[keycloak-dev] Are we all set?

Stian Thorgersen stian at redhat.com
Wed Sep 10 09:28:58 EDT 2014


There's no Safari issue after all! So we're good to go.

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Wednesday, 10 September, 2014 3:03:12 PM
> Subject: Re: [keycloak-dev] Are we all set?
> 
> I'm charging up my macbook.  I'll look into it.
> 
> On 9/10/2014 8:49 AM, Stian Thorgersen wrote:
> > Apparently login with keycloak.js doesn't work on Safari
> > (https://issues.jboss.org/browse/KEYCLOAK-675). We need to fix this before
> > releasing :/
> >
> > ----- Original Message -----
> >> From: "Stian Thorgersen" <stian at redhat.com>
> >> To: "Bill Burke" <bburke at redhat.com>
> >> Cc: keycloak-dev at lists.jboss.org
> >> Sent: Wednesday, 10 September, 2014 2:11:34 PM
> >> Subject: Re: [keycloak-dev] Are we all set?
> >>
> >> We also need to reduce info level log output from adapters. I did this for
> >> the server for rc-2, but completely forgot about adapters. Marek is
> >> already
> >> working on this, and I guess it shouldn't take very long.
> >>
> >> ----- Original Message -----
> >>> From: "Stian Thorgersen" <stian at redhat.com>
> >>> To: "Bill Burke" <bburke at redhat.com>
> >>> Cc: keycloak-dev at lists.jboss.org
> >>> Sent: Wednesday, 10 September, 2014 10:37:15 AM
> >>> Subject: Re: [keycloak-dev] Are we all set?
> >>>
> >>>
> >>>
> >>> ----- Original Message -----
> >>>> From: "Bill Burke" <bburke at redhat.com>
> >>>> To: "Marek Posolda" <mposolda at redhat.com>, "Stian Thorgersen"
> >>>> <stian at redhat.com>
> >>>> Cc: keycloak-dev at lists.jboss.org
> >>>> Sent: Wednesday, 10 September, 2014 3:09:20 AM
> >>>> Subject: Re: [keycloak-dev] Are we all set?
> >>>>
> >>>>
> >>>>
> >>>> On 9/9/2014 5:47 PM, Marek Posolda wrote:
> >>>>> Hi,
> >>>>>
> >>>>> I am sorry to not help more with the release as I needed to work
> >>>>> especially on some portal related stuff last weeks (hopefully it's gone
> >>>>> now)...
> >>>>>
> >>>>> Found couple of things:
> >>>>> * AccountService is actually broken for me in Chrome due to latest CSRF
> >>>>> stuff. In FF it works fine, but in Chrome I can't update account or
> >>>>> password. For some reason Chrome is always adding "Origin" header to
> >>>>> the
> >>>>> update requests (even if they are not ajax requests). So the newly
> >>>>> added
> >>>>> condition for CSRF in AccountService.init will always fail. I have
> >>>>> Chrome 37.0.2062.94 (64-bit) .
> >>>>>
> >>>>
> >>>> Ok, I thought Origin header wasn't supposed to be sent with Browser
> >>>> requests.  I can probably fix this by allowing same origin.
> >>>
> >>> Added fix to allow same origin. I also added check of 'Referer' header to
> >>> make sure it's same origin as well.
> >>>
> >>>>
> >>>>
> >>>>> * ServerInfo request (http://localhost:8080/auth/admin/serverinfo) is
> >>>>> not available with CORS . I've created JIRA
> >>>>> https://issues.jboss.org/browse/KEYCLOAK-670 and send PR
> >>>>> https://github.com/keycloak/keycloak/pull/683 for this, which is adding
> >>>>> authentication for ServerInfoAdminResource and then it use allowOrigins
> >>>>> from the authenticated bearer token. Admin console is already using
> >>>>> bearer token for sending ServerInfo requests, so no changes are needed
> >>>>> here. I believe that ServerInfoAdminResource should be authenticated
> >>>>> (don't know why stuff like available social providers or themes should
> >>>>> be publicly available). Let me know if you seeing issues with it. I did
> >>>>> not merge PR so far as version in master is already changed to
> >>>>> 1.0-Final
> >>>>> so not sure what is the state of the release .
> >>>>>
> >>>>
> >>>> Merge it.
> >>>>
> >>>>> * Realm public resource (http://localhost:8080/auth/realms/master) is
> >>>>> also not available for CORS requests. Not sure if this is an issue or
> >>>>> not? Thing is that unauthenticated requests can't use CORS at this
> >>>>> moment as I don't know what allowedOrigins to use. Only option is to
> >>>>> allow it for all allowedOrigins (send same
> >>>>> "Access-Control-Allow-Origin"
> >>>>> as original value of "Origin" header from the request)
> >>>>>
> >>>>> * There is still quite a lot of INFO logging . For example when I send
> >>>>> product request from the cors-demo example I have 6 new INFO messages
> >>>>> in
> >>>>> log (Mainly from org.keycloak.adapters package)
> >>>>>
> >>>>
> >>>> Ping me on your status tomorrow (Wednesday).  I'll complete whatever you
> >>>> don't finish above.
> >>>>
> >>>> Thanks.
> >>>>
> >>>> --
> >>>> Bill Burke
> >>>> JBoss, a division of Red Hat
> >>>> http://bill.burkecentral.com
> >>>>
> >>> _______________________________________________
> >>> keycloak-dev mailing list
> >>> keycloak-dev at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>>
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> 


More information about the keycloak-dev mailing list