Skip to content

Instantly share code, notes, and snippets.

View thomasdarimont's full-sized avatar
🏠
Working from home

Thomas Darimont thomasdarimont

🏠
Working from home
View GitHub Profile
@thomasdarimont
thomasdarimont / healthcheck.sh
Created January 9, 2025 09:27
Keycloak Healthcheck for docker without curl
#!/bin/bash
exec 3<>/dev/tcp/localhost/8080
echo -e "GET /auth/health/ready HTTP/1.1\nhost: localhost:8080\n" >&3
timeout --preserve-status 1 cat <&3 | grep -m 1 status | grep -m 1 UP
ERROR=$?
exec 3<&-
exec 3>&-
@Component
public class CookieSecurityContextRepository implements SecurityContextRepository {
private static final String EMPTY_CREDENTIALS = "";
private static final String ANONYMOUS_USER = "anonymousUser";
private final String cookieHmacKey;
public CookieSecurityContextRepository(@Value("${auth.cookie.hmac-key}") String cookieHmacKey) {
this.cookieHmacKey = cookieHmacKey;
@thomasdarimont
thomasdarimont / JwtClientAuthApp.java
Last active November 1, 2024 13:01
Spring Boot 3.3.5 JwtClientAuthApp example
package demo.jwtclientauth;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.JWSObject;
import com.nimbusds.jose.Payload;
@thomasdarimont
thomasdarimont / DebugFriendlyCreatedResponseUtil.java
Created October 25, 2024 10:44
DebugFriendlyCreatedResponseUtil
package de.adorsys.keycloak.config.util;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import java.net.URI;
import java.util.Map;
@thomasdarimont
thomasdarimont / readme.md
Last active October 3, 2024 11:17
kct issues

Issue: First example does not show how to use --context, errors without it

Issue: ~/.kct folder not created if missing

Issue: How to configure trust store via CLI? Manually adding trust store at the root did not work either. Truststore setting was removed after adding new (http) context.

Issue: Truststore configuration does not work, even with truststore set, I cannot configure it.

Issue: Add support for skip certificate validation

@thomasdarimont
thomasdarimont / setup-keycloak-config-client.sh
Created October 3, 2024 09:20
Example for setting up a Keycloak Client via kcadm.sh with the official Keycloak docker image
#!/usr/bin/env bash
shopt -s expand_aliases
alias kcadm="docker run --net=host -i --user=1000:1000 --rm -v $(echo $HOME)/.acme/.keycloak:/opt/keycloak/.keycloak:z --entrypoint /opt/keycloak/bin/kcadm.sh quay.io/keycloak/keycloak:24.0.5"
KEYCLOAK_URL=http://localhost:8080/auth
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=admin
{
"clientId": "reference-client",
"name": "",
"description": "",
"rootUrl": "",
"adminUrl": "",
"baseUrl": "",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
@thomasdarimont
thomasdarimont / realm-export-acr-import-bug.json
Created September 11, 2024 10:39
Keycloak ACR Values Realm Import Bug with Keycloak 24.x and 25.x
{
"id": "8d394374-7fc5-4ae5-bcb1-ba72a952209c",
"realm": "acr-impor-bug",
"displayName": "",
"displayNameHtml": "",
"notBefore": 0,
"defaultSignatureAlgorithm": "RS256",
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
"accessTokenLifespan": 300,
@thomasdarimont
thomasdarimont / custom-login.css
Last active July 19, 2024 10:10
Custom footer with custom theme based on keycloak.v2/login
#kc-login-footer-links {
text-align: center;
}
#kc-login-footer-links li{
display:inline-block;
}
@thomasdarimont
thomasdarimont / footer.ftl
Last active July 18, 2024 13:08
Keycloak Login template.ftl with support for footer macros