[keycloak-dev] Are we all set?
Bill Burke
bburke at redhat.com
Wed Sep 10 10:35:53 EDT 2014
Yeah, take a break, celebrate! Wish we could all go out and have a beer.
On 9/10/2014 10:35 AM, Marek Posolda wrote:
> Ok, will just create JIRAs for next version.
>
> Marek
>
> On 10.9.2014 16:31, Bill Burke wrote:
>> Yeah, just wait IMO.
>>
>> On 9/10/2014 10:27 AM, Marek Posolda wrote:
>>> I've pushed the fix for reduced INFO logging level.
>>>
>>> I've found few other things during quick testing like:
>>>
>>> - Users can register with invalid email like "aaa" . Also they can
>>> change their email in account management to "aaa". Just keycloak admin
>>> console is fine and allows to save just valid email (
>>>
>>> - In account management, when I fill firstName, lastName for admin user
>>> and won't fill email and then click "Save", it displays me error message
>>> "You didn't specify email", which is correct. But firstName and lastName
>>> are cleared too. Similar can be reproduced when updating user. Basically
>>> Account mgmt form is always reading persistent values from DB and
>>> ignores values previously filled by user before failed validation.
>>>
>>> I guess these are not blocker for release and especially the second one
>>> might be risky to fix now? wdyt?
>>>
>>> Marek
>>>
>>> On 10.9.2014 15:49, Marek Posolda wrote:
>>>> Hi Bill,
>>>>
>>>> I am on reducing INFO stuff and will commit the fix in few minutes.
>>>> Will
>>>> let you know again once it's done.
>>>>
>>>> Marek
>>>>
>>>> On 10.9.2014 15:37, Bill Burke wrote:
>>>>> I'll handle the logging stuff if Marek hasn't gotten to it yet. Thanks
>>>>> for doing all the issues reported by Marek last night.
>>>>>
>>>>> i'll run my last tests using IE and EAP 6.3 to make sure we're good on
>>>>> those platforms.
>>>>>
>>>>> On 9/10/2014 9:28 AM, Stian Thorgersen wrote:
>>>>>> There's no Safari issue after all! So we're good to go.
>>>>>>
>>>>>> ----- Original Message -----
>>>>>>> From: "Bill Burke" <bburke at redhat.com>
>>>>>>> To: "Stian Thorgersen" <stian at redhat.com>
>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>> Sent: Wednesday, 10 September, 2014 3:03:12 PM
>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>
>>>>>>> I'm charging up my macbook. I'll look into it.
>>>>>>>
>>>>>>> On 9/10/2014 8:49 AM, Stian Thorgersen wrote:
>>>>>>>> Apparently login with keycloak.js doesn't work on Safari
>>>>>>>> (https://issues.jboss.org/browse/KEYCLOAK-675). We need to fix
>>>>>>>> this before
>>>>>>>> releasing :/
>>>>>>>>
>>>>>>>> ----- Original Message -----
>>>>>>>>> From: "Stian Thorgersen" <stian at redhat.com>
>>>>>>>>> To: "Bill Burke" <bburke at redhat.com>
>>>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>>>> Sent: Wednesday, 10 September, 2014 2:11:34 PM
>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>>>
>>>>>>>>> We also need to reduce info level log output from adapters. I did
>>>>>>>>> this for
>>>>>>>>> the server for rc-2, but completely forgot about adapters.
>>>>>>>>> Marek is
>>>>>>>>> already
>>>>>>>>> working on this, and I guess it shouldn't take very long.
>>>>>>>>>
>>>>>>>>> ----- Original Message -----
>>>>>>>>>> From: "Stian Thorgersen" <stian at redhat.com>
>>>>>>>>>> To: "Bill Burke" <bburke at redhat.com>
>>>>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>>>>> Sent: Wednesday, 10 September, 2014 10:37:15 AM
>>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> ----- Original Message -----
>>>>>>>>>>> From: "Bill Burke" <bburke at redhat.com>
>>>>>>>>>>> To: "Marek Posolda" <mposolda at redhat.com>, "Stian Thorgersen"
>>>>>>>>>>> <stian at redhat.com>
>>>>>>>>>>> Cc: keycloak-dev at lists.jboss.org
>>>>>>>>>>> Sent: Wednesday, 10 September, 2014 3:09:20 AM
>>>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 9/9/2014 5:47 PM, Marek Posolda wrote:
>>>>>>>>>>>> Hi,
>>>>>>>>>>>>
>>>>>>>>>>>> I am sorry to not help more with the release as I needed to
>>>>>>>>>>>> work
>>>>>>>>>>>> especially on some portal related stuff last weeks (hopefully
>>>>>>>>>>>> it's gone
>>>>>>>>>>>> now)...
