Keycloak Tutorial for Beginners [Full course in 1 Hour]

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and welcome to tech guinness my name is chandra and i am a technology explorer this video is part of key clock series and we will see how to get started with key clock x let's start key clock is a open source identity and access management tool for securing modern applications and services now those who are already using key clock they will be wondering what is key clock x right so answer is it is distribution of key clock running on top of quarkus quarkus is a full stack kubernetes and cloud native java application framework which is tailored for open jtk hotspot and grailvium so in comparison to spring it offers very small memory footprint and reduce boot time right so next question that must be coming is is it different from key clock traditional key clock which was running on wildfly answer is no in terms of product features and yes in terms of distribution package as mentioned key clock x is running on top of quarkus so here are the salient features reduced startup time lower memory footprint container first approach this is possible because of caucus then next is a better developer experience and focus on usability so because of this new command line in interface it is giving a better developer experience here you can see the benchmarking so as per key clock x they have given the benchmarks so we can see the traditional key clock which is running on wildfly and quarkus so startup time you can see for wildfly it is 12.1 for the first time uh deployment and for quarkus it is just 7.6 seconds and for the second time it is for wi-fi it is 8.1 and for quarkus 3.1 memory footprint rss per mb for wi-fi you can see it is 646 mb and for quarkus it is just 428 mb and for second time you can see it is drastically reduced to 320 mb so before we go further to see how to get started with key clock x here are the selling features of key clock why key clock is being used first one being single sign-on then key clock supports standard protocols like word 2.0 open id connect and saml 2.0 out of the box also if required social login it is present so you can see that key clock supports multiple social login providers like facebook google github next is ready to use adapters so key clock comes up with provider adapters for java javascript node.js c-sharp python android and ios so you can see most of the examples are given by key clock so you can get started with integrating the key clock into your application it comes with the support of ldap and active directory so that you can connect to existing user directories and for centralized management for admins and users there is a management console where admins can go and manage the key clock instances and for users they can go to their account console to manage their profiles we can go to keyclock.org downloads to download the setup so here is the link we opened keyclock.org downloads and you can see we are in the downloads latest release is 13.0.0 and here you can see key clock x preview ok so you will be downloading this distribution as a zip file now you have the zip file for key clock x so step one would be to unzip the downloaded file so here you can see this is my zip file and i have extracted the content now step two is to generate the self signed certificates to enable https so you can use this command to generate the server.keystore in the conf folder i will put this command in the description of the video so you need to be in the folder and you just open the command prompt and paste this click on enter let's see if the server.keystore is generated yes you can see the server.keystore is generated now step 3 is to run the kc.bet in bin directory if you want to run on http only then you can use the profile dev profile by using kc.bet space start hyphen dev so in production it is not recommended so that is why we have generated the certificates so in production environment we will replace the sales and certificates with the trusted certificates and step four will be to go to admin console running at https slash localhost colon 8443 so here we are in the bin directory and we'll try to start the server using the kc.bat file so you can see key clock 13 0 on jvm started in 9.97 seconds and also profile prod is activated so when you go to this url localhost colon8443 it will say that your connection is not private and this is because we are using self send certificates so we can go to advanced and click on proceed to localhost so for the traditional key clock user there is a change previously we used to go to localhost colon8443 slash auth auth so here there is no requirement of that also previously in traditional key clock we used to generate a admin user using the bat file or sh file for creating the user here you can see you can create the initial user for example i am creating admin so after providing these fields i can click on create and you can see user is created so we can go to the administration console here you need to enter the credential you have just created yeah so that means our instance is working fine okay so here you can see we have only one real master you can add further rims from here and you can see the properties like general properties like what is the name of the realm then display name html display name and other features then login right so for example if we want to use a registration we can enable it from here then email as a username we can use this then forgot password link we can provide so that if the user forwards the password he can use that so that ways our realm is updated other features we will see in the upcoming videos so how to configure the key clock x we have two categories here so one is which is set at the runtime example if you want to set a different port for example you want to run key clock on port 8180 so you can use this configuration