Running Keycloak in Jetty
by Pål Oliver Kristiansen
Anyone that have managed to run Keycloak in Jetty?
Or anyone that have some pointers to where to start adapting the source to
make it work?
Thanks!
--
Pål Oliver Kristiansen
Cornix Consulting
92 22 60 41
7 years, 9 months
Breaking Change to Themes in 2.0/2.1?
by Chris Hairfield
Hello Keycloak Users,
We recently upgraded from 1.9.8 to 2.1.0 and love it (fixes a good number
of issues we've been having), but it seems to have broken an important one:
our themes!
For all HTML input elements we've added (those backed by user properties),
when we modify their value and save/POST, Keycloak returns an HTML document
populated with the old values rather than the new. A refresh of the page is
required for the new value to be returned/displayed, even though the first
save is sufficient to save the new value on the user.
One may reproduce this easily in 2.1.0 by adding the following code to the
base theme's account.ftl file:
<div class="form-group">
<div class="col-sm-2 col-md-2">
<label for="user.attributes.example"
class="control-label">Example:</label>
</div>
<div class="col-sm-10 col-md-10">
<input type="text" class="form-control" id="user.attributes.example"
name="user.attributes.example"
value="${(account.attributes.example!'')?html}"/>
</div>
</div>
In an Incognito window, impersonate a user, update the Example input, and
click save. Your new value is stored as an attribute on the user, but the
value of the input is set to whatever it was before. Refresh your browser
for the updated value to appear.
Any thoughts as to why? Do we need to update our theme code somehow?
Thanks,
Chris
7 years, 9 months
KeyCloak Mobile Mapper missing mobile number.
by vik yadav
Hi
In the KeyCloak configuration under User Federation i have defined a User
Federation Mapper which has a mobileMapper which maps mobile number from
LDAP under user Attribute in key Cloak.
Below is the configutaion.
UserFederation-->UserFederationMapper-->mobileMapper
User Model Attribute=mobile
LDAP Attribute=mobile
Always Read Value From LDAP=true
The mobile number is not coming in the attribute object automatically
while the other attributes are coming automatically like email ID,name and
userName in the attributes object under UserRepresentation
How do i get mobile number automatically in the org.keycloak.representations
.idm.UserRepresentation attributes object.
Key Cloak Version is 2.1.0 final
Regards,
Vikash
7 years, 9 months
Re: [keycloak-user] Getting Error when connecting local host to server DB
by Stian Thorgersen
Looks like there's something wrong in your standalone.xml. Did you use the
standalone server distro?
On 30 August 2016 at 09:15, Aman Jaiswal <aman.jaiswal(a)arvindinternet.com>
wrote:
> Hi Stian
>
> I am getting an error while starting keycloak-2.1.0.Final server ....
> error is mentions bellow
> I am all ready added the file layers.conf with content "layers=keycloak"
>
>
> =========================================================================
>
>
>
>
>
> JBoss Bootstrap Environment
>
>
>
>
>
> JBOSS_HOME: /home/ubuntu/keycloak/keycloak-2.1.0.Final
>
>
>
>
>
> JAVA: java
>
>
>
>
>
> JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M
> -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true
> -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
>
>
>
>
>
> =========================================================================
>
>
>
>
>
> 05:54:22,401 INFO [org.jboss.modules] (main) JBoss Modules version
> 1.5.1.Final
>
> 05:54:22,654 INFO [org.jboss.msc] (main) JBoss MSC version 1.2.6.Final
>
> 05:54:22,743 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049:
> Keycloak 2.1.0.Final (WildFly Core 2.0.10.Final) starting
>
> 05:54:23,647 ERROR [org.jboss.as.server] (Controller Boot Thread)
> WFLYSRV0055: Caught exception during boot: org.jboss.as.controller.
> persistence.ConfigurationPersistenceException: WFLYCTL0085: Failed to
> parse configuration
>
> at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(
> XmlConfigurationPersister.java:131) [wildfly-controller-2.0.10.
> Final.jar:2.0.10.Final]
>
> at org.jboss.as.server.ServerService.boot(ServerService.java:356)
> [wildfly-server-2.0.10.Final.jar:2.0.10.Final]
>
> at org.jboss.as.controller.AbstractControllerService$1.
