We have a working setup with WildFly 26 with HAL (management console) protected through Keycloak 16.
We are using KC adapters, not WF native OIDC adapter.
Now we are trying to upgrade KC to 22, but KC dropped support to bearer only clients.
Requests to management interface returns 401 status code, and following logs on WF:
DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (management task-3) adminRequest http://localhost:9990/management
TRACE [org.keycloak.adapters.RequestAuthenticator] (management task-3) --> authenticate()
TRACE [org.keycloak.adapters.RequestAuthenticator] (management task-3) try bearer
DEBUG [org.keycloak.adapters.BearerTokenRequestAuthenticator] (management task-3) Authorization header not present
TRACE [org.keycloak.adapters.RequestAuthenticator] (management task-3) try query parameter auth
DEBUG [org.keycloak.adapters.QueryParameterTokenRequestAuthenticator] (management task-3) Token is not present in query
DEBUG [org.keycloak.adapters.RequestAuthenticator] (management task-3) NOT_ATTEMPTED: bearer only
Found some topics about messing with client setup, but all tests result in same error
- Where can I set Access-Type of client as “bearer-only” in the new keycloak admin console?
- https://groups.google.com/g/keycloak-user/c/75iuKmiYvBU
Any clue on solving this?
Thanks!