From mposolda at redhat.com Tue Jul 1 03:07:36 2014 From: mposolda at redhat.com (Marek Posolda) Date: Tue, 01 Jul 2014 09:07:36 +0200 Subject: [keycloak-user] Defining a new user password through REST API In-Reply-To: References: Message-ID: <53B25E38.2030204@redhat.com> Hi, Is it good practice to define password for users this way? I assume that usually just user himself should have access to his plain-text password and be able to login with it? If you really need this, there is just endpoint http://docs.jboss.org/keycloak/docs/1.0-beta-3/rest-api/admin/realms/%7Brealm%7D/users/%7Busername%7D/reset-password/index.html for reset password, which is also used by admin console, but user needs to choose new password when login for the first time after reset. So I assume that this is the possibility you are already aware of. But note that after this reset, you know user's temporary password, so you can login with this temporary password and update password as user himself. Then user doesn't need to do anything, you just need to say him his password. Another possibility is to create new REST endpoint by yourself, which will use model API to do exactly what you want. For example see this https://github.com/keycloak/keycloak/tree/master/testsuite/tools which is REST application for adding big number of new users. You can maybe use something similar. Marek On 1.7.2014 00:01, Rodrigo Sasaki wrote: > Hello again! > > Is there a way for me to define a password for a user through the REST > API without him having to define a new one on the next login? > > The only method I found to be close to what I want was the one that > resets the password, but I would like to redefine it without the user > having anything to do with it. > > Is it possible? > > -- > Rodrigo Sasaki > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140701/d14188e3/attachment-0001.html From stian at redhat.com Tue Jul 1 04:20:37 2014 From: stian at redhat.com (Stian Thorgersen) Date: Tue, 1 Jul 2014 04:20:37 -0400 (EDT) Subject: [keycloak-user] Defining a new user password through REST API In-Reply-To: <53B25E38.2030204@redhat.com> References: <53B25E38.2030204@redhat.com> Message-ID: <1406110832.1071380.1404202837629.JavaMail.zimbra@redhat.com> You can actually already do this if you want, both through endpoints and the admin console. You just need to set a temporary password and afterwards remove the update password required action. As Marek says though it doesn't really make sense to do so. ----- Original Message ----- > From: "Marek Posolda" > To: "Rodrigo Sasaki" , keycloak-user at lists.jboss.org > Sent: Tuesday, 1 July, 2014 8:07:36 AM > Subject: Re: [keycloak-user] Defining a new user password through REST API > > Hi, > > Is it good practice to define password for users this way? I assume that > usually just user himself should have access to his plain-text password and > be able to login with it? > > If you really need this, there is just endpoint > http://docs.jboss.org/keycloak/docs/1.0-beta-3/rest-api/admin/realms/%7Brealm%7D/users/%7Busername%7D/reset-password/index.html > for reset password, which is also used by admin console, but user needs to > choose new password when login for the first time after reset. So I assume > that this is the possibility you are already aware of. > > But note that after this reset, you know user's temporary password, so you > can login with this temporary password and update password as user himself. > Then user doesn't need to do anything, you just need to say him his > password. > > Another possibility is to create new REST endpoint by yourself, which will > use model API to do exactly what you want. For example see this > https://github.com/keycloak/keycloak/tree/master/testsuite/tools which is > REST application for adding big number of new users. You can maybe use > something similar. > > Marek > > > On 1.7.2014 00:01, Rodrigo Sasaki wrote: > > > > Hello again! > > Is there a way for me to define a password for a user through the REST API > without him having to define a new one on the next login? > > The only method I found to be close to what I want was the one that resets > the password, but I would like to redefine it without the user having > anything to do with it. > > Is it possible? > > -- > Rodrigo Sasaki > > > _______________________________________________ > keycloak-user mailing list keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user From rodrigopsasaki at gmail.com Tue Jul 1 07:35:08 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Tue, 1 Jul 2014 08:35:08 -0300 Subject: [keycloak-user] Defining a new user password through REST API In-Reply-To: <1406110832.1071380.1404202837629.JavaMail.zimbra@redhat.com> References: <53B25E38.2030204@redhat.com> <1406110832.1071380.1404202837629.JavaMail.zimbra@redhat.com> Message-ID: The idea is that we're