNzc4MGQ5ZDE1NjYiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJhZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsicmVhbG0tbWFuYWdlbWVudCI6eyJyb2xlcyI6WyJ2aWV3LXJlYWxtIiwidmlldy11c2VycyIsInF1ZXJ5LWdyb3VwcyIsInF1ZXJ5LXVzZXJzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6ImJlbm11dW8ifQ.drQwz61b1f6B7E2e5g5k0poDPucEav4yd5FIN7kPjbl2Kgo8w96i9M98htcBkFkk6_EcWGx7U5H4TgAng4x_VVrCC8KgtIM_Jbmz0h_7bx_4LCkCcxmka-zuxBm4BKjF42XHOApKmL26dAnRbFgckp3SZ8v14Xz77Va0tPcH4R_Ap0VgkD0X3kj5rbInsvtrBDgQyinFSPZxe9fzW9ZybkQ4UmN_Plj6zbDwOmPbA1vOEuhPRmddgM5TfDr46bmeiuw6jrqD-1IA6glkt4H2P9ebjFWVHePLw9eyE8F0onRqOVajQgN60d2hNSSi-FsHHr-DoQG5mEQx797yrr4TVQ'

this is when am getting the 401 error

{
"error": "HTTP 401 Unauthorized"
}

What could be causing the issue cause i don't get it.

英文:

Am running keycloak version 10.0.2. I have set up a new Realm Screenshot for creation of realm

I have also created created a client called demo-app Screenshot for creation of client

I went a head and created user. On role mapping tab i assigned two realm-management role one view-realm and the other view-users screenshot for realm-management

After those configurations i tried this curl request to obtain access key

curl --location --request POST 'http://localhost:8080/auth/realms/test realm/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=demo-app' \
--data-urlencode 'username=benmuuo' \
--data-urlencode 'password=1234' \
--data-urlencode 'grant_type=password'

after getting the access token i did this request

curl --location --request GET 'http://127.0.0.1:8080/auth/admin/realms/test realm/users' \
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJROWZUcUtwWm9vZWRCSFZObmNZb19EUGRyc09BejhlMzMzZjhOMjJCRVBvIn0.eyJleHAiOjE1OTc0MTgxNzMsImlhdCI6MTU5NzQxNzg3MywianRpIjoiMjhjOGFiMzItODUyNi00OWJjLWEzZjQtNTU5OTFlNjNjZTlhIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL2F1dGgvcmVhbG1zL3Rlc3QlMjByZWFsbSIsImF1ZCI6WyJyZWFsbS1tYW5hZ2VtZW50IiwiYWNjb3VudCJdLCJzdWIiOiI2NmQ3MDY3Ny05Mjk2LTQ2NTUtYTY0Zi1kYmI0YTZkY2I5M2QiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJkZW1vLWFwcCIsInNlc3Npb25fc3RhdGUiOiI5YWQ4YTZjMS1hNDRiLTRmNTMtOTRhYy0xNzc4MGQ5ZDE1NjYiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJhZG1pbiIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsicmVhbG0tbWFuYWdlbWVudCI6eyJyb2xlcyI6WyJ2aWV3LXJlYWxtIiwidmlldy11c2VycyIsInF1ZXJ5LWdyb3VwcyIsInF1ZXJ5LXVzZXJzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6ImJlbm11dW8ifQ.drQwz61b1f6B7E2e5g5k0poDPucEav4yd5FIN7kPjbl2Kgo8w96i9M98htcBkFkk6_EcWGx7U5H4TgAng4x_VVrCC8KgtIM_Jbmz0h_7bx_4LCkCcxmka-zuxBm4BKjF42XHOApKmL26dAnRbFgckp3SZ8v14Xz77Va0tPcH4R_Ap0VgkD0X3kj5rbInsvtrBDgQyinFSPZxe9fzW9ZybkQ4UmN_Plj6zbDwOmPbA1vOEuhPRmddgM5TfDr46bmeiuw6jrqD-1IA6glkt4H2P9ebjFWVHePLw9eyE8F0onRqOVajQgN60d2hNSSi-FsHHr-DoQG5mEQx797yrr4TVQ'

this is when am getting the 401 error

 {
    "error": "HTTP 401 Unauthorized"
}

What could be causing the issue cause i don't get it.

答案1

得分: 3

抱歉,Keycloak在具有包含非URL友好字符(比如空格)的realm名称方面存在问题。你可以查看 https://issues.redhat.com/browse/KEYCLOAK-7844https://github.com/keycloak/keycloak/pull/5375#issuecomment-405343026 以获取更多细节。

目前(截至Keycloak 11.0.2版本),唯一可行的解决方案是禁止创建此类realm,例如通过更改主题以在输入字段中对realm名称进行任何验证。

尝试将realm名称更改为 test-realm,然后你可以将 Test Realm 用作realm显示名称。

英文:

Unfortunately, Keycloak has problems with realms that have names containing non URL-friendly characters (such as a space). You can see https://issues.redhat.com/browse/KEYCLOAK-7844 and https://github.com/keycloak/keycloak/pull/5375#issuecomment-405343026 for more details.

The only viable solution (for now, that is Keycloak 11.0.2-) is to forbid the creation of such realms, for example by changing the theme to have any validation of the realm names in the input fields.

Try to change the realm name to test-realm and you can use Test Realm as a realm display name.

答案2

得分: 1

首先,您应该使用管理员(主用户)配置执行此请求。

curl --location --request POST 
'http://localhost:8080/auth/realms/master/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=admin-cli' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=admin' \
--data-urlencode 'grant_type=password'

在获取访问令牌后,请尝试以下请求。

curl --location --request GET 
'http://localhost:8080/auth/admin/realms/test realm/users' \
--header 'Authorization: Bearer your-access-token'
英文:

Firstly you should do this request with admin(master) profile

curl --location --request POST 
'http://localhost:8080/auth/realms/master/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=admin-cli' \
--data-urlencode 'username=admin' \
--data-urlencode 'password=admin' \
--data-urlencode 'grant_type=password'

After getting the access token, try this request

curl --location --request GET 
'http://localhost:8080/auth/admin/realms/test realm/users' \
--header 'Authorization: Bearer your-access-token

huangapple
  • 本文由 发表于 2020年8月14日 22:43:32
  • 转载请务必保留本文链接:https://go.coder-hub.com/63414977.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定