Keycloak Api Keys

Description

General

• Documentation: https://www.keycloak.org/docs-api/latest/rest-api/index.html
• Summary: Keycloak provides sign-in unification features, allowing users to sign in and out of all needed tools in one action.
• IPs allowlist: This feature is not supported.
• Scopes: Each user has their attributed key, which can cover any number of third-party services

Revoke the secret

From the admin console, one can issue 'not-before' policies, ensuring that tokens created before a given timestamp are rendered null. Specific applications, clients or users can also be disabled.

Check for suspicious activity

Logins are saved as events in the admin console (realm settings). These events can be regularly screened to detect suspicious activities (ex login at unusual hours), but there is no native way to automate the screening. Failed login attempts are also registered and can be configured to trigger an incremental lock on the targeted account, to avoid brute-force attacks.

Details for Keycloak Api Keys

• Family: credentials

• Category: identity_provider

• Company: KeyCloak

• High recall: False

• Validity check available: False

• Analyzer available: False

• Minimum number of matches: 2

• Occurrences found for one million commits: 5.82

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - keycloak

Examples

- text: |
    +#https://medium.com/securing-spring-boot-rest-apis-with-keycloak-alpha-beta
    +keycloak:
    +  auth-server-url: http://quick-start-random.nip.io/auth
    +  bearer-only: true
    +  credentials:
    +    client-id: 528bed53-f405-406a-96c0-5e921c7b39fe
    +    secret: 63488e67-3e19-43de-997e-833673aea340
    +  realm: a-random-realm
    +  resource: random-server
    +  use-resource-role-mappings: true

  client_id: 528bed53-f405-406a-96c0-5e921c7b39fe
  apikey: 63488e67-3e19-43de-997e-833673aea340

- text: |
    +keycloak.principal-attribute=preferred_username
    +keycloak.credential.client-id=2046f7b3-b878-4bc5-8f7f-57b24ce19d85
    +keycloak.credentials.secret=0aa1dabc-1d8a-4c00-85c2-82bc88c42dc7
    +keycloak.disable-trust-manager=true
  client_id: 2046f7b3-b878-4bc5-8f7f-57b24ce19d85
  apikey: 0aa1dabc-1d8a-4c00-85c2-82bc88c42dc7