working on an integration phase between our old authentication code and keycloak. The step in question is that whenever the user alters his information in our old system, we'll send those alterations to keycloak already, so in true effect I won't be changing the user's password, but I'd like to have an API call to change his password on keycloak whenever he changes it on our current system On Tue, Jul 1, 2014 at 5:20 AM, Stian Thorgersen wrote: > You can actually already do this if you want, both through endpoints and > the admin console. You just need to set a temporary password and afterwards > remove the update password required action. As Marek says though it doesn't > really make sense to do so. > > ----- Original Message ----- > > From: "Marek Posolda" > > To: "Rodrigo Sasaki" , > keycloak-user at lists.jboss.org > > Sent: Tuesday, 1 July, 2014 8:07:36 AM > > Subject: Re: [keycloak-user] Defining a new user password through REST > API > > > > Hi, > > > > Is it good practice to define password for users this way? I assume that > > usually just user himself should have access to his plain-text password > and > > be able to login with it? > > > > If you really need this, there is just endpoint > > > http://docs.jboss.org/keycloak/docs/1.0-beta-3/rest-api/admin/realms/%7Brealm%7D/users/%7Busername%7D/reset-password/index.html > > for reset password, which is also used by admin console, but user needs > to > > choose new password when login for the first time after reset. So I > assume > > that this is the possibility you are already aware of. > > > > But note that after this reset, you know user's temporary password, so > you > > can login with this temporary password and update password as user > himself. > > Then user doesn't need to do anything, you just need to say him his > > password. > > > > Another possibility is to create new REST endpoint by yourself, which > will > > use model API to do exactly what you want. For example see this > > https://github.com/keycloak/keycloak/tree/master/testsuite/tools which > is > > REST application for adding big number of new users. You can maybe use > > something similar. > > > > Marek > > > > > > On 1.7.2014 00:01, Rodrigo Sasaki wrote: > > > > > > > > Hello again! > > > > Is there a way for me to define a password for a user through the REST > API > > without him having to define a new one on the next login? > > > > The only method I found to be close to what I want was the one that > resets > > the password, but I would like to redefine it without the user having > > anything to do with it. > > > > Is it possible? > > > > -- > > Rodrigo Sasaki > > > > > > _______________________________________________ > > keycloak-user mailing list keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140701/a6d8865f/attachment.html From rodrigopsasaki at gmail.com Tue Jul 1 10:27:59 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Tue, 1 Jul 2014 11:27:59 -0300 Subject: [keycloak-user] Defining a new user password through REST API In-Reply-To: <1406110832.1071380.1404202837629.JavaMail.zimbra@redhat.com> References: <53B25E38.2030204@redhat.com> <1406110832.1071380.1404202837629.JavaMail.zimbra@redhat.com> Message-ID: How would I remove the update password required action via the REST API? On Tue, Jul 1, 2014 at 5:20 AM, Stian Thorgersen wrote: > You can actually already do this if you want, both through endpoints and > the admin console. You just need to set a temporary password and afterwards > remove the update password required action. As Marek says though it doesn't > really make sense to do so. > > ----- Original Message ----- > > From: "Marek Posolda" > > To: "Rodrigo Sasaki" , > keycloak-user at lists.jboss.org > > Sent: Tuesday, 1 July, 2014 8:07:36 AM > > Subject: Re: [keycloak-user] Defining a new user password through REST > API > > > > Hi, > > > > Is it good practice to define password for users this way? I assume that > > usually just user himself should have access to his plain-text password > and > > be able to login with it? > > > > If you really need this, there is just endpoint > > > http://docs.jboss.org/keycloak/docs/1.0-beta-3/rest-api/admin/realms/%7Brealm%7D/users/%7Busername%7D/reset-password/index.html > > for reset password, which is also used by admin console, but user needs > to > > choose new password when login for the first time after reset. So I > assume > > that this is the possibility you are already aware of. > > > > But note that after this reset, you know user's temporary password, so > you > > can login with this temporary password and update password as user > himself. > > Then user doesn't need to do anything, you just need to say him his > > password. > > > > Another possibility is to create new REST endpoint by yourself, which > will > > use model API to do exactly what you want. For example see this > > https://github.com/keycloak/keycloak/tree/master/testsuite/tools which > is > > REST application for adding big number of new users. You can maybe use > > something similar. > > > > Marek > > > > > > On 1.7.2014 00:01, Rodrigo Sasaki wrote: > > > > > > > > Hello again! > > > > Is there a way for me to define a password for a user through the REST > API > > without him having to define a new one on the next login? > > > > The only method I found to be close to what I want was the one that > resets > > the password, but I would like to redefine it without the user having > > anything to do with it. > > > > Is it possible? > > > > -- > > Rodrigo Sasaki > > > > > > _______________________________________________ > > keycloak-user mailing list keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140701/8a72c8d8/attachment.html From mposolda at redhat.com Wed Jul 2 09:00:38 2014 From: mposolda at redhat.com (Marek Posolda) Date: Wed, 02 Jul 2014 15:00:38 +0200 Subject: [keycloak-user] Defining a new user password through REST API In-Reply-To: References: <53B25E38.2030204@redhat.com> <1406110832.1071380.1404202837629.JavaMail.zimbra@redhat.com> Message-ID: <53B40276.2030209@redhat.com> Hi, actually you can do it with this endpoint: http://docs.jboss.org/keycloak/docs/1.0-beta-3/rest-api/admin/realms/%7Brealm%7D/users/%7Busername%7D/#PUT . You need to pass whole user representation of particular user in the request body of this PUT request. See admin console (page for updating users) for more details. Marek On 1.7.2014 16:27, Rodrigo Sasaki wrote: > How would I remove the update password required action via the REST API? > > > On Tue, Jul 1, 2014 at 5:20 AM, Stian Thorgersen > wrote: > > You can actually already do this if you want, both through > endpoints and the admin console. You just need to set a temporary > password and afterwards remove the update password required > action. As Marek says though it doesn't really make sense to do so. > > ----- Original Message ----- > > From: "Marek Posolda" > > > To: "Rodrigo Sasaki" >, keycloak-user at lists.jboss.org > > > Sent: Tuesday, 1 July, 2014 8:07:36 AM > > Subject: Re: [keycloak-user] Defining a new user password > through REST API > > > > Hi, > > > > Is it good practice to define password for users this way? I > assume that > > usually just user himself should have access to his plain-text > password and > > be able to login with it? > > > > If you really need this, there is just endpoint > > > http://docs.jboss.org/keycloak/docs/1.0-beta-3/rest-api/admin/realms/%7Brealm%7D/users/%7Busername%7D/reset-password/index.html > > for reset password, which is also used by admin console, but > user needs to > > choose new password when login for the first time after reset. > So I assume > > that this is the possibility you are already aware of. > > > > But note that after this reset, you know user's temporary > password, so you > > can login with this temporary password and update password as > user himself. > > Then user doesn't need to do anything, you just need to say him his > > password. > > > > Another possibility is to create new REST endpoint by yourself, > which will > > use model API to do exactly what you want. For example see this > > https://github.com/keycloak/keycloak/tree/master/testsuite/tools > which is > > REST application for adding big number of new users. You can > maybe use > > something similar. > > > > Marek > > > > > > On 1.7.2014 00:01, Rodrigo Sasaki wrote: > > > > > > > > Hello again! > > > > Is there a way for me to define a password for a user through > the REST API > > without him having to define a new one on the next login? > > > > The only method I found to be close to what I want was the one > that resets > > the password, but I would like to redefine it without the user > having > > anything to do with it. > > > > Is it possible? > > > > -- > > Rodrigo Sasaki > > > > > > _______________________________________________ > > keycloak-user mailing list keycloak-user at lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > -- > Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140702/1ae448b8/attachment-0001.html From rodrigopsasaki at gmail.com Wed Jul 2 15:24:05 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Wed, 2 Jul 2014 16:24:05 -0300 Subject: [keycloak-user] Defining a new user password through REST API In-Reply-To: <53B40276.2030209@redhat.com> References: <53B25E38.2030204@redhat.com> <1406110832.1071380.1404202837629.JavaMail.zimbra@redhat.com> <53B40276.2030209@redhat.com> Message-ID: I am trying to create a new user via the REST API, and I'm sending this POST *POST /admin/realms/myrealm/users* *Headers:* Authorization: Bearer (generated token, this part is OK) Content-Type: application/json *Body:* { "username": "rodrigo.sasaki", "enabled": true, "totp": false, "emailVerified": false, "firstName": "Rodrigo", "lastName": "Sasaki", "email": "rodrigo.sasaki