[keycloak-dev] Issue with latest Github master and SAML IDP providers?

Guy Davis guydavis.ca at gmail.com
Sat Mar 14 21:17:19 EDT 2015 

Hi Stian,

I tried the following using the very latest Github master.

   1. Keycloak appliance (built in distribution folder so Wildfly 8.2).
   Had a problem:
      1. Doesn't list SAML or Open ID Connect in the Identity Providers
      picklist like previous versions.  Please see screenshot
attached.  Did the
      IdP choice get moved?
      2. Deploying Keycloak into a JBoss EAP 6.3 (from Teiid 8.10).  Had
   following errors:
      1. Failed deployment due to lack of org.bouncycastle module.  Not
      part of JBoss 6 Adapter?  bcprov and bcpix are in
      auth-server.war/WEB-INF/lib, but something is trying to load it
as a module.
      2. After adding a org.bouncycastle module manually using the bc 1.50
      jars, I got a resteasy-crypto module missing error.  If I add that I get
      conflicts between resteasy-2.3.8 in JBoss EAP and resteasy 3
that provides
      resteasy-crypto.

So, I'm struggling to see the best way forward.  I need to remain
compatible with Teiid which is tied to JBoss EAP, not Wildfly.  As well,
our app is still geared toward JBoss EAP 6.1.0alpha (aka JBoss AS 7).
Keycloak indicates adapters for WF, EAP, and AS 7 are all supported.  I was
able to demo Identity Brokering just two weeks ago successfully on AS7
(6.1.0alpha), so this is a recent change on master.

Please advise on the best path forward.  A key benefit of Keycloak over
other IDP/SSO options was that it could exist in the same JBoss container
as our other apps and frameworks.

Thanks,
Guy


On Thu, Mar 12, 2015 at 11:50 PM, Stian Thorgersen <stian at redhat.com> wrote:

> I assume this happens after you've clicked on 'PicketLink IDP' on the
> login screen?
>
> Can you try the same with the appliance download? We don't support JBoss
> EAP 6.1.0alpha, so maybe that's the problem.
>
> ----- Original Message -----
> > From: "Guy Davis" <guydavis.ca at gmail.com>
> > To: "Stian Thorgersen" <stian at redhat.com>
> > Cc: keycloak-dev at lists.jboss.org
> > Sent: Thursday, March 12, 2015 7:52:00 PM
> > Subject: Re: [keycloak-dev] Issue with latest Github master and SAML IDP
> providers?
> >
> > Hi Stian,
> >
> > Thanks for the response.  Yes, I'm still seeing this issue with the very
> > latest Github master (including today's commit #1038).  This was working
> > for me a couple of weeks ago, before more recent commits.  We demoed the
> > identity broker to our management using a PicketLink test idp.war (in
> same
> > container) and also using MS WAAD on Azure.  It's a key feature for us.
> >
> > Let me provide more details about my environment:
> >
> >    1. Building/running with Java 1.7
> >    2. Building master with 'mvn clean install -DskipTests=true
> >    -Pdistribution'
> >    3. Running within a JBoss EAP 6.1.0alpha container using the modules
> >    from distribution\as7-adapter-zip\target\unpacked in
> >    my ApplicationServer\modules\system\layers\base with the following
> >    differences:
> >       1. Had to add 'org/bouncycastle/main/bcprov-jdk16-1.46.jar'
> otherwise
> >       Keycloak complained on startup in server.log.
> >       2. Had to remove 'org/jboss/as' and 'org/jboss/aesh' as they were
> >       overwriting older JBoss EAP 6.1.0alpha versions and preventing
> startup.
> >    4. Deploying the auth-server.war by zipping the contents and renaming
> >    'auth.war', placing in my standalone/deployments folder.
> >    5. Updating the standalone.xml file with the required Keycloak config.
> >    Defining the realm and secure deployments in that XML directly.
> >    6. Starting with a missing H2 datasource to ensure old data/schema is
> >    not the problem.  On startup, I confirm admin's password and then
> re-build
> >    my DSIS realm.
> >
> > Any help you can provide would be most appreciated.  I'm using the
> Keycloak
> > master as features being added now such as Kerberos/Spnego and Identity
> > Brokering are critical use cases for our adoption.
> >
> > Thanks,
> > Guy
> >
> >
> > On Thu, Mar 12, 2015 at 3:49 AM, Stian Thorgersen <stian at redhat.com>
> wrote:
> >
> > > Are you still having issues or did you figure it out?
> > >
> > > ----- Original Message -----
> > > > From: "Guy Davis" <guydavis.ca at gmail.com>
> > > > To: keycloak-dev at lists.jboss.org
> > > > Sent: Wednesday, 4 March, 2015 1:10:52 AM
> > > > Subject: [keycloak-dev] Issue with latest Github master and SAML IDP
> > > providers?
> > > >
> > > > Good day,
> > > >
> > > > I've been using a sample Picketlink IDP locally for testing the SAML
> > > v2.0 ID
> > > > brokering, however after updating to latest master and re-deploying
> > > > components, I'm getting the following error. Any tips?
> > > >
> > > >
> > > >
> > > > Thanks in advance,
> > > > Guy
> > > >
> > > > _______________________________________________
> > > > keycloak-dev mailing list
> > > > keycloak-dev at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150314/b41b7bd5/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2015-03-14_184434.png
Type: image/png
Size: 6125 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150314/b41b7bd5/attachment.png

More information about the keycloak-dev mailing list