while running the key clock kc dot bet hyphen f1 http port equal to 8180 other type of configuration is where you will configure the server for example you want to set the database so you will be using the property called config kc.bet space config space hyphen hyphen db equal to postgres hyphen f and db username username and db password as your password so this is quite simple configuration where you can quickly ah integrate your databases whatever database you have oracle mysql post case you can do this using this kind of configuration realm manages a set of users credentials roles and groups by default master realm is provided by key clock and if you remember from my first video that we have created initial admin user for master realm only now let's try to relate keycock claims with example of organization here you can consider master realm as organization which houses individual realms which are isolated from each other now the thought that must be coming to you is why we should create runes when we already have master in which we can manage all the things right so in short how these realms are beneficial to us answer is yes realms comes with multiple benefits as the rims are isolated from each other we can use them to achieve multi-tenancy where for each tenant we can create a separate room so by doing this for every realm we can manage a different set of users clients roles authentication flows as well as themes so we can see that we can customize login page for each and every realm so we will start by logging into the key clock using our admin credentials yeah so when you click on realm settings so this is the settings of our master rail so first type is your journal where it is displaying the name of the realm then host name if you want to give a fixed host name we can give it here then enable means this realm is enabled then next we will go to login so here is the login settings for example on the login page do we want user registration to be enabled so if you are enabling it right then user can directly register from the sign up page then edit user name if you enable it and then user will be able to edit the username similarly we have the options for forward password then remember me so for the full session if the the session is not expired so even if the user is closing the browser window then he will be able to log in directly then verify email so if we enable it so after the user is in the registration you need to verify the email then login with email means either the user can use the user id or the email require ssl is another feature which is important where we are saying for external request ssl is required then all requests so for all the requests the request will be server over ssl then none means any of the requests will not require ssl so by default it comes with external request then third tab is for the keys so these keys are used for various purposes during the token generation or id token generation so basically your id token or the tokens these are the sign tokens so these are the algorithms we can see by default rs256 so the provider is rsa generated okay so here we can see the public key for it and certificate for it and similarly for hs256 this is the kid right and then aes okay so these keys are already generated then uh passive keys are there then disables whatever the keys which we have disabled then these are the providers three providers we have seen so hm generated is generated rsa so we can edit them as well for example if we want to set the secret size so instead of 64 bit we want to set 128 or 250s or 512 we can do this then algorithm also we can change for example we can use hs512 or hs384 okay and similarly for rsa generated so rsa we have this uh by default the algorithm is rs-256 we can make it rs384 or rs512 or even we can use ps2556 right then this is the key size so bigger the key size the more secure is the encryption now next is the email tag so here we will be setting our host properties for example i am here i'm just using mail hog to make sure how the email is working we can give these details these are the mandatory details we need to give so we need to enable start tls and we can test the connection so yeah so this is one common issue which we have seen that the logged in user is not having any email registered because while doing the initial admin registration right it is not asking the email okay so what we have to do we need to go to the users view all users and this is the admin so we go here and we'll add the email here for example admin at gmail.com something like this okay we click on save now again we'll go to the room settings email here i will add the properties localhost port is 1025 on which my this mail hog is running and then send your email address right and then you will start tls let's test connection so you can see smtp connection successful email was sent so let's check eight zero two five it is running yeah perfect so we can see that we got this mail this is a test message so this is just a test message mail so once we are good we can save it next time is for the themes okay so by default key clock comes comes with base and key clock theme okay so so you can change the theme as well for example login team on the login screen you can change the layout or the look and feel of the theme similarly account theme then admin console this is the admin console if you want to change the theme you can change it then email theme so whatever the theme applied for email you can change it so i will be creating a separate video on themes for key clock as well as key clock x okay next is the localization so right now we are using a region where english is preferred okay so for other regions where localization is required so we can upload the localization json file and our key clock will work according to that local and comes the cache part so by using this admin