> run(AbstractControllerService.java:299) [wildfly-controller-2.0.10.
> Final.jar:2.0.10.Final]
>
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_91]
>
> Caused by: javax.xml.stream.XMLStreamException: ParseError at
> [row,col]:[285,5]
>
> Message: Unexpected element '{urn:jboss:domain:4.0}subsystem'
>
> at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:108)
> [staxmapper-1.2.0.Final.jar:1.2.0.Final]
>
> at org.jboss.staxmapper.XMLExtendedStreamReaderImpl.handleAny(
> XMLExtendedStreamReaderImpl.java:69) [staxmapper-1.2.0.Final.jar:1.
> 2.0.Final]
>
> at org.jboss.as.server.parsing.StandaloneXml_4.parseServerProfile(StandaloneXml_4.java:546)
> [wildfly-server-2.0.10.Final.jar:2.0.10.Final]
>
> at org.jboss.as.server.parsing.StandaloneXml_4.readServerElement(StandaloneXml_4.java:242)
> [wildfly-server-2.0.10.Final.jar:2.0.10.Final]
>
> at org.jboss.as.server.parsing.StandaloneXml_4.readElement(StandaloneXml_4.java:141)
> [wildfly-server-2.0.10.Final.jar:2.0.10.Final]
>
> at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:103)
> [wildfly-server-2.0.10.Final.jar:2.0.10.Final]
>
> at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:49)
> [wildfly-server-2.0.10.Final.jar:2.0.10.Final]
>
> at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:110)
> [staxmapper-1.2.0.Final.jar:1.2.0.Final]
>
> at org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:69)
> [staxmapper-1.2.0.Final.jar:1.2.0.Final]
>
> at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(
> XmlConfigurationPersister.java:123) [wildfly-controller-2.0.10.
> Final.jar:2.0.10.Final]
>
> ... 3 more
>
>
>
>
>
> 05:54:23,651 FATAL [org.jboss.as.server] (Controller Boot Thread)
> WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting.
> See previous messages for details.
>
> 05:54:23,659 INFO [org.jboss.as.server] (Thread-2) WFLYSRV0220: Server
> shutdown has been requested.
> 05:54:23,683 INFO [org.jboss.as] (MSC service thread 1-3) WFLYSRV0050:
> Keycloak 2.1.0.Final (WildFly Core 2.0.10.Final) stopped in 18ms
>
>
>
>
> On Mon, Aug 29, 2016 at 4:29 PM, Stian Thorgersen <sthorger(a)redhat.com>
> wrote:
>
>> I'd say your DB is going pretty slow then. It takes me ~60 second to boot
>> Keycloak here, which is well within the 300 second limit. Can't really
>> answer why it's that slow as it's most likely your DB not behaving very
>> well.
>>
>> On 29 August 2016 at 12:53, Aman Jaiswal <aman.jaiswal(a)arvindinternet.com
>> > wrote:
>>
>>> hi
>>> I am talking about the time limit which is mention in the following
>>> error.
>>>
>>> ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread)
>>>
>>> WFLYCTL0348: Timeout after [300] seconds waiting for service container stability.
>>>
>>> Operation will roll back. Step that first updated the service container was 'add' at address '[
>>> ("core-service" => "management"),
>>> ("management-interface" => "http-interface")
>>> ]'
>>>
>>>
>>> On Mon, Aug 29, 2016 at 4:19 PM, Aman Jaiswal <
>>> aman.jaiswal(a)arvindinternet.com> wrote:
>>>
>>>> hi
>>>>
>>>> time when keycloak is trying to connect the database which is on the
>>>> server.
>>>>
>>>> On Mon, Aug 29, 2016 at 4:16 PM, Stian Thorgersen <sthorger(a)redhat.com>
>>>> wrote:
>>>>
>>>>> What time limit?
>>>>>
>>>>> On 26 August 2016 at 11:15, Aman Jaiswal <
>>>>> aman.jaiswal(a)arvindinternet.com> wrote:
>>>>>
>>>>>> Hi Stian
>>>>>>
>>>>>> Hi I changed the time limit from 300 to 600 and it's work but I
>>>>>> want to know that why it is not working on 300 sec of default time ?
