[keycloak-dev] Are we all set?

Bill Burke bburke at redhat.com
Wed Sep 10 09:03:12 EDT 2014 

I'm charging up my macbook.  I'll look into it.

On 9/10/2014 8:49 AM, Stian Thorgersen wrote:
> Apparently login with keycloak.js doesn't work on Safari (https://issues.jboss.org/browse/KEYCLOAK-675). We need to fix this before releasing :/
>
> ----- Original Message -----
>> From: "Stian Thorgersen" <stian at redhat.com>
>> To: "Bill Burke" <bburke at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Wednesday, 10 September, 2014 2:11:34 PM
>> Subject: Re: [keycloak-dev] Are we all set?
>>
>> We also need to reduce info level log output from adapters. I did this for
>> the server for rc-2, but completely forgot about adapters. Marek is already
>> working on this, and I guess it shouldn't take very long.
>>
>> ----- Original Message -----
>>> From: "Stian Thorgersen" <stian at redhat.com>
>>> To: "Bill Burke" <bburke at redhat.com>
>>> Cc: keycloak-dev at lists.jboss.org
>>> Sent: Wednesday, 10 September, 2014 10:37:15 AM
>>> Subject: Re: [keycloak-dev] Are we all set?
>>>
>>>
>>>
>>> ----- Original Message -----
>>>> From: "Bill Burke" <bburke at redhat.com>
>>>> To: "Marek Posolda" <mposolda at redhat.com>, "Stian Thorgersen"
>>>> <stian at redhat.com>
>>>> Cc: keycloak-dev at lists.jboss.org
>>>> Sent: Wednesday, 10 September, 2014 3:09:20 AM
>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>
>>>>
>>>>
>>>> On 9/9/2014 5:47 PM, Marek Posolda wrote:
>>>>> Hi,
>>>>>
>>>>> I am sorry to not help more with the release as I needed to work
>>>>> especially on some portal related stuff last weeks (hopefully it's gone
>>>>> now)...
>>>>>
>>>>> Found couple of things:
>>>>> * AccountService is actually broken for me in Chrome due to latest CSRF
>>>>> stuff. In FF it works fine, but in Chrome I can't update account or
>>>>> password. For some reason Chrome is always adding "Origin" header to
>>>>> the
>>>>> update requests (even if they are not ajax requests). So the newly
>>>>> added
>>>>> condition for CSRF in AccountService.init will always fail. I have
>>>>> Chrome 37.0.2062.94 (64-bit) .
>>>>>
>>>>
>>>> Ok, I thought Origin header wasn't supposed to be sent with Browser
>>>> requests.  I can probably fix this by allowing same origin.
>>>
>>> Added fix to allow same origin. I also added check of 'Referer' header to
>>> make sure it's same origin as well.
>>>
>>>>
>>>>
>>>>> * ServerInfo request (http://localhost:8080/auth/admin/serverinfo) is
>>>>> not available with CORS . I've created JIRA
>>>>> https://issues.jboss.org/browse/KEYCLOAK-670 and send PR
>>>>> https://github.com/keycloak/keycloak/pull/683 for this, which is adding
>>>>> authentication for ServerInfoAdminResource and then it use allowOrigins
>>>>> from the authenticated bearer token. Admin console is already using
>>>>> bearer token for sending ServerInfo requests, so no changes are needed
>>>>> here. I believe that ServerInfoAdminResource should be authenticated
>>>>> (don't know why stuff like available social providers or themes should
>>>>> be publicly available). Let me know if you seeing issues with it. I did
>>>>> not merge PR so far as version in master is already changed to
>>>>> 1.0-Final
>>>>> so not sure what is the state of the release .
>>>>>
>>>>
>>>> Merge it.
>>>>
>>>>> * Realm public resource (http://localhost:8080/auth/realms/master) is
>>>>> also not available for CORS requests. Not sure if this is an issue or
>>>>> not? Thing is that unauthenticated requests can't use CORS at this
>>>>> moment as I don't know what allowedOrigins to use. Only option is to
>>>>> allow it for all allowedOrigins (send same
>>>>> "Access-Control-Allow-Origin"
>>>>> as original value of "Origin" header from the request)
>>>>>
>>>>> * There is still quite a lot of INFO logging . For example when I send
>>>>> product request from the cors-demo example I have 6 new INFO messages
>>>>> in
>>>>> log (Mainly from org.keycloak.adapters package)
>>>>>
>>>>
>>>> Ping me on your status tomorrow (Wednesday).  I'll complete whatever you
>>>> don't finish above.
>>>>
>>>> Thanks.
>>>>
>>>> --
>>>> Bill Burke
>>>> JBoss, a division of Red Hat
>>>> http://bill.burkecentral.com
>>>>
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-dev mailing list