console tab you can clear the realm cache or user cache or key then next step is for tokens so you can see that for uh default signature algorithm is rs256 and we have seen in the key step so we can change this token as well right so for example ps256 we want to sign so we can do that right then is a revoke revoke refresh token so this is refresh token revocation is based on the number of times the refresh token is used so if you are not enabling it then the client can use the refresh token and number of times but if we make it in a word so we can say that after how many times the token uh refresh token will be revoked for example after two times of the usage right the refresh token will be revoked then again other parameters are there for example session idle time for sso then s association max how many maximum hours we can give right then client session ideal client session max these are the properties which we can change as per our requirement so for example access token lifespan so here it is one minute so you can change it to two minutes or three minutes based on your requirement so next step is for client registration client tray are registering your oauth clients right so you will be using this so as per the rfc for this uh work to client registration initial access token is not mandatory it's an optional feature so you can create this token and only the clients who are having this initial access token can dynamically register themselves okay so then we have client registration policies so anonymous access policies are those applied for those who don't have initial access token okay so for example consent required or not then allowed protocol member types allowed client scopes for example client who is registering right so we can allow limited scopes as well then there is a for authenticated access policies as well so these are for the clients who are having the initial access tokens and the last step is for the security differences so for this realm we can have these address parameters supported for example x frame options so same origin we are saying so using this option um like the embedding of this key clock is disabled right if any other origin is there so you can click on these features and it will redirect to the particular rfc so we'll go to the this rfc http header field x frame options it will give you more information about this why we use this okay similarly for content security policy exchange type options right x axis protections so all these values you can set okay so this was all about the realm settings so master realm is by default which comes with key cloak and ideally or in production or in any scenario you should avoid using mastername for your applications so this master realm is only for the super admins who can manage the other realms okay so there is a option to add the real for example if i can go and click on address so i can give the realm name for example demo i am saying and we are enabling it so once you click on create so drilling has been created and it is auto selected here okay so you can see master and demo so right now we are in the demo realm and realm settings are different for the realms so basically by these realms key clock is providing you multi-tenancy okay so for each and every tenant you can have a isolated drill which have its own settings for example you have the settings for email you have the settings for login you have different keys right different clients right and and users as well right so every realm has its own set of all these clients client scopes rules users so in that ways for example if you want to compare it with the organization right so this organization can have multiple applications correct so for every application we can create a separate realm so that there will be a realm which is mainly or primarily for that application only and there will be a super admin right who can manage all these rules as well so that part we can do now once we have created the realm now what will happen if you go to users there is no user here so how will the admin feature work here right if you want to give this ring to the application team right so there will be one person who will be the admin of this rule so let's add that user for example we are saying again admin is the username so i am saving it okay then i will go to the credential step to set the password for admin so temporary i am removing because we are just doing the demo here okay so now we have set the credentials for this new admin for demo will you be able to access the real or the realm security console no so for that we need to add more one more thing we need to go to the role mappings okay so in the client roles we have real management okay so we need to select this and we have several roles here right create client impersonator manage authorization so what will happen for admins ideally all these rules should be enabled real madrid so there is one single role called realm admin so we can add this and you can see once i added the real madmin all the effective roles are pertaining to the roles which were available previously okay so that means this user is now the real madman okay so let's check this so right now i'm signing out of this slash admin slash realm name okay and console slash console so you can see now you are in the room demo and realm demo is shown over here as well okay so let's try to log in here perfect so we are in our demo realm now right because this user this admin is for demo so here he can't add a ring so only a master realm user can add a new realm this is one thing which we should notice okay so here comes the concept of super admin only a super admin can add a new tenant or you can say neural okay so now this admin can add further users okay so we can go and add users we can go to clients and we can create a new client as well so all these features he can use or i can access because