Keycloak 创建用户的keydape API返回403
正在尝试使用KeyClope作为身份提供者。我使用Keycloak 创建用户的keydape API返回403,keycloak,keycloak-services,keycloak-rest-api,Keycloak,Keycloak Services,Keycloak Rest Api,正在尝试使用KeyClope作为身份提供者。我使用/standalone.sh脚本运行它 因此,我获得access\u令牌如下: curl --request POST \ --url http://localhost:8080/auth/realms/master/protocol/openid-connect/token \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data grant_type
/standalone.shaccess\u令牌curl --request POST \
--url http://localhost:8080/auth/realms/master/protocol/openid-connect/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data grant_type=client_credentials \
--data client_id=admin-cli \
--data client_secret=<the-client-secret-under-master-realm-for-admin-cli-client>
测试领域下curl --request POST \
--url http://localhost:8080/auth/admin/realms/test-realm/users \
--header 'Authorization: Bearer the-access-token' \
--header 'Content-Type: application/json' \
--data '{
"firstName": "Sergey",
"lastName": "Kargopolov",
"email": "test@test.com",
"enabled": "true",
"username": "app-user"
}'
TOKEN=$(curl -k -sS -d "client_id=admin-cli" \
-d "username=$ADMIN_NAME" \
-d "password=$ADMIN_PASSWORD" \
-d "grant_type=password" \
http://$KEYCLOAK_IP/auth/realms/master/protocol/openid-connect/token)
curl -k -sS -X POST https://$KEYCLOAK_IP/auth/admin/realms/$REALM_NAME/users \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-d "$USER_JSON_DATA"
403< HTTP/1.1 403 Forbidden
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< Referrer-Policy: no-referrer
< Date: Thu, 28 Jan 2021 23:43:57 GMT
< Connection: keep-alive
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-Content-Type-Options: nosniff
< Content-Type: application/json
< Content-Length: 25
编辑:我尝试了密码授予的方式来获得承载令牌,这是有效的,但不是客户端秘密方式。显然,我更喜欢客户保密的方式(这就是我目前所处的困境)。这里可能存在什么问题?要使用KeyClope Rest API创建用户,只需通过提供管理员用户的名称和密码,从管理员cli客户端请求代表管理员用户的令牌,例如:
curl --request POST \
--url http://localhost:8080/auth/admin/realms/test-realm/users \
--header 'Authorization: Bearer the-access-token' \
--header 'Content-Type: application/json' \
--data '{
"firstName": "Sergey",
"lastName": "Kargopolov",
"email": "test@test.com",
"enabled": "true",
"username": "app-user"
}'
TOKEN=$(curl -k -sS -d "client_id=admin-cli" \
-d "username=$ADMIN_NAME" \
-d "password=$ADMIN_PASSWORD" \
-d "grant_type=password" \
http://$KEYCLOAK_IP/auth/realms/master/protocol/openid-connect/token)
curl -k -sS -X POST https://$KEYCLOAK_IP/auth/admin/realms/$REALM_NAME/users \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-d "$USER_JSON_DATA"
$access\u TOKENcurl --request POST \
--url http://localhost:8080/auth/admin/realms/test-realm/users \
--header 'Authorization: Bearer the-access-token' \
--header 'Content-Type: application/json' \
--data '{
"firstName": "Sergey",
"lastName": "Kargopolov",
"email": "test@test.com",
"enabled": "true",
"username": "app-user"
}'
TOKEN=$(curl -k -sS -d "client_id=admin-cli" \
-d "username=$ADMIN_NAME" \
-d "password=$ADMIN_PASSWORD" \
-d "grant_type=password" \
http://$KEYCLOAK_IP/auth/realms/master/protocol/openid-connect/token)
curl -k -sS -X POST https://$KEYCLOAK_IP/auth/admin/realms/$REALM_NAME/users \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-d "$USER_JSON_DATA"
$USER\u JSON\u DATA服务帐户admin cliService account admin cli服务帐户管理cli管理员service account admin cliadmin- 境界大师
- 客户端>管理cli
- 去地图绘制者那里
- 点击[创建]
- 作为映射器类型,选择“硬编码角色”
- 点击选择角色并选择“管理员”
- 单击[保存]