[keycloak-dev] Are we all set?

Stian Thorgersen stian at redhat.com
Wed Sep 10 10:53:52 EDT 2014


----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Marek Posolda" <mposolda at redhat.com>, "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Wednesday, 10 September, 2014 4:35:53 PM
> Subject: Re: [keycloak-dev] Are we all set?
> 
> Yeah, take a break, celebrate!  Wish we could all go out and have a beer.

Just one beer? ;)

> 
> On 9/10/2014 10:35 AM, Marek Posolda wrote:
> > Ok, will just create JIRAs for next version.
> >
> > Marek
> >
> > On 10.9.2014 16:31, Bill Burke wrote:
> >> Yeah, just wait IMO.
> >>
> >> On 9/10/2014 10:27 AM, Marek Posolda wrote:
> >>> I've pushed the fix for reduced INFO logging level.
> >>>
> >>> I've found few other things during quick testing like:
> >>>
> >>> - Users can register with invalid email like "aaa" . Also they can
> >>> change their email in account management to "aaa". Just keycloak admin
> >>> console is fine and allows to save just valid email (
> >>>
> >>> - In account management, when I fill firstName, lastName for admin user
> >>> and won't fill email and then click "Save", it displays me error message
> >>> "You didn't specify email", which is correct. But firstName and lastName
> >>> are cleared too. Similar can be reproduced when updating user. Basically
> >>> Account mgmt form is always reading persistent values from DB and
> >>> ignores values previously filled by user before failed validation.
> >>>
> >>> I guess these are not blocker for release and especially the second one
> >>> might be risky to fix now? wdyt?
> >>>
> >>> Marek
> >>>
> >>> On 10.9.2014 15:49, Marek Posolda wrote:
> >>>> Hi Bill,
> >>>>
> >>>> I am on reducing INFO stuff and will commit the fix in few minutes.
> >>>> Will
> >>>> let you know again once it's done.
> >>>>
> >>>> Marek
> >>>>
> >>>> On 10.9.2014 15:37, Bill Burke wrote:
> >>>>> I'll handle the logging stuff if Marek hasn't gotten to it yet. Thanks
> >>>>> for doing all the issues reported by Marek last night.
> >>>>>
> >>>>> i'll run my last tests using IE and EAP 6.3 to make sure we're good on
> >>>>> those platforms.
> >>>>>
> >>>>> On 9/10/2014 9:28 AM, Stian Thorgersen wrote:
> >>>>>> There's no Safari issue after all! So we're good to go.
> >>>>>>
> >>>>>> ----- Original Message -----
> >>>>>>> From: "Bill Burke" <bburke at redhat.com>
> >>>>>>> To: "Stian Thorgersen" <stian at redhat.com>
> >>>>>>> Cc: keycloak-dev at lists.jboss.org
> >>>>>>> Sent: Wednesday, 10 September, 2014 3:03:12 PM
> >>>>>>> Subject: Re: [keycloak-dev] Are we all set?
> >>>>>>>
> >>>>>>> I'm charging up my macbook.  I'll look into it.
> >>>>>>>
> >>>>>>> On 9/10/2014 8:49 AM, Stian Thorgersen wrote:
> >>>>>>>> Apparently login with keycloak.js doesn't work on Safari
> >>>>>>>> (https://issues.jboss.org/browse/KEYCLOAK-675). We need to fix
> >>>>>>>> this before
> >>>>>>>> releasing :/
> >>>>>>>>
> >>>>>>>> ----- Original Message -----
> >>>>>>>>> From: "Stian Thorgersen" <stian at redhat.com>
> >>>>>>>>> To: "Bill Burke" <bburke at redhat.com>
> >>>>>>>>> Cc: keycloak-dev at lists.jboss.org
> >>>>>>>>> Sent: Wednesday, 10 September, 2014 2:11:34 PM
> >>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
> >>>>>>>>>
> >>>>>>>>> We also need to reduce info level log output from adapters. I did
> >>>>>>>>> this for
> >>>>>>>>> the server for rc-2, but completely forgot about adapters.
> >>>>>>>>> Marek is
> >>>>>>>>> already
> >>>>>>>>> working on this, and I guess it shouldn't take very long.
> >>>>>>>>>
> >>>>>>>>> ----- Original Message -----
> >>>>>>>>>> From: "Stian Thorgersen" <stian at redhat.com>
> >>>>>>>>>> To: "Bill Burke" <bburke at redhat.com>
> >>>>>>>>>> Cc: keycloak-dev at lists.jboss.org
> >>>>>>>>>> Sent: Wednesday, 10 September, 2014 10:37:15 AM
> >>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> ----- Original Message -----
> >>>>>>>>>>> From: "Bill Burke" <bburke at redhat.com>
> >>>>>>>>>>> To: "Marek Posolda" <mposolda at redhat.com>, "Stian Thorgersen"
> >>>>>>>>>>> <stian at redhat.com>
> >>>>>>>>>>> Cc: keycloak-dev at lists.jboss.org
> >>>>>>>>>>> Sent: Wednesday, 10 September, 2014 3:09:20 AM
> >>>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set?
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> On 9/9/2014 5:47 PM, Marek Posolda wrote:
> >>>>>>>>>>>> Hi,
> >>>>>>>>>>>>