at email.com.br", "credentials": [ { "type": "password", "value": "myPassword" } ] } The user is created normally, but the password doesn't work, when I try to login it claims I have invalid credentials. I noticed there is a *device* attribute in *CredentialRepresentation*, should I have filled that with some specific value? Could this be the source of the problem? On Wed, Jul 2, 2014 at 10:00 AM, Marek Posolda wrote: > Hi, > > actually you can do it with this endpoint: > http://docs.jboss.org/keycloak/docs/1.0-beta-3/rest-api/admin/realms/%7Brealm%7D/users/%7Busername%7D/#PUT > . You need to pass whole user representation of particular user in the > request body of this PUT request. See admin console (page for updating > users) for more details. > > Marek > > > > On 1.7.2014 16:27, Rodrigo Sasaki wrote: > > How would I remove the update password required action via the REST API? > > > On Tue, Jul 1, 2014 at 5:20 AM, Stian Thorgersen wrote: > >> You can actually already do this if you want, both through endpoints and >> the admin console. You just need to set a temporary password and afterwards >> remove the update password required action. As Marek says though it doesn't >> really make sense to do so. >> >> ----- Original Message ----- >> > From: "Marek Posolda" >> > To: "Rodrigo Sasaki" , >> keycloak-user at lists.jboss.org >> > Sent: Tuesday, 1 July, 2014 8:07:36 AM >> > Subject: Re: [keycloak-user] Defining a new user password through REST >> API >> > >> > Hi, >> > >> > Is it good practice to define password for users this way? I assume that >> > usually just user himself should have access to his plain-text password >> and >> > be able to login with it? >> > >> > If you really need this, there is just endpoint >> > >> http://docs.jboss.org/keycloak/docs/1.0-beta-3/rest-api/admin/realms/%7Brealm%7D/users/%7Busername%7D/reset-password/index.html >> > for reset password, which is also used by admin console, but user needs >> to >> > choose new password when login for the first time after reset. So I >> assume >> > that this is the possibility you are already aware of. >> > >> > But note that after this reset, you know user's temporary password, so >> you >> > can login with this temporary password and update password as user >> himself. >> > Then user doesn't need to do anything, you just need to say him his >> > password. >> > >> > Another possibility is to create new REST endpoint by yourself, which >> will >> > use model API to do exactly what you want. For example see this >> > https://github.com/keycloak/keycloak/tree/master/testsuite/tools which >> is >> > REST application for adding big number of new users. You can maybe use >> > something similar. >> > >> > Marek >> > >> > >> > On 1.7.2014 00:01, Rodrigo Sasaki wrote: >> > >> > >> > >> > Hello again! >> > >> > Is there a way for me to define a password for a user through the REST >> API >> > without him having to define a new one on the next login? >> > >> > The only method I found to be close to what I want was the one that >> resets >> > the password, but I would like to redefine it without the user having >> > anything to do with it. >> > >> > Is it possible? >> > >> > -- >> > Rodrigo Sasaki >> > >> > >> > _______________________________________________ >> > keycloak-user mailing list keycloak-user at lists.jboss.org >> > https://lists.jboss.org/mailman/listinfo/keycloak-user >> > >> > >> > _______________________________________________ >> > keycloak-user mailing list >> > keycloak-user at lists.jboss.org >> > https://lists.jboss.org/mailman/listinfo/keycloak-user >> > > > > -- > Rodrigo Sasaki > > > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140702/46b886ae/attachment.html From mposolda at redhat.com Thu Jul 3 03:19:50 2014 From: mposolda at redhat.com (Marek Posolda) Date: Thu, 03 Jul 2014 09:19:50 +0200 Subject: [keycloak-user] Defining a new user password through REST API In-Reply-To: References: <53B25E38.2030204@redhat.com> <1406110832.1071380.1404202837629.JavaMail.zimbra@redhat.com> <53B40276.2030209@redhat.com> Message-ID: <53B50416.6020305@redhat.com> Hi Rodrigo, it's not supported to setup password of user through this endpoint. It just supports setup stuff like firstName, lastName, email, requiredActions etc. To setup password of user, you may need to: - Use the endpoint to setup temporary password of user (It will automatically add requiredAction for UPDATE_PASSWORD - Then use the endpoint for update user and send the empty array of requiredActions in it. This will ensure that UPDATE_PASSWORD required action will be deleted and user won't need to update password again. btv. The easy approach to figure out the endpoints and how they work might be to use admin console and do some actions in UI (reset password of user, then