Bearer only authentication on Keycloak 22 for Wildfly management console

We have a working setup with WildFly 26 with HAL (management console) protected through Keycloak 16.

We are using KC adapters, not WF native OIDC adapter.

Now we are trying to upgrade KC to 22, but KC dropped support to bearer only clients.

Requests to management interface returns 401 status code, and following logs on WF:

DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (management task-3) adminRequest http://localhost:9990/management
TRACE [org.keycloak.adapters.RequestAuthenticator] (management task-3) --> authenticate()
TRACE [org.keycloak.adapters.RequestAuthenticator] (management task-3) try bearer
DEBUG [org.keycloak.adapters.BearerTokenRequestAuthenticator] (management task-3) Authorization header not present
TRACE [org.keycloak.adapters.RequestAuthenticator] (management task-3) try query parameter auth
DEBUG [org.keycloak.adapters.QueryParameterTokenRequestAuthenticator] (management task-3) Token is not present in query
DEBUG [org.keycloak.adapters.RequestAuthenticator] (management task-3) NOT_ATTEMPTED: bearer only

Found some topics about messing with client setup, but all tests result in same error

Any clue on solving this?


Found the problem:

1 Like