> >>>>>>>>>>>> I am sorry to not help more with the release as I needed to
> >>>>>>>>>>>> work
> >>>>>>>>>>>> especially on some portal related stuff last weeks (hopefully
> >>>>>>>>>>>> it's gone
> >>>>>>>>>>>> now)...
> >>>>>>>>>>>>
> >>>>>>>>>>>> Found couple of things:
> >>>>>>>>>>>> * AccountService is actually broken for me in Chrome due to
> >>>>>>>>>>>> latest CSRF
> >>>>>>>>>>>> stuff. In FF it works fine, but in Chrome I can't update
> >>>>>>>>>>>> account or
> >>>>>>>>>>>> password. For some reason Chrome is always adding "Origin"
> >>>>>>>>>>>> header to
> >>>>>>>>>>>> the
> >>>>>>>>>>>> update requests (even if they are not ajax requests). So the
> >>>>>>>>>>>> newly
> >>>>>>>>>>>> added
> >>>>>>>>>>>> condition for CSRF in AccountService.init will always fail. I
> >>>>>>>>>>>> have
> >>>>>>>>>>>> Chrome 37.0.2062.94 (64-bit) .
> >>>>>>>>>>>>
> >>>>>>>>>>> Ok, I thought Origin header wasn't supposed to be sent with
> >>>>>>>>>>> Browser
> >>>>>>>>>>> requests.  I can probably fix this by allowing same origin.
> >>>>>>>>>> Added fix to allow same origin. I also added check of 'Referer'
> >>>>>>>>>> header to
> >>>>>>>>>> make sure it's same origin as well.
> >>>>>>>>>>
> >>>>>>>>>>>> * ServerInfo request
> >>>>>>>>>>>> (http://localhost:8080/auth/admin/serverinfo) is
> >>>>>>>>>>>> not available with CORS . I've created JIRA
> >>>>>>>>>>>> https://issues.jboss.org/browse/KEYCLOAK-670 and send PR
> >>>>>>>>>>>> https://github.com/keycloak/keycloak/pull/683 for this, which
> >>>>>>>>>>>> is adding
> >>>>>>>>>>>> authentication for ServerInfoAdminResource and then it use
> >>>>>>>>>>>> allowOrigins
> >>>>>>>>>>>> from the authenticated bearer token. Admin console is already
> >>>>>>>>>>>> using
> >>>>>>>>>>>> bearer token for sending ServerInfo requests, so no changes
> >>>>>>>>>>>> are needed
> >>>>>>>>>>>> here. I believe that ServerInfoAdminResource should be
> >>>>>>>>>>>> authenticated
> >>>>>>>>>>>> (don't know why stuff like available social providers or
> >>>>>>>>>>>> themes should
> >>>>>>>>>>>> be publicly available). Let me know if you seeing issues with
> >>>>>>>>>>>> it. I did
> >>>>>>>>>>>> not merge PR so far as version in master is already changed to
> >>>>>>>>>>>> 1.0-Final
> >>>>>>>>>>>> so not sure what is the state of the release .
> >>>>>>>>>>>>
> >>>>>>>>>>> Merge it.
> >>>>>>>>>>>
> >>>>>>>>>>>> * Realm public resource
> >>>>>>>>>>>> (http://localhost:8080/auth/realms/master) is
> >>>>>>>>>>>> also not available for CORS requests. Not sure if this is an
> >>>>>>>>>>>> issue or
> >>>>>>>>>>>> not? Thing is that unauthenticated requests can't use CORS at
> >>>>>>>>>>>> this
> >>>>>>>>>>>> moment as I don't know what allowedOrigins to use. Only option
> >>>>>>>>>>>> is to
> >>>>>>>>>>>> allow it for all allowedOrigins (send same
> >>>>>>>>>>>> "Access-Control-Allow-Origin"
> >>>>>>>>>>>> as original value of "Origin" header from the request)
> >>>>>>>>>>>>
> >>>>>>>>>>>> * There is still quite a lot of INFO logging . For example
> >>>>>>>>>>>> when I send
> >>>>>>>>>>>> product request from the cors-demo example I have 6 new INFO
> >>>>>>>>>>>> messages
> >>>>>>>>>>>> in
> >>>>>>>>>>>> log (Mainly from org.keycloak.adapters package)
> >>>>>>>>>>>>
> >>>>>>>>>>> Ping me on your status tomorrow (Wednesday). I'll complete
> >>>>>>>>>>> whatever you
> >>>>>>>>>>> don't finish above.
> >>>>>>>>>>>
> >>>>>>>>>>> Thanks.
> >>>>>>>>>>>
> >>>>>>>>>>> --
> >>>>>>>>>>> Bill Burke
> >>>>>>>>>>> JBoss, a division of Red Hat
> >>>>>>>>>>> http://bill.burkecentral.com
> >>>>>>>>>>>
> >>>>>>>>>> _______________________________________________
> >>>>>>>>>> keycloak-dev mailing list
> >>>>>>>>>> keycloak-dev at lists.jboss.org
> >>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>>>>>>>>>
> >>>>>>>>> _______________________________________________
> >>>>>>>>> keycloak-dev mailing list
> >>>>>>>>> keycloak-dev at lists.jboss.org
> >>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>>>>>>>>
> >>>>>>> --
> >>>>>>> Bill Burke
> >>>>>>> JBoss, a division of Red Hat
> >>>>>>> http://bill.burkecentral.com
> >>>>>>>
> >>>> _______________________________________________
> >>>> keycloak-dev mailing list
> >>>> keycloak-dev at lists.jboss.org
> >>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>>
> >>
> >
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> 


More information about the keycloak-dev mailing list