Admin url for bearer-only applications
by Alarik Myrin
I am not sure the Admin url is working for bearer-only applications, at
least not on Wildfly.
I have set the admin url for my bearer-only applications just like I do for
my confidential applications. In both cases (they are both war file
deployments running in Wildfly 8.0.0 Final) it is the context-root of the
war file. When I log out the sessions from the keycloak admin console,
the confidential applications hear about the logout, and will respond with
a redirect, but the bearer-only reply with the protected resource instead
of responding with a 401 like I would expect.
Is anyone else having trouble with this? There are no bearer-only resources
in the preconfigured-demo realm file to check against...
BTW, I just verified that this was happening with Keycloak 1.0-final.
Thanks,
Alarik
9 years, 8 months
Custom E-Mail provider
by Rodrigo Sasaki
Hello,
I wanted to keep the original SPIs untouched, so while doing this I created
a new module to act as my e-mail provider, although the
FreeMarkerEmailProvider keeps getting called as default.
Is there a place where I can define which EmailProvider I want to be used?
--
Rodrigo Sasaki
9 years, 8 months
Keycloak Docker 1.0-final
by Juraci Paixão Kröhling
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The "latest" image on Docker for Keycloak is now at 1.0-final.
https://registry.hub.docker.com/u/jboss/keycloak/builds_history/25016/
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCgAGBQJUEWeBAAoJEDnJtskdmzLMhAMH/0Uy3NSuBdd1XNdFTFbj1UGm
4UG1g2t2UFGOpflgDVqmbcGnn0A+2dN/Soq78Qxa277v23b2M8AYHmurZ6VFf39i
LHxhFT6B1JD830o4uV8omX52q2L+N1gVg4OYe2EOYWDMGhPyVs+J4F7o2o46oeye
fXQFAsDP4oMwHAWSpEA4LirmpH/Dc/ioRRj5Ez30sQaBZaS0vAJxaIaUIZJ1IpgV
zZeuCLEET/Cdimw7pbVM2KLwriGqkZaDdfzD2OHmwMQ5u5wLi9mDb8NImhI3IPkW
zkhzkZtu+tXC+Mpai8nkZyVUPGAQzSIDz8HSnrKvJBvIdoK1rXW6PjizrNX8JIg=
=ZNir
-----END PGP SIGNATURE-----
9 years, 8 months
Logged out of admin console after a short period of time
by Joshua Bellamy-Henn
Version: 1.0-final
Setup: Keycloak behind a reverse proxy
Currently after logging in to the Admin Console it seems that after 1-2
minute I am getting booted back to the login page. I am using default
timeout settings so it's odd that I am getting kicked out before the 10
minute session timeout.
Checking the logs after this occurs, I am seeing the following warn:
2014-09-11 05:20:05,025 WARN [org.jboss.resteasy.core.ExceptionHandler]
(default task-123) Failed executing GET
/admin/realms/abc/applications/website/session-count:
org.jboss.resteasy.spi.UnauthorizedException: Bearer
at
org.keycloak.services.resources.admin.AdminRoot.authenticateRealmAdminRequest(AdminRoot.java:153)
[keycloak-services-1.0-final.jar:]
at
org.keycloak.services.resources.admin.AdminRoot.getRealmsAdmin(AdminRoot.java:184)
[keycloak-services-1.0-final.jar:]
at sun.reflect.GeneratedMethodAccessor24.invoke(Unknown Source) [:1.7.0_60]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.7.0_60]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_60]
at
org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:81)
[resteasy-jaxrs-3.0.8.Final.jar:]
at
org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:60)
[resteasy-jaxrs-3.0.8.Final.jar:]
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:102)
[resteasy-jaxrs-3.0.8.Final.jar:]
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
[resteasy-jaxrs-3.0.8.Final.jar:]
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
[resteasy-jaxrs-3.0.8.Final.jar:]
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
[resteasy-jaxrs-3.0.8.Final.jar:]
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
[resteasy-jaxrs-3.0.8.Final.jar:]
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
[resteasy-jaxrs-3.0.8.Final.jar:]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
[jboss-servlet-api_3.1_spec-1.0.0.Final.jar:1.0.0.Final]
at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
org.keycloak.services.filters.ClientConnectionFilter.doFilter(ClientConnectionFilter.java:41)
[keycloak-services-1.0-final.jar:]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:40)
[keycloak-services-1.0-final.jar:]
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:113)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146)
[undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727)
[undertow-core-1.0.15.Final.jar:1.0.15.Final]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_60]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_60]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_60]
Any ideas what's going wrong?
Thanks,
Josh
9 years, 8 months
Deploy a custom theme with the war
by Rodrigo Sasaki
Hello,
I'm not sure if there was already a question on this matter, but I searched
aroung in JIRA and I couldn't find it.
Is there a way to deploy a custom theme along with my war artifact?
I tried creating modules like the ones provided, I extended an e-mail
module and a common themes module, creating the factories with a new id,
but on the admin console UI I can't see my own theme on the select menu.
If I create a theme and insert it in the /standalone/configuration/themes
directory of my application server it works, but I was told to try and
deploy it along with our war, to capture the theme from the classpath.
Is there already a built in way to do this?
--
Rodrigo Sasaki
9 years, 8 months
Transferring social login from mobile apps to Keycloak
by Artjom König
Hi,
I would like to use Keycloak as a backend security and user management
solution for my native apps (Android and iOS).
In my native app, the user can register/login with Facebook/Google+ using
the corresponding native SDK. After the login I get all desired user data
and even the access token.
Then I would like to create a user in Keycloak via the REST API with this
social account. It should result in the same user data, like using the
social login of the Keycloak's web login.
Any ideas, how to get this done?
Cheers,
Artjom
9 years, 8 months