I tried to implement user impersonation with Keycloak but I got this error
"error": "Feature not enabled"
This image shows what I ran in Postman and the error:
To start keycloak I ran Docker, on Windows 10 and then this command:
docker run -p 8080:8080 -e KEYCLOAK_PASSWORD=admin123 -e KEYCLOAK_USER=admin -e DB_VENDOR=H2 jboss/keycloak
so I use jBoss docker image, from RedHat.
So I wanted to enable that missing feature in keycloak, but from keycloak documentation I can't understand where to run this specific command:
For example, to enable docker and token-exchange, enter this command:
bin/kc.[sh|bat] build --features=docker,token-exchange
to have, for example, this token-exchange feature available in keycloak.
I tried to find into jBoss this kc file to run that command but I didn't find it. I found first the jBoss image:
docker exec 42f1c5c8bf55 it bash
then I enter on jboss
sh-4.4$ cd /opt/jboss
sh-4.4$ find . -name "kc.sh"
find: ‘./proc/tty/driver’: Permission denied
find: ‘./var/cache/ldconfig’: Permission denied
find: ‘./lost found’: Permission denied
sh-4.4$ find . -name "kc.*"
find: ‘./proc/tty/driver’: Permission denied
find: ‘./var/cache/ldconfig’: Permission denied
find: ‘./lost found’: Permission denied
I searched a lot and I tried different solutions, but non of them worked.
Anyone please give me a little help or at least an ideea how to implement a new feature, like token-exchange or access_token, inside keycloak.
CodePudding user response:
You can use the KC_
prefixed environment variables in your Docker container. For example, to enable features:
docker run -p 8080:8080 -e KEYCLOAK_PASSWORD=admin123 -e KEYCLOAK_USER=admin -e KC_FEATURES=token-exchange -e DB_VENDOR=H2 jboss/keycloak
Note that the jboss/keycloak
image is not the current official Keycloak image anymore. You probably want to migrate to the quay.io/keycloak/keycloak
images (see the Keycloak Docker docs).
CodePudding user response:
You can enable features using env var JAVA_OPTS_APPEND
environment variable
for example to enable Ability for admins to impersonate users just start the container like this:
docker run -p 8080:8080 -e KEYCLOAK_PASSWORD=admin123 -e KEYCLOAK_USER=admin -e DB_VENDOR=H2 -e JAVA_OPTS_APPEND="-Dkeycloak.profile.feature.impersonation=enabled" jboss/keycloak