>>>>>>
>>>>>> On Fri, Aug 26, 2016 at 2:43 PM, Stian Thorgersen <
>>>>>> sthorger(a)redhat.com> wrote:
>>>>>>
>>>>>>> Looks like maybe you haven't setup the datasource correctly or
>>>>>>> there's some other configuration issue. Maybe try Googling for it?
>>>>>>>
>>>>>>> On 23 August 2016 at 12:33, Aman Jaiswal <
>>>>>>> aman.jaiswal(a)arvindinternet.com> wrote:
>>>>>>>
>>>>>>>> Hi Team
>>>>>>>>
>>>>>>>> I am getting an error while connecting my local keycloak to DB
>>>>>>>> which is on server.
>>>>>>>> error is in attached file . please give me solution to resolve this
>>>>>>>> issue..
>>>>>>>> --
>>>>>>>> Thanks,
>>>>>>>> Aman Jaiswal
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-user mailing list
>>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Thanks,
>>>>>> Aman Jaiswal
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Thanks,
>>>> Aman Jaiswal
>>>>
>>>
>>>
>>>
>>> --
>>> Thanks,
>>> Aman Jaiswal
>>>
>>
>>
>
>
> --
> Thanks,
> Aman Jaiswal
>
7 years, 9 months
Problems using Keycloak for SSO
by Christoph Guse
Hello all,
I'm quite new to Keycloak, identitymanagement, Oauth2 and OpenID connect
and I think I haven't understood all mechanisms yet.
Currently I'm working on a proof of concept using Keycloak as Web-SSO
service. In my poc I have
- a Wiki application connected to Keycloak using SAML
- a spring-boot application (csrf is disabled as the UI brings it's own
csrf mechanism) using the community spring-boot adapter
In both applications the login works using Keycloak, both applications
work, resources can be loaded and so on. SSO works, after logging in
into the spring-boot application the Wiki application can be openend in
another browser window without having to reauthenticate. So far, so good.
But in my poc I want to embed the spring-boot application into the Wiki
application. Without authentication this works as the UI used in the
spring-boot application uses a virtual DOM which can be created on a
Wiki page.
Unfortunately this does not work with authentication using Keycloak.
After the login in the Wiki the Javascript in the Wikipage is not able
to load the JS from the spring-boot application for the virtual DOM
(HTTP 401, bearer token = "unknown").
I am wondering how Keycloak does the SSO as I was not able to see any
parameter in the HTTP requests which are something like the Keycloak
token ID. Can somebody explain - or give a hint where to find a detailed
explanation - how the token handling is done so I can figure out if
something is missing while accessing the spring-boot application?
Thank you in advance,
Christoph
7 years, 9 months
Keycloak - Identity providers and clients
by Zeus Arias Lucero | BEEVA
Is it possible to have different identity providers for each client on a
realm or the identity providers are only realm-dependant? I would like for
example to have github identity provider for one client and ldap for
another, on the same realm, I have looked through the docs and the
management console but no luck, before trying another thing just wanted to
check im not mistaken.
7 years, 9 months
Authorization at Keycloak level
by Edouard Kaiser
Hi everyone,
We discovered Keycloak very recently (pretty impressive tool by the way,
congrats to the maintainers!), and we've been trying to configure a very
simple authorization at the Keycloak level without success.
Let me try to sum up what we are trying to achieve in our web-application.
For a Keycloak Client, we would like to only allow the users with a
particular Role to be able to login.
We thought that to achieve this, we needed to do this:
- Authorization enabled on the client
- Create a new Role-Based policy ton a particular role
- Create a Resource Permission to use the previously created Policy
- Use this Resource Permission in the Default Resource of the Client
We use openid-connect, and more specifically Google as the identity
provider.
By doing this, we thought that users without the role, trying to connect to
our application through Keycloak, would be redirected to our application
with an error of authentication, something like this in the redirection:
/login/oauthVerify?client_name=OidcClient&error=unauthorized&error_description=You%20are%20not%20allowed%20to%20access%20this%20application.&state=CrsA9f9bEzLWyjQfT5PN43MPxl_PfMgvXZDQrEzCHi8
Instead, it's like Keycloak does not check the Authorization configuration,
it redirects to our webapp with a proper authorization code. Then the
application is able to fetch the JWT successfully form the Keycloak token
endpoint.