this admin has been given the realm admin role yeah so this was all about the realms in this video and next video we will see how to add a theme to a realm by default key clock and key clock x comes with base and key clock theme and the simplest way to design a new theme is to extend existing themes basically you can extend either the base theme or a key clock theme based on your requirement so further we have the themes for accounts admin email login and the welcome page so in this video we will see how we can do this customization in the key clock let's see the demo now we are logged into the admin console of key clock in the realm settings we can see there is a tab for themes you can see my previous videos about the realms in key clock so we can see login theme is there account theme admin console theme email theme and internationalization so here we will see how to change the themes for a login screen so by default as i was mentioning so we have two themes base theme and key clock theme so what we need to do we need to have a maven project here so those who have used key clock they must be aware that they have used the traditional process of placing the themes file or themes folder with the custom themes but in key clock x that process is not working so for key clock x we need to build the jar file and the application or the project would be a maven project here you can see the src folder and the pom.xml first we will see the pom.xml it will be a basicform.xml where we are giving the only the group id artifact id and the version along with the name so you can see that custom theme demo is the artifact id and custom theme demo name and we go to the src so under the resources we have two folders one for meta inf and one for theme first we will check what meta inf will contain so here we will have key clock themes dot json file and in which we will specify the name of the theme and the types for example this custom theme demo we are doing it for login screen so the type would be the login and if email theme would be there then we would have written email now moving back to theme folder so theme folder will have the name of the theme custom theme demo and this should match with our the theme name so under custom theme we have the folder for login because we are doing it for login and if email would be there and then we would have the folder for email so under this login we will have one theme dot properties which will specify who is the parent class basically we are extending the base so it will refer all the base themes files and in this base theme file we are modifying the styles.css so what exactly we are doing here is we are not touching the base theme files except styles.css and in this we will specify our values so under the resources we will have the folder for css and under css will have styles.css and styles.css let's check so this is our custom styles.css where we have put the background image as this one img background image and img folder is under the resources itself so you can see so all your images you can put in under the img folder it is not mandatory you can rename it as images as well so all you need to do is to refer over here ok so basically you can change all the content or the css content over here right for example your form right kc form float is left you can make float as right or you can change the width here so all those things you can do over here so i am not talking about the css in this tutorial ok so let's see what next so now we have seen all the files what we require so let us go to the custom theme and we will package this application as a jar file so ambient package so now it is building and yeah build is success so now all you need to do is just copy this custom theme jar file and place it in the providers folder under the key clock setup so now server is down and then we need to just run the kc dot back with config with this whatever the jar files which we have put under the providers folder that will be deployed or you can say configured so now let's run our server a server is started so let's refresh this page okay we need to login so we can go to the themes and because we have changed the login theme let's see if it appears here yes you can see the custom theme demo we need to select it and save it so changes are saved to the realm then let's sign out yes so now you can see that our login screen is changed ok so we will again log in here now we can change it to base theme save and then sign out you can see this is the base theme which we have overridden so these are the following ways by which we can manage users first one is your self registration second is your manual process where the admin can use at the users via the admin console third one is user federation where we can use either kerberos or ldap i will show you how we can do it while and the last one is the via the apis so we will see how we can automate this process using the apis provided by key clock let's see one by one so this is the first option of managing the users in key clock which is self registration so basically we are enabling the end user to register himself on the key clock okay let's check how we can do that so this is our key clock login page you can see sign in to your account but one thing you should notice here there is no option to register okay so this by default key clock disable this features okay so let's see how we can enable it we'll log in with our admin user okay so we'll go to realm settings in the login tab you can see user registration okay so we'll make it on and save it so let's sign out okay so here now you can see this one okay so we have got the register option so let's click this and you can see we have a form to register ourselves so we'll add a user john john doe john doe gmail.com so we have entered all the information let's click on register now this this is obvious right because