Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Keycloak REST API 403 forbidden

I am trying to delete user session using keycloak REST API, But getting the 403 forbidden Http status code. I am passing the token and cookie in to the header, please let me know if I missing something.

static void logOut(String userId,KeycloakSecurityContext session){

        userId = "a12c13b7-fa2e-412f-ac8e-376fdca16a83";

        String url = "http://localhost:8081/auth/admin/realms/TestRealm/users/a12c13b7-fa2e-412f-ac8e-376fdca16a83/logout";
        HttpClient httpclient = HttpClients.createDefault();
        HttpPost httppost = new HttpPost(url);

        HttpResponse response;
        try {

            httppost.addHeader("Accept", "application/json");
            httppost.addHeader("Content-Type","application/json");
            httppost.addHeader("Cookie", "JSESSIONID=CABD8A135C74864F0961FA629D6D489B");
            httppost.addHeader("Authorization", "Bearer "+session.getTokenString());


            response = httpclient.execute(httppost);
            HttpEntity entity = response.getEntity();

            System.out.println("entity :"+response.getStatusLine());

            if (entity != null) {
                String responseString = EntityUtils.toString(entity, "UTF-8");
                System.out.println("body ....."+responseString);
            }
        } catch (ClientProtocolException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

    }
like image 792
Avinash chavan Avatar asked Jun 28 '17 05:06

Avinash chavan


2 Answers

the user you use to access according functions needs according rights on your realm.

For example my 'admin' user needed a CLIENT ROLE "view-users" of CLIENT "realm-management" to be able to get information about users. In your case, when you need to delete a user, you may need a role "manage-users" or may be something more powerful.

like image 57
subrob sugrobych Avatar answered Sep 26 '22 13:09

subrob sugrobych


Realm management role of manage-users will give you delete permissions. You can select realm management from the client roles drop down in the role mappings tab.

Manage-users is a powerful role though, it might give more permissions to the end user than you might like. You can upgrade other users role, delete anyone etc. Do test it out according to your requirements.

like image 45
adit negi Avatar answered Sep 25 '22 13:09

adit negi