keycloak-client | Keycloak client library to read in config | Identity Management library

I'm using ActiveMQ Artemis 2.16.0 and the management console is based on Hawtio. I've successfully integrated it with Keycloak (OpenID Connect) using this instructions. Now I've upgraded to ActiveMQ Artemis 2.17.0 and it stop working. Hawtio version seems the same:

I've got a problem with Keycloak java adapter. I try to integrate desktop application with Keycloak and enable SSO between a few other web applications. The problem is that when I try to login to Keycloak everything works perfect and smooth, I get information about proper authentication, obtain token and can even parse it without any problem, but there is no session created in WebBrowser (no session, no cookies). This means that I can't use just created session with other apps in same Keycloak realm, even if session in Keycloak is created properly.

What's more cookies created and stored earlier by other applications are also deleted (as cookies I mean KEYCLOAK_IDENTITY and KEYCLOAK_INDENTITY_LEGACY) after "succesful" login attempt with my desktop adapter. When I inspect browser cookies, there is some warning statement saying that cookies are rejected cause of their expiration.

What I use is KeycloakInstalled adapter (in latest, 15.0.2 version). I configured it using instruction on the page: https://www.keycloak.org/docs/latest/securing_apps/

The most important piece of code in this case in my opinion:

I'm trying to use spring cloud gateway with spring security and trying to call the rest API through angular but I'm getting following error

I'm trying to achieve the same exact thing of this user but using a client with client_credentials

I've followed this post to create my client with client credentials grant and so I can get the access token like this

but when I try to call the execute-action-email api I only get an error 401

what am I missing?

So I want to deploy a client-app (java, with spring security, if that matters) to different companies. The keycloak will obviously run on servers of my organization but the client-app as to run on the servers of the client-companies.

1. Should the keycloak-client's access type be public or confidential?
2. i.e. what is the client-secret used for? (Encryption)?
3. Is it therefore a problem if the companies admins can theoretically read the secret by decompiling the jar of the client-app I give them?

Concerning the valid redirect URIs: Idealy I would like to use grant-type: password, so the user of the company enters his credentials into the frontend of the company deployed client-app and it logs into keycloak. Potentially the client-app deployed in the company is only reacable from the company intranet.

1. What can the redirect URI be for this case?

I´m trying to implement an Angular Application with Spring Boot Restservice secured by Keycloak.

Local on my Computer everything works find. The Angular Application is bootstrapt by Keycloak (with keycloak-angular) so I have to sign in to see the application. The application sends Restcalls to Spring Boot toghether with the token. The Restservice is keycloak.bearer-only receives the token and filters using the roles in the token.

This works really well locally, but from the moment I deploy this on a server I get an 401 Error everytime I try to access my Restservice with enabled keycloak. (I´m signed in on Keycloak and have a valid token).

This is what I get on Spring Boot Debug Log: