I have a Spring Boot app that uses keycloak for auth.
On deployment, all services including app, keycloak, db are started by a single docker-compose --profile=prod up
where an external configuration is passed.
Up to here, everything works as expected.
However, the keycloak client "Access Type" currently is public, and should be changed to confidential. Then a secret needs to be passed to the requests. This can be obtained from Client-> Credentials, where the secret string can be copied or regenerated.
This string can then be copied in the application.yml or application.properties of spring boot app, as below, and everything works as expected.
keycloak:
auth-server-url: http://localhost:8080/auth
realm: qwerty
resource: login-app
ssl-required: external
bearer-only: true
use-resource-role-mappings: true
credentials:
secret: FyQjmAJclqqcLD22szwca1aEskSpqUPr
However, this required the start of keycloak service first, then get the secret, then copy it on the source code of app, build the app, start it.
So this breaks the "one click" deployment that is done in docker-compose....
From what I saw, you cant have a predefined string for secret and pass it on the realm when importing configuration or something.
Am I missing something? what would you suggest?
After some time we found the answer; we realized its possible to provision the secret on the realm export json. It is as below:
"id": "sad978adsf6sdfadfs",
"clientId": "app",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "someverysecret",
"redirectUris": [
"*"
],
Whole process
"secret": "*********",
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.