[keycloak-dev] Are we all set?

Marek Posolda mposolda at redhat.com
Wed Sep 10 10:35:15 EDT 2014 

Ok, will just create JIRAs for next version.

Marek

On 10.9.2014 16:31, Bill Burke wrote:
> Yeah, just wait IMO.
>
> On 9/10/2014 10:27 AM, Marek Posolda wrote:
>> I've pushed the fix for reduced INFO logging level.
>>
>> I've found few other things during quick testing like:
>>
>> - Users can register with invalid email like "aaa" . Also they can
>> change their email in account management to "aaa". Just keycloak admin
>> console is fine and allows to save just valid email (
>>
>> - In account management, when I fill firstName, lastName for admin user
>> and won't fill email and then click "Save", it displays me error message
>> "You didn't specify email", which is correct. But firstName and lastName
>> are cleared too. Similar can be reproduced when updating user. Basically
>> Account mgmt form is always reading persistent values from DB and
>> ignores values previously filled by user before failed validation.
>>
>> I guess these are not blocker for release and especially the second one
>> might be risky to fix now? wdyt?
>>
>> Marek
>>
>> On 10.9.2014 15:49, Marek Posolda wrote:
>>> Hi Bill,
>>>
>>> I am on reducing INFO stuff and will commit the fix in few minutes. 
>>> Will
>>> let you know again once it's done.
>>>
>>> Marek
>>>
>>> On 10.9.2014 15:37, Bill Burke wrote:
>>>> I'll handle the logging stuff if Marek hasn't gotten to it yet.  
>>>> Thanks
>>>> for doing all the issues reported by Marek last night.
>>>>
>>>> i'll run my last tests using IE and EAP 6.3 to make sure we're good on
>>>> those platforms.
>>>>
>>>> On 9/10/2014 9:28 AM, Stian Thorgersen wrote:
>>>>> There's no Safari issue after all! So we're good to go.
>>>>>
>>>>> ----- Original Message -----
>>>>>> From: "Bill Burke" <bburke at redhat.com>
>>>>>> To: "Stian Thorgersen" <stian at redhat.com>
>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>> Sent: Wednesday, 10 September, 2014 3:03:12 PM
>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>
>>>>>> I'm charging up my macbook.  I'll look into it.
>>>>>>
>>>>>> On 9/10/2014 8:49 AM, Stian Thorgersen wrote:
>>>>>>> Apparently login with keycloak.js doesn't work on Safari
>>>>>>> (https://issues.jboss.org/browse/KEYCLOAK-675). We need to fix
>>>>>>> this before
>>>>>>> releasing :/
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>>> From: "Stian Thorgersen" <stian at redhat.com>
>>>>>>>> To: "Bill Burke" <bburke at redhat.com>
>>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>>> Sent: Wednesday, 10 September, 2014 2:11:34 PM
>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>>
>>>>>>>> We also need to reduce info level log output from adapters. I did
>>>>>>>> this for
>>>>>>>> the server for rc-2, but completely forgot about adapters. 
>>>>>>>> Marek is
>>>>>>>> already
>>>>>>>> working on this, and I guess it shouldn't take very long.
>>>>>>>>
>>>>>>>> ----- Original Message -----
>>>>>>>>> From: "Stian Thorgersen" <stian at redhat.com>
>>>>>>>>> To: "Bill Burke" <bburke at redhat.com>
>>>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>>>> Sent: Wednesday, 10 September, 2014 10:37:15 AM
>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ----- Original Message -----
>>>>>>>>>> From: "Bill Burke" <bburke at redhat.com>
>>>>>>>>>> To: "Marek Posolda" <mposolda at redhat.com>, "Stian Thorgersen"
>>>>>>>>>> <stian at redhat.com>
>>>>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>>>>> Sent: Wednesday, 10 September, 2014 3:09:20 AM
>>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 9/9/2014 5:47 PM, Marek Posolda wrote:
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> I am sorry to not help more with the release as I needed to 