>>>>>>>>>>>>
>>>>>>>>>>>> Found couple of things:
>>>>>>>>>>>> * AccountService is actually broken for me in Chrome due to
>>>>>>>>>>>> latest CSRF
>>>>>>>>>>>> stuff. In FF it works fine, but in Chrome I can't update
>>>>>>>>>>>> account or
>>>>>>>>>>>> password. For some reason Chrome is always adding "Origin"
>>>>>>>>>>>> header to
>>>>>>>>>>>> the
>>>>>>>>>>>> update requests (even if they are not ajax requests). So the
>>>>>>>>>>>> newly
>>>>>>>>>>>> added
>>>>>>>>>>>> condition for CSRF in AccountService.init will always fail. I
>>>>>>>>>>>> have
>>>>>>>>>>>> Chrome 37.0.2062.94 (64-bit) .
>>>>>>>>>>>>
>>>>>>>>>>> Ok, I thought Origin header wasn't supposed to be sent with
>>>>>>>>>>> Browser
>>>>>>>>>>> requests. I can probably fix this by allowing same origin.
>>>>>>>>>> Added fix to allow same origin. I also added check of 'Referer'
>>>>>>>>>> header to
>>>>>>>>>> make sure it's same origin as well.
>>>>>>>>>>
>>>>>>>>>>>> * ServerInfo request
>>>>>>>>>>>> (http://localhost:8080/auth/admin/serverinfo) is
>>>>>>>>>>>> not available with CORS . I've created JIRA
>>>>>>>>>>>> https://issues.jboss.org/browse/KEYCLOAK-670 and send PR
>>>>>>>>>>>> https://github.com/keycloak/keycloak/pull/683 for this, which
>>>>>>>>>>>> is adding
>>>>>>>>>>>> authentication for ServerInfoAdminResource and then it use
>>>>>>>>>>>> allowOrigins
>>>>>>>>>>>> from the authenticated bearer token. Admin console is already
>>>>>>>>>>>> using
>>>>>>>>>>>> bearer token for sending ServerInfo requests, so no changes
>>>>>>>>>>>> are needed
>>>>>>>>>>>> here. I believe that ServerInfoAdminResource should be
>>>>>>>>>>>> authenticated
>>>>>>>>>>>> (don't know why stuff like available social providers or
>>>>>>>>>>>> themes should
>>>>>>>>>>>> be publicly available). Let me know if you seeing issues with
>>>>>>>>>>>> it. I did
>>>>>>>>>>>> not merge PR so far as version in master is already changed to
>>>>>>>>>>>> 1.0-Final
>>>>>>>>>>>> so not sure what is the state of the release .
>>>>>>>>>>>>
>>>>>>>>>>> Merge it.
>>>>>>>>>>>
>>>>>>>>>>>> * Realm public resource
>>>>>>>>>>>> (http://localhost:8080/auth/realms/master) is
>>>>>>>>>>>> also not available for CORS requests. Not sure if this is an
>>>>>>>>>>>> issue or
>>>>>>>>>>>> not? Thing is that unauthenticated requests can't use CORS at
>>>>>>>>>>>> this
>>>>>>>>>>>> moment as I don't know what allowedOrigins to use. Only option
>>>>>>>>>>>> is to
>>>>>>>>>>>> allow it for all allowedOrigins (send same
>>>>>>>>>>>> "Access-Control-Allow-Origin"
>>>>>>>>>>>> as original value of "Origin" header from the request)
>>>>>>>>>>>>
>>>>>>>>>>>> * There is still quite a lot of INFO logging . For example
>>>>>>>>>>>> when I send
>>>>>>>>>>>> product request from the cors-demo example I have 6 new INFO
>>>>>>>>>>>> messages
>>>>>>>>>>>> in
>>>>>>>>>>>> log (Mainly from org.keycloak.adapters package)
>>>>>>>>>>>>
>>>>>>>>>>> Ping me on your status tomorrow (Wednesday). I'll complete
>>>>>>>>>>> whatever you
>>>>>>>>>>> don't finish above.
>>>>>>>>>>>
>>>>>>>>>>> Thanks.
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Bill Burke
>>>>>>>>>>> JBoss, a division of Red Hat
>>>>>>>>>>> http://bill.burkecentral.com
>>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> keycloak-dev mailing list
>>>>>>>>>> keycloak-dev at lists.jboss.org
>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> keycloak-dev mailing list
>>>>>>>>> keycloak-dev at lists.jboss.org
>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>>>>>
>>>>>>> --
>>>>>>> Bill Burke
>>>>>>> JBoss, a division of Red Hat
>>>>>>> http://bill.burkecentral.com
>>>>>>>
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list