Single sign on for curl

Hi,

I have setup a realm and I’m trying to get an auth token by doing a SSO curl request.
Can’t find any documentation how to set this up. /myrealm/account work with the browser via SSO.
But when calling via curl …auth/realms/myrealm/protocol/openid-connect/token i’m not able to get a token back.

curl --negotiate -u : -X POST -i -v http://mydomain.com/auth/realms/myrealm/protocol/openid-connect/token --data “grant_type=urn:ietf:params:oauth:grant-type:uma-ticket”

I’n new to keycloak and would appreciate some help
Thanks all.

SSO doesn’t make sense for CURL, because it doesn’t maintain user session. But Open ID Connect has dedicated flow for machine calls (it must configured on the OIDC client level), which can be case for curl. Bash snippet:

CLIENTID="<CLIENT-ID>"
CLIENTSECRET="<CLIENT-SECRET>"

TOKEN=$(curl -k -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Basic $(echo -n ${CLIENTID}:${CLIENTSECRET} | base64 -w 0)" --data "grant_type=client_credentials" "http://mydomain.com/auth/realms/myrealm/protocol/openid-connect/token" -s | jq -r .access_token)

echo $TOKEN

If you want to have a user (human) identity, then check Resource Owner Password Credentials Grant (Direct Access Grants) flow or another type of flow.

Hi,

Thanks for your reply. All our services use Kerberos.

My use case is that we have multiple microservices, and I thought we could secure them with bearer token only, but call first keycloak via Kerberos from a client app, and get a token, and use that token to call the other services. Or is that not possible?

Thx