this is the admin console and john doe is not a does not have that access so that's why we are getting forbidden so let's sign out and log in with our admin user okay so we are back to our console and let's check the users okay so we have created user called john so we can see john is the username and this is the email id which we have registered so this is the one way of adding a user or managing our users so this is the next option where from the admin console the admin can add the user okay let's see how we can do this so we are in the key clock and in the user section so this is the manage users and you can see there is a button for adding a user so you can see you can click on add user we can add a user here john doe one and then we give the same email here john1 okay so these are several options which the admin can use where he can enable the user or disable the user and if the admin knows that this email is verified he can click on email verified or else the user need to verify the email okay so i am saying email verified right now i am not adding this user into any other group we will discuss about groups in the next video okay so other than this we have required user action where um on the first login and the user need to configure the otp or he need to update the password he need to update the profile all verify email so in my one of my videos i have covered this option verifying email so i've used one utility called as a mail hog basically if your gmail has some restrictions now okay so gmail doesn't allow this weak applications so that's why i used mail hog and you can use it for your development purpose okay so these are several required user actions which you can apply but for this video we'll just save it here okay so now you can see john doe one is created and these are the values which we are going now next is the attributes where you can provide some key value pairs and next is the credentials so as you can see we have not set the password okay so the admin can set the default password over here and it is made temporary okay so that the user can change the password okay otherwise what we can do we can make it as a permanent password also so we can set the password and now when we go to the users so we can see we are the next user as well so this is the second way how you can manage the user by using the manual process of admin adding all the users okay so let's see the third option so this is the third option which is called user federation where key clock provides support of kerberos as well as ldap so we'll see how ldap can be used let's see so again we are back to our key clock application and there is a option called user federation over here in the configure section okay so you can see if you click on this add provider you can check there is two options kerberos or ldap so ldap i have already added so i can click on ldap too this is the one which i have created and you can see there are several options which you need to fill your ldap information actually configuration which is required you can see uh username ldap attribute arduino attribute user object classes then connection url so this is the one basically you need to uh pre-bond with ldap colon slash list and your ldap uh server okay so we can click on a test connection and you can see success ldap connection successful now you need to provide the users dn then bind type is their search scope one level or subtree is there right then bind dn and the bind credentials so i have given the bind credentials and you can test authentication as well okay so this is the way you add the ldap server to your key clock okay so and there are other settings as well okay cache settings sync settings so once you do this you can click on synchronize all users you can see 24 updated users three users field because of some issues and we can check in the server locks okay so we can remove also we can synchronize the change users so suppose over the time your users are new users are added so you can synchronize it okay and there is a sync setting as well so you can sync periodic full sync or periodic change users in all those options you can apply over here okay so uh i can show you that one so if you go to users and click on view all users okay so it will take some time because these one guest one guest 11 guest two guest three guest zameer and all those things users so that are coming from my ldap okay so you can see a email the last name so because this is a open source ldap which is available for development purpose only just for testing purposes i've used this and if you want you can see in the video description where you will see all the information or the blog where the information is giving what is the ldap url then user id password and all those stuff i can provide that in the description section okay so this was the third one so this section will see how we can automate via apis now moving on to the final one which is the why are the rest apis so key clock provide rest apis to support the processes which can be automated for example if you get a excel file which is having the details of users now you need to import that excel into excel data that is the user information into key cloud so via apis you can do this by making the rest api calls okay we will see just from the postman i will show you how you can make that rest api call let's see so first step in accessing the key clock api is to get the access token okay so we will use this password grant to get the access token so as you can see the grant type is password and user id password i have given okay so we get the access token over here okay so now next is the add user key clock api so you can see the realm name is master so we are adding a user in the master rail so if you are adding a user to some other realm for example abc exercise that whatever realm name is you need to put that real name over here