Did we miss something? Are we trying to solve our issue in the wrong way ?
Thank you all for your help,
7 years, 9 months
Re: [keycloak-user] Getting Error when connecting local host to server DB
by Stian Thorgersen
I'd say your DB is going pretty slow then. It takes me ~60 second to boot
Keycloak here, which is well within the 300 second limit. Can't really
answer why it's that slow as it's most likely your DB not behaving very
well.
On 29 August 2016 at 12:53, Aman Jaiswal <aman.jaiswal(a)arvindinternet.com>
wrote:
> hi
> I am talking about the time limit which is mention in the following error.
>
> ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread)
>
> WFLYCTL0348: Timeout after [300] seconds waiting for service container stability.
>
> Operation will roll back. Step that first updated the service container was 'add' at address '[
> ("core-service" => "management"),
> ("management-interface" => "http-interface")
> ]'
>
>
> On Mon, Aug 29, 2016 at 4:19 PM, Aman Jaiswal <
> aman.jaiswal(a)arvindinternet.com> wrote:
>
>> hi
>>
>> time when keycloak is trying to connect the database which is on the
>> server.
>>
>> On Mon, Aug 29, 2016 at 4:16 PM, Stian Thorgersen <sthorger(a)redhat.com>
>> wrote:
>>
>>> What time limit?
>>>
>>> On 26 August 2016 at 11:15, Aman Jaiswal <aman.jaiswal(a)arvindinternet.c
>>> om> wrote:
>>>
>>>> Hi Stian
>>>>
>>>> Hi I changed the time limit from 300 to 600 and it's work but I want
>>>> to know that why it is not working on 300 sec of default time ?
>>>>
>>>> On Fri, Aug 26, 2016 at 2:43 PM, Stian Thorgersen <sthorger(a)redhat.com>
>>>> wrote:
>>>>
>>>>> Looks like maybe you haven't setup the datasource correctly or there's
>>>>> some other configuration issue. Maybe try Googling for it?
>>>>>
>>>>> On 23 August 2016 at 12:33, Aman Jaiswal <
>>>>> aman.jaiswal(a)arvindinternet.com> wrote:
>>>>>
>>>>>> Hi Team
>>>>>>
>>>>>> I am getting an error while connecting my local keycloak to DB which
>>>>>> is on server.
>>>>>> error is in attached file . please give me solution to resolve this
>>>>>> issue..
>>>>>> --
>>>>>> Thanks,
>>>>>> Aman Jaiswal
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user(a)lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Thanks,
>>>> Aman Jaiswal
>>>>
>>>
>>>
>>
>>
>> --
>> Thanks,
>> Aman Jaiswal
>>
>
>
>
> --
> Thanks,
> Aman Jaiswal
>
7 years, 9 months
Re: [keycloak-user] Getting Error when connecting local host to server DB
by Stian Thorgersen
What time limit?
On 26 August 2016 at 11:15, Aman Jaiswal <aman.jaiswal(a)arvindinternet.com>
wrote:
> Hi Stian
>
> Hi I changed the time limit from 300 to 600 and it's work but I want to
> know that why it is not working on 300 sec of default time ?
>
> On Fri, Aug 26, 2016 at 2:43 PM, Stian Thorgersen <sthorger(a)redhat.com>
> wrote:
>
>> Looks like maybe you haven't setup the datasource correctly or there's
>> some other configuration issue. Maybe try Googling for it?
>>
>> On 23 August 2016 at 12:33, Aman Jaiswal <aman.jaiswal(a)arvindinternet.com
>> > wrote:
>>
>>> Hi Team
>>>
>>> I am getting an error while connecting my local keycloak to DB which is
>>> on server.
>>> error is in attached file . please give me solution to resolve this
>>> issue..
>>> --
>>> Thanks,
>>> Aman Jaiswal
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
>
> --
> Thanks,
> Aman Jaiswal
>
7 years, 9 months