How to authenticate in the Keycloak admin api?
So Keycloak has this admin api: https://www.keycloak.org/docs-api/22.0.1/rest-api/index.html#_overview
They do not mention what kind of authentication to use. I tried with Basic, but it does not work.
Solution
Access Token Request
https://datatracker.ietf.org/doc/html/rfc6749#section-4.3.2
Token Endpoint
POST http://localhost:8080/realms/{realm}/protocol/openid-connect/token
grant_type: password
username : {admin username}
password : {admin password}
client_id : admin-cli
Demo
1 Install Docker Desktop for Windows or Mac
https://www.docker.com/products/docker-desktop/
2 Launch Keycloak by docker-compose
Save as docker-compose.yml
version: '3.8'
services:
postgres:
image: postgres:15.6
container_name: postgres_db
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
keycloak_web:
image: quay.io/keycloak/keycloak:24.0.3
container_name: keycloak_web
environment:
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: password
KC_HOSTNAME: localhost
KC_HOSTNAME_STRICT: false
KC_HOSTNAME_STRICT_HTTPS: false
KC_LOG_LEVEL: info
KC_METRICS_ENABLED: true
KC_HEALTH_ENABLED: true
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
command: start-dev
depends_on:
- postgres
ports:
- 8080:8080
volumes:
postgres_data:
docker compose up -d
3 Get master token by Postman
Download and install Postman
POST http://localhost:8080/realms/master/protocol/openid-connect/token
In body tab
Select x-www-form-urlencoded
Master's admin credential username is admin, password is admin.
grant_type: password
username: admin
password: admin
client_id: admin-cli
In Tests tab
const jsonData = JSON.parse(responseBody);
postman.setEnvironmentVariable("master-token", jsonData.access_token);
Press Send button
4 Call Admin API by Postman
Get reamls list
GET http://localhost:8080/admin/realms
In Authorization tab,
Select Bearer Token and enter this text in Token editor control
{{master-token}}
You can see the realms list in the response Body
Note
The master token is valid for only 60 seconds as default.
You can extend more time for debugging purposes.
By Browser, open this URL
http://localhost:8080
Login using the master credential username is "admin" and password is "admin"
- Client secret not provided in request error
- Implementing OIDC with Authorization Code Flow on API Gateway using Keycloak as SSO provider
- Spring Boot with Spring Security and Keycloak only providing Anonymous Authentication Token
- Use Keycloak Spring Adapter with Spring Boot 3
- Validating Username and Password in Keycloak
- SAML configuration broke after upgrade from 7.55.8 to 7.98.8
- Javascript Error when using Keycloak with Artemis for Management Console access
- Why is Keycloak resulting in "Cookie not found" error after IDP initiated login?
- Configure Keycloak to Encrypt SAML Assertions with AES-128-GCM Instead of AES-128-CBC
- Transforming LDAP group memberships to SAML Attributes in Keycloak
- retrieve google refresh token in keycloak
- Use Terraform to assign realm-management role to service account user in Keycloak
- How to restrict access to Keycloak admin console to a specific IP/IP range?
- Keycloak "invalid credentials" error after login when access through Load Balancer
- As in keycloak version 26.0.6. how to enable Allow Token Exchange (to update tokens)
- Removed create-realm in Keycloak from admin role - how do I reassign it?
- keycloak-angular 26 is unable to find keycloak-js
- How to save the keycloak data when running inside docker container?
- Retrieve an oidc access token from Nuxt 3 app
- Keycloak custom event listener not deploying
- Unable to start keycloak with preview or scripts features enabled
- View/configure access log of Keycloak HTTP server
- Keycloak: How to enable unmanagedAttributePolicy over REST API?
- Springboot Keycloak Admin add role or reset password error
- How Do I Use KeyCloak in Flutter
- Migrate keycloak 1.5.2 to 2.5.3 in .NET Core
- How to make a oauth2 authentication within a spring boot shell application
- The nonce is missing from the id_token in the response
- Keycloak Phase Two Organization Attribute in Token and Introspection
- Keycloak as a Broker saml client