there is a mismatch in the documentation provided by key clock if you see the product rest apis documentation of key cloak they have mentioned that this this is not required okay directly what they are saying localhost 880 slash master slash users okay so this thing you need to note i will provide the documentation in the description of the video or you can check the video later on as well here i need to provide the token because i need to pass it as a token over here now let's check the body of this request it is a post request so here i need to provide the username which i am going to create for example i am creating a user called general.03 first name last name whether the user is enabled email is verified and the email okay so other values are also there you can check the documentation of the rest apis i can provide the link let's click on send now status 201 created that means the request is fulfilled and the user is added to verify let's go to the key clock page okay so i can directly search for chandra dot sharma zero three sorry yeah we can see this is the user chandra dot sharma zero three and we can check so this is the information which i have given so by this way we can write a java program or python code script or some other programming language we can make use of product rest apis which provides key clock provides okay why this we can automate this process so with this we come to the end of this video where we to summarize i've shown you how to manage the users in key clock using the four ways and i've explained all the four ways so if you have any questions put it in the comment and i will try to come back thanks a lot for watching this video so guys please subscribe the channel if you are not done so far and also please like the video and share this video with your friends so we'll see how we can manage our groups by kind of creating groups in key cloak and also assigning users to the groups let's see how we can create groups in key club so there are two ways different ways by which we can add the group first one is from the admin console so we will log into the key clock admin console and then we'll create the group let's check it out so we are at the key clock login page so let's login okay so this is our default landing page of key clock where we see the rim settings so here you can see groups are there right my cursor is hovering so right now we don't have any groups so what we can do we can click on create new so here we just need to give the group name for example demo group and click on save now you can see the group is created okay so what are the different attributes we can add to the group is a key value pair we can add it then the main thing is the role mappings okay so the group exactly is a collection of kind of people or you can say the users for example if application a is there right so we can uh like for example in this application we want to assign different roles uh to the users so one can be read only users or the right write plus read users or they are administrative users as well so instead of assigning the roles for this application to each and every user what we can do conveniently is creating a group and then group will be having the roles okay so what is the benefit of doing this is that at any point of time we can add or remove the users okay so that particular user user will be having that roles till the time he is the part of that group okay now second benefit is like when you are kind of adding one more role to it right so it will be convenient if you are adding that role to the group instead of suppose that group is having some 200 users so if you are adding a new role or deleting a role then you will need to do it for all the 200 users one by one okay so that's why where group comes into picture so you can assign that role to the groups okay so we can see they are realms roles which are available rules so for example i can give admin role to this group okay now the factory roles are admin and creator so the all the users that belongs to this group will have those access let's see so we don't have right now we don't have any members because it's a newly created groups now the second part is how to add users to that group okay so we'll go to users and we can click on view all users and demo user one is there right so we click on this here we can see there is a group tab this one okay so we can see we have one group available demo group which we have created we can select this and click on join now this user is added to this group okay now let let us go to the role mappings and you can see the effective roles admin and creative automatically uh comes into effective roles because he is now part of that group okay so let's do one thing just to showcase i will leave this group okay then again we will go to here now you can see the effective roles are removed from their admin and created okay so this is the benefit now if i have 100 users i can add those 100 users to this group and then all the effective roles will become what are the roles assigned to that particular group yeah so now coming back to the group so we have created demo group and there is a concept of nested groups as well so nested groups by means we have a parent group and then we have a nested group so how to create nested group nothing is there so what for this you what you need to do you need to select the group and click on new okay so here i will write demo nested group okay role mappings i will say demo app admin okay now coming back to groups again you can see the demo group is now kind of acting as a folder but it is a parent group so whatever the roles i have assigned to demo group that is automatically inherited by this demo nested group as well so now for example if i am assigning user this group demo nested group now that user will acquire the roles that are assigned to demo group as well okay so this is