saml客户端在keycloak中的客户端机密 [英] client secret for saml client in keycloak

问题描述

我已经在keycloak中创建了一个saml客户端.要获取邮递员中的访问令牌，我在标题中输入"client-id，grant-type，username，password"，然后点击"http://{myserver ip address}":{port}/auth/realms/master/协议/openid-connect/令牌".我收到错误消息请求中未提供客户密码".但是我看不到keycloak中的客户端机密. 注意:我能够看到admin-cli和security-console的客户端机密，但是我的客户端是saml客户端，而我没有看到该客户端机密.

I have created a saml client in keycloak. To get the access token in postman, i have the "client-id, grant-type, username, password" in header and hit the "http://{myserver ip address}: {port}/auth/realms/master/protocol/openid-connect/token". i got the error as "Client secret not provided in request". But i am unable to see the client-secret in keycloak. Note: Iam able to see the client secret for admin-cli and security-console but my client is saml client and i am not seeing the client secret for that.

推荐答案

在OpenID连接下，如果将客户端的"Acces Type"设置为机密"或仅承载者"，则将出现一个新选项卡，称为"凭据"，您会看到一个自动生成的秘密(可以重新生成").与令牌端点 HOST:PORT/auth/realms/YOUR-REALM/protocol/openid-connect/token 对话时，您需要为参数"client_secret"提供自动生成值刚看到(在您的密码，client_id，用户名和授予类型上).这将适用于OIDC，适用于您显示的SAML，我不确定它是否像OIDC一样工作，但是如果确实如此，应该非常相似.

Under OpenID connect,if you set your client's "Acces Type" to "confidential" or "bearer-only", then a new tab becomes available called "Credentials", there you'll see an auto-generated secret (that you can "re-generate"). When you talk to your token endpoint HOST:PORT/auth/realms/YOUR-REALM/protocol/openid-connect/token , you'll need to provide the param "client_secret" with the autogen value you just saw (on top of your password, client_id, username & grant_type). This will work for OIDC, for SAML like you show, I'm not sure if it works like OIDC, but if it does, should be pretty similar.

希望有帮助.

这篇关于saml客户端在keycloak中的客户端机密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！