[keycloak-dev] Are we all set?

Marek Posolda mposolda at redhat.com
Wed Sep 10 10:27:56 EDT 2014 

I've pushed the fix for reduced INFO logging level.

I've found few other things during quick testing like:

- Users can register with invalid email like "aaa" . Also they can 
change their email in account management to "aaa". Just keycloak admin 
console is fine and allows to save just valid email (

- In account management, when I fill firstName, lastName for admin user 
and won't fill email and then click "Save", it displays me error message 
"You didn't specify email", which is correct. But firstName and lastName 
are cleared too. Similar can be reproduced when updating user. Basically 
Account mgmt form is always reading persistent values from DB and 
ignores values previously filled by user before failed validation.

I guess these are not blocker for release and especially the second one 
might be risky to fix now? wdyt?

Marek

On 10.9.2014 15:49, Marek Posolda wrote:
> Hi Bill,
>
> I am on reducing INFO stuff and will commit the fix in few minutes. Will
> let you know again once it's done.
>
> Marek
>
> On 10.9.2014 15:37, Bill Burke wrote:
>> I'll handle the logging stuff if Marek hasn't gotten to it yet.  Thanks
>> for doing all the issues reported by Marek last night.
>>
>> i'll run my last tests using IE and EAP 6.3 to make sure we're good on
>> those platforms.
>>
>> On 9/10/2014 9:28 AM, Stian Thorgersen wrote:
>>> There's no Safari issue after all! So we're good to go.
>>>
>>> ----- Original Message -----
>>>> From: "Bill Burke" <bburke at redhat.com>
>>>> To: "Stian Thorgersen" <stian at redhat.com>
>>>> Cc: keycloak-dev at lists.jboss.org
>>>> Sent: Wednesday, 10 September, 2014 3:03:12 PM
>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>
>>>> I'm charging up my macbook.  I'll look into it.
>>>>
>>>> On 9/10/2014 8:49 AM, Stian Thorgersen wrote:
>>>>> Apparently login with keycloak.js doesn't work on Safari
>>>>> (https://issues.jboss.org/browse/KEYCLOAK-675). We need to fix this before
>>>>> releasing :/
>>>>>
>>>>> ----- Original Message -----
>>>>>> From: "Stian Thorgersen" <stian at redhat.com>
>>>>>> To: "Bill Burke" <bburke at redhat.com>
>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>> Sent: Wednesday, 10 September, 2014 2:11:34 PM
>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>
>>>>>> We also need to reduce info level log output from adapters. I did this for
>>>>>> the server for rc-2, but completely forgot about adapters. Marek is
>>>>>> already
>>>>>> working on this, and I guess it shouldn't take very long.
>>>>>>
>>>>>> ----- Original Message -----
>>>>>>> From: "Stian Thorgersen" <stian at redhat.com>
>>>>>>> To: "Bill Burke" <bburke at redhat.com>
>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>> Sent: Wednesday, 10 September, 2014 10:37:15 AM
>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>>> From: "Bill Burke" <bburke at redhat.com>
>>>>>>>> To: "Marek Posolda" <mposolda at redhat.com>, "Stian Thorgersen"
>>>>>>>> <stian at redhat.com>
>>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>>> Sent: Wednesday, 10 September, 2014 3:09:20 AM
>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 9/9/2014 5:47 PM, Marek Posolda wrote:
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> I am sorry to not help more with the release as I needed to work
>>>>>>>>> especially on some portal related stuff last weeks (hopefully it's gone
>>>>>>>>> now)...
>>>>>>>>>
>>>>>>>>> Found couple of things:
>>>>>>>>> * AccountService is actually broken for me in Chrome due to latest CSRF
>>>>>>>>> stuff. In FF it works fine, but in Chrome I can't update account or
>>>>>>>>> password. For some reason Chrome is always adding "Origin" header to
>>>>>>>>> the
>>>>>>>>> update requests (even if they are not ajax requests). So the newly
>>>>>>>>> added
>>>>>>>>> condition for CSRF in AccountService.init will always fail. I have
>>>>>>>>> Chrome 37.0.2062.94 (64-bit) .
>>>>>>>>>
>>>>>>>> Ok, I thought Origin header wasn't supposed to be sent with Browser
>>>>>>>> requests.  I can probably fix this by allowing same origin.
>>>>>>> Added fix to allow same origin. I also added check of 'Referer' header to
>>>>>>> make sure it's same origin as well.
>>>>>>>
>>>>>>>>> * ServerInfo request (http://localhost:8080/auth/admin/serverinfo) is
>>>>>>>>> not available with CORS . I've created JIRA
>>>>>>>>> https://issues.jboss.org/browse/KEYCLOAK-670 and send PR
>>>>>>>>> https://github.com/keycloak/keycloak/pull/683 for this, which is adding
>>>>>>>>> authentication for ServerInfoAdminResource and then it use allowOrigins
>>>>>>>>> from the authenticated bearer token. Admin console is already using
>>>>>>>>> bearer token for sending ServerInfo requests, so no changes are needed
>>>>>>>>> here. I believe that ServerInfoAdminResource should be authenticated
>>>>>>>>> (don't know why stuff like available social providers or themes should
>>>>>>>>> be publicly available). Let me know if you seeing issues with it. I did
>>>>>>>>> not merge PR so far as version in master is already changed to
>>>>>>>>> 1.0-Final
>>>>>>>>> so not sure what is the state of the release .
>>>>>>>>>
>>>>>>>> Merge it.
>>>>>>>>
>>>>>>>>> * Realm public resource (http://localhost:8080/auth/realms/master) is
>>>>>>>>> also not available for CORS requests. Not sure if this is an issue or
>>>>>>>>> not? Thing is that unauthenticated requests can't use CORS at this
>>>>>>>>> moment as I don't know what allowedOrigins to use. Only option is to
>>>>>>>>> allow it for all allowedOrigins (send same
>>>>>>>>> "Access-Control-Allow-Origin"
>>>>>>>>> as original value of "Origin" header from the request)
>>>>>>>>>
>>>>>>>>> * There is still quite a lot of INFO logging . For example when I send
>>>>>>>>> product request from the cors-demo example I have 6 new INFO messages
>>>>>>>>> in
>>>>>>>>> log (Mainly from org.keycloak.adapters package)
>>>>>>>>>
>>>>>>>> Ping me on your status tomorrow (Wednesday).  I'll complete whatever you
>>>>>>>> don't finish above.
>>>>>>>>
>>>>>>>> Thanks.
>>>>>>>>
>>>>>>>> --
>>>>>>>> Bill Burke
>>>>>>>> JBoss, a division of Red Hat
>>>>>>>> http://bill.burkecentral.com
>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-dev mailing list
>>>>>>> keycloak-dev at lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-dev mailing list
>>>>>> keycloak-dev at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>
>>>> --
>>>> Bill Burke
>>>> JBoss, a division of Red Hat
>>>> http://bill.burkecentral.com
>>>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list