how nested groups will work now coming on to the second way of creating the groups it is by automating the process by the product rest apis so if you have seen my previous video where i was talking about four ways of managing users okay so there also i have talked about using the product rest apis which key clock provides so that you can do your automation okay let's see how we can do it via the apis okay so with this is the key clock admin rest api documentation you can see this is the overview where we talking about the uri scheme right and here you can see there is a uh [Music] part for groups okay so you can see groups we can create or add a top level realm group set or create child okay child means the nested group okay so the url is slash realm slash groups okay and realm name for example if you are creating groups in master you can have have slash master slash groups okay now for body of this post request will be a group representation so where we have all these optional values but right now we will demo it by using the name okay so we can give the name of the group and it will create that particular group in our key clock okay so here you can see localhost 880 i'm using http protocol here you can use https as well it will work both ways so slash or slash admin realms master and groups okay so as i was talking about this in my previous video as well the base path which is given in the key clock documentation right if we see the uri scheme it is base path is slash auth okay but this documentation is incorrect you need to have a slash or slash or admin okay so this is the post url and this is the body which i am going to give and i will create a dummy group from rest api group okay it requires authorization and we'll get the key clock token for this you can check my previous videos how we can get the token but in a summarized form uh we will use password grant type and we'll pass the client id which is admin cli and username password okay so yeah so we got the token here just copy it and we'll pass it this token here okay and click on send so you can see 201 that means the request is created okay so now let's refresh this groups this was the group which i have created yeah you can see this dummy group from rest api is created so this is how we can automate it via the uh rest apis now coming out to role mappings we have further apis as well where you can add a role um programmatically as well so guys that's it for this video if you have any queries any question feel free to comment on the video and if you like my content please subscribe to the channel in this video we will see what are events in key clock and how we can configure them so this will be a hands-on video so let's get started so now i am at the login screen of the key clock so let's log in here so this is the realm settings page which is the default landing page so if you go to events page here on the left hand side just click it so here we can see we have the login events we have the admin events and a config tab ok so here you can see that we can list down the number of events 5 10 1500 and also there is option to filter as well right what are the even types i am looking for so let us start with configuring the events here so by default all the events are the listed by jboss login ok so first we will start with the login event settings so to enable them we just need to click on yes okay now you can see the save types are these sent reset password remove totp client login and there are n number of settings are there ok so here the admin can decide what all events say you want to capture for example i am just want to capture the login event then i can remove others and add the login event ok so let us and also here we can mention the expiration as well for example i want to have this is two days or i can increase to three days four days five days and it can be in minutes hours or days okay so let's suppose we are setting the expiry for five days and once we are done we click on save here ok and now if i come to login events so right now we are not able to see anything but let us see we'll just sign out and we will sign it again yeah so you can see under the login events it has a start capturing the events so first thing was happened was the log out okay so what was the ip address who was the user and what was the redirect uri then i have logged in so it is a login event so here it is mentioning like what was the author method used authentication type and all those things okay nest code to token so this url must have given the code okay because you can see this or type is code and using this code we have captured the token for the login mechanism so you can see token id here ok and then scopes open id profile email it is reading ok now let us go to config tab again here we will enable the save ends and also you can see these red buttons so these are for clearing the events for example if you want to clear you can just click on clear events for example i have cleared event now the event has been cleared if i go to login events i won't be able to see any events okay so let us move again admin events i am enabling it and i am just clicking on save once you do this you can go to admin events you can see that it has already started capturing because ah as i admin i have triggered the events which is related to configuration of the events ok so you can see you can see the representation as well then we can see the auth as well so who is the client what who is the user and the ip address so here we come to the end of this video thanks for watching if you like the content please share it with your friends please subscribe the channel to get latest videos keep exploring thanks

Info

Channel: Tekgainers

Views: 86,576

Rating: undefined out of 5

Keywords: Keycloak

Id: zyqWpFUPTnE

Channel Id: undefined

Length: 55min 11sec (3311 seconds)

Published: Fri Feb 11 2022