>>>>>>>>>>> work
>>>>>>>>>>> especially on some portal related stuff last weeks (hopefully
>>>>>>>>>>> it's gone
>>>>>>>>>>> now)...
>>>>>>>>>>>
>>>>>>>>>>> Found couple of things:
>>>>>>>>>>> * AccountService is actually broken for me in Chrome due to
>>>>>>>>>>> latest CSRF
>>>>>>>>>>> stuff. In FF it works fine, but in Chrome I can't update
>>>>>>>>>>> account or
>>>>>>>>>>> password. For some reason Chrome is always adding "Origin"
>>>>>>>>>>> header to
>>>>>>>>>>> the
>>>>>>>>>>> update requests (even if they are not ajax requests). So the
>>>>>>>>>>> newly
>>>>>>>>>>> added
>>>>>>>>>>> condition for CSRF in AccountService.init will always fail. I
>>>>>>>>>>> have
>>>>>>>>>>> Chrome 37.0.2062.94 (64-bit) .
>>>>>>>>>>>
>>>>>>>>>> Ok, I thought Origin header wasn't supposed to be sent with
>>>>>>>>>> Browser
>>>>>>>>>> requests.  I can probably fix this by allowing same origin.
>>>>>>>>> Added fix to allow same origin. I also added check of 'Referer'
>>>>>>>>> header to
>>>>>>>>> make sure it's same origin as well.
>>>>>>>>>
>>>>>>>>>>> * ServerInfo request
>>>>>>>>>>> (http://localhost:8080/auth/admin/serverinfo) is
>>>>>>>>>>> not available with CORS . I've created JIRA
>>>>>>>>>>> https://issues.jboss.org/browse/KEYCLOAK-670 and send PR
>>>>>>>>>>> https://github.com/keycloak/keycloak/pull/683 for this, which
>>>>>>>>>>> is adding
>>>>>>>>>>> authentication for ServerInfoAdminResource and then it use
>>>>>>>>>>> allowOrigins
>>>>>>>>>>> from the authenticated bearer token. Admin console is already
>>>>>>>>>>> using
>>>>>>>>>>> bearer token for sending ServerInfo requests, so no changes
>>>>>>>>>>> are needed
>>>>>>>>>>> here. I believe that ServerInfoAdminResource should be
>>>>>>>>>>> authenticated
>>>>>>>>>>> (don't know why stuff like available social providers or
>>>>>>>>>>> themes should
>>>>>>>>>>> be publicly available). Let me know if you seeing issues with
>>>>>>>>>>> it. I did
>>>>>>>>>>> not merge PR so far as version in master is already changed to
>>>>>>>>>>> 1.0-Final
>>>>>>>>>>> so not sure what is the state of the release .
>>>>>>>>>>>
>>>>>>>>>> Merge it.
>>>>>>>>>>
>>>>>>>>>>> * Realm public resource
>>>>>>>>>>> (http://localhost:8080/auth/realms/master) is
>>>>>>>>>>> also not available for CORS requests. Not sure if this is an
>>>>>>>>>>> issue or
>>>>>>>>>>> not? Thing is that unauthenticated requests can't use CORS at
>>>>>>>>>>> this
>>>>>>>>>>> moment as I don't know what allowedOrigins to use. Only option
>>>>>>>>>>> is to
>>>>>>>>>>> allow it for all allowedOrigins (send same
>>>>>>>>>>> "Access-Control-Allow-Origin"
>>>>>>>>>>> as original value of "Origin" header from the request)
>>>>>>>>>>>
>>>>>>>>>>> * There is still quite a lot of INFO logging . For example
>>>>>>>>>>> when I send
>>>>>>>>>>> product request from the cors-demo example I have 6 new INFO
>>>>>>>>>>> messages
>>>>>>>>>>> in
>>>>>>>>>>> log (Mainly from org.keycloak.adapters package)
>>>>>>>>>>>
>>>>>>>>>> Ping me on your status tomorrow (Wednesday). I'll complete
>>>>>>>>>> whatever you
>>>>>>>>>> don't finish above.
>>>>>>>>>>
>>>>>>>>>> Thanks.
>>>>>>>>>>
>>>>>>>>>> -- 
>>>>>>>>>> Bill Burke
>>>>>>>>>> JBoss, a division of Red Hat
>>>>>>>>>> http://bill.burkecentral.com
>>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> keycloak-dev mailing list
>>>>>>>>> keycloak-dev at lists.jboss.org
>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> keycloak-dev mailing list
>>>>>>>> keycloak-dev at lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>>>
>>>>>> -- 
>>>>>> Bill Burke
>>>>>> JBoss, a division of Red Hat
>>>>>> http://bill.burkecentral.com
>>>>>>
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>

More information about the keycloak-dev mailing list