Category Archives: keycloak

Keycloak S2S Verification with Postman and the aud Claim 

In our previous post, we detailed why we moved away from legacy AD service users and adopted Keycloak’s Client Credentials Grant for secure Service-to-Service (S2S) authentication. We configured our Chat App Service (chat-app-service) to call the protected CRM API Gateway (crm-api-gateway), locking down access using the critical Audience (aud) claim.  Now for the final, and most satisfying, step: Verification.  We needed a standard, accessible tool to proveContinue reading “Keycloak S2S Verification with Postman and the aud Claim “

Keycloak: Fixing “400 Bad Request – Request Header or Cookie Too Large” for Users with Many AD Groups 

Problem Description  Users who are members of hundreds of Active Directory groups receive a “400 Bad Request – Request header or cookie too large” error when trying to authenticate to web applications through Keycloak using OIDC/Kerberos authentication.  Root Cause  When using Kerberos/SPNEGO authentication with Active Directory, the Kerberos authentication ticket contains ALL of the user’sContinue reading “Keycloak: Fixing “400 Bad Request – Request Header or Cookie Too Large” for Users with Many AD Groups “

OpenID Connect with Pinniped and Keycloak

OpenID Connect (OIDC) allows us to use an Identity Manager Provider (IDP) with our Kubernetes cluster. Keycloak will act as the IDP alongside the Active Directory and Pinniped will provide kubernetes the ability to use the Active Directory users for role assignment. The following article goes over Pinniped installation and configuration, keycloack should be installedContinue reading “OpenID Connect with Pinniped and Keycloak”

OpenID – Connect Jenkins with Keycloak

On this blog I will show how to connect Jenkins to keycloak with OpenID . you can learn about keycloak installation on this link : https://www.keycloak.org/docs/latest/server_installation/index.html#guide-overview KEYCLOAK SERVER The first step is in Keycloak , you need to create a new Client on the Realm you configure when you build your own keycloak server (inContinue reading “OpenID – Connect Jenkins with Keycloak”