Home > OS >  How to enable features, like token-exchange, in keycloak from command line
How to enable features, like token-exchange, in keycloak from command line

Time:02-03

I tried to implement user impersonation with Keycloak but I got this error

"error": "Feature not enabled"

This image shows what I ran in Postman and the error:

enter image description here

To start keycloak I ran Docker, on Windows 10 and then this command:

docker run -p 8080:8080 -e KEYCLOAK_PASSWORD=admin123 -e KEYCLOAK_USER=admin -e DB_VENDOR=H2 jboss/keycloak

so I use jBoss docker image, from RedHat.

So I wanted to enable that missing feature in keycloak, but from keycloak documentation I can't understand where to run this specific command:

For example, to enable docker and token-exchange, enter this command:

bin/kc.[sh|bat] build --features=docker,token-exchange

to have, for example, this token-exchange feature available in keycloak.

I tried to find into jBoss this kc file to run that command but I didn't find it. I found first the jBoss image:

docker exec 42f1c5c8bf55 it bash

then I enter on jboss

sh-4.4$ cd /opt/jboss
sh-4.4$ find . -name "kc.sh"
find: ‘./proc/tty/driver’: Permission denied
find: ‘./var/cache/ldconfig’: Permission denied
find: ‘./lost found’: Permission denied
sh-4.4$ find . -name "kc.*"
find: ‘./proc/tty/driver’: Permission denied
find: ‘./var/cache/ldconfig’: Permission denied
find: ‘./lost found’: Permission denied

I searched a lot and I tried different solutions, but non of them worked.

Anyone please give me a little help or at least an ideea how to implement a new feature, like token-exchange or access_token, inside keycloak.

CodePudding user response:

You can use the KC_ prefixed environment variables in your Docker container. For example, to enable features:

docker run -p 8080:8080 -e KEYCLOAK_PASSWORD=admin123 -e KEYCLOAK_USER=admin -e KC_FEATURES=token-exchange -e DB_VENDOR=H2 jboss/keycloak

Note that the jboss/keycloak image is not the current official Keycloak image anymore. You probably want to migrate to the quay.io/keycloak/keycloak images (see the Keycloak Docker docs).

CodePudding user response:

You can enable features using env var JAVA_OPTS_APPEND environment variable for example to enable Ability for admins to impersonate users just start the container like this:

docker run -p 8080:8080 -e KEYCLOAK_PASSWORD=admin123 -e KEYCLOAK_USER=admin -e DB_VENDOR=H2 -e JAVA_OPTS_APPEND="-Dkeycloak.profile.feature.impersonation=enabled" jboss/keycloak
  • Related