[keycloak-dev] Issue with latest Github master and SAML IDP providers?

Stian Thorgersen stian at redhat.com
Tue Mar 17 05:00:57 EDT 2015 


----- Original Message -----
> From: "Guy Davis" <guydavis.ca at gmail.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-dev at lists.jboss.org
> Sent: Sunday, March 15, 2015 2:17:19 AM
> Subject: Re: [keycloak-dev] Issue with latest Github master and SAML IDP providers?
> 
> Hi Stian,
> 
> I tried the following using the very latest Github master.
> 
>    1. Keycloak appliance (built in distribution folder so Wildfly 8.2).
>    Had a problem:
>       1. Doesn't list SAML or Open ID Connect in the Identity Providers
>       picklist like previous versions.  Please see screenshot
> attached.  Did the
>       IdP choice get moved?

Seems like there's a bug, I'll look at this now

>       2. Deploying Keycloak into a JBoss EAP 6.3 (from Teiid 8.10).  Had
>    following errors:
>       1. Failed deployment due to lack of org.bouncycastle module.  Not
>       part of JBoss 6 Adapter?  bcprov and bcpix are in
>       auth-server.war/WEB-INF/lib, but something is trying to load it
> as a module.
>       2. After adding a org.bouncycastle module manually using the bc 1.50
>       jars, I got a resteasy-crypto module missing error.  If I add that I
>       get
>       conflicts between resteasy-2.3.8 in JBoss EAP and resteasy 3
> that provides
>       resteasy-crypto.
> 
> So, I'm struggling to see the best way forward.  I need to remain
> compatible with Teiid which is tied to JBoss EAP, not Wildfly.  As well,
> our app is still geared toward JBoss EAP 6.1.0alpha (aka JBoss AS 7).
> Keycloak indicates adapters for WF, EAP, and AS 7 are all supported.  I was
> able to demo Identity Brokering just two weeks ago successfully on AS7
> (6.1.0alpha), so this is a recent change on master.
> 
> Please advise on the best path forward.  A key benefit of Keycloak over
> other IDP/SSO options was that it could exist in the same JBoss container
> as our other apps and frameworks.
> 
> Thanks,
> Guy
> 
> 
> On Thu, Mar 12, 2015 at 11:50 PM, Stian Thorgersen <stian at redhat.com> wrote:
> 
> > I assume this happens after you've clicked on 'PicketLink IDP' on the
> > login screen?
> >
> > Can you try the same with the appliance download? We don't support JBoss
> > EAP 6.1.0alpha, so maybe that's the problem.
> >
> > ----- Original Message -----
> > > From: "Guy Davis" <guydavis.ca at gmail.com>
> > > To: "Stian Thorgersen" <stian at redhat.com>
> > > Cc: keycloak-dev at lists.jboss.org
> > > Sent: Thursday, March 12, 2015 7:52:00 PM
> > > Subject: Re: [keycloak-dev] Issue with latest Github master and SAML IDP
> > providers?
> > >
> > > Hi Stian,
> > >
> > > Thanks for the response.  Yes, I'm still seeing this issue with the very
> > > latest Github master (including today's commit #1038).  This was working
> > > for me a couple of weeks ago, before more recent commits.  We demoed the
> > > identity broker to our management using a PicketLink test idp.war (in
> > same
> > > container) and also using MS WAAD on Azure.  It's a key feature for us.
> > >
> > > Let me provide more details about my environment:
> > >
> > >    1. Building/running with Java 1.7
> > >    2. Building master with 'mvn clean install -DskipTests=true
> > >    -Pdistribution'
> > >    3. Running within a JBoss EAP 6.1.0alpha container using the modules
> > >    from distribution\as7-adapter-zip\target\unpacked in
> > >    my ApplicationServer\modules\system\layers\base with the following
> > >    differences:
> > >       1. Had to add 'org/bouncycastle/main/bcprov-jdk16-1.46.jar'
> > otherwise
> > >       Keycloak complained on startup in server.log.
> > >       2. Had to remove 'org/jboss/as' and 'org/jboss/aesh' as they were
> > >       overwriting older JBoss EAP 6.1.0alpha versions and preventing
> > startup.
> > >    4. Deploying the auth-server.war by zipping the contents and renaming
> > >    'auth.war', placing in my standalone/deployments folder.
> > >    5. Updating the standalone.xml file with the required Keycloak config.
> > >    Defining the realm and secure deployments in that XML directly.
> > >    6. Starting with a missing H2 datasource to ensure old data/schema is
> > >    not the problem.  On startup, I confirm admin's password and then
> > re-build
> > >    my DSIS realm.
> > >
> > > Any help you can provide would be most appreciated.  I'm using the
> > Keycloak
> > > master as features being added now such as Kerberos/Spnego and Identity
> > > Brokering are critical use cases for our adoption.
> > >
> > > Thanks,
> > > Guy
> > >
> > >
> > > On Thu, Mar 12, 2015 at 3:49 AM, Stian Thorgersen <stian at redhat.com>
> > wrote:
> > >
> > > > Are you still having issues or did you figure it out?
> > > >
> > > > ----- Original Message -----
> > > > > From: "Guy Davis" <guydavis.ca at gmail.com>
> > > > > To: keycloak-dev at lists.jboss.org
> > > > > Sent: Wednesday, 4 March, 2015 1:10:52 AM
> > > > > Subject: [keycloak-dev] Issue with latest Github master and SAML IDP
> > > > providers?
> > > > >
> > > > > Good day,
> > > > >
> > > > > I've been using a sample Picketlink IDP locally for testing the SAML
> > > > v2.0 ID
> > > > > brokering, however after updating to latest master and re-deploying
> > > > > components, I'm getting the following error. Any tips?
> > > > >
> > > > >
> > > > >
> > > > > Thanks in advance,
> > > > > Guy
> > > > >
> > > > > _______________________________________________
> > > > > keycloak-dev mailing list
> > > > > keycloak-dev at lists.jboss.org
> > > > > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > > >
> > >
> >
>

More information about the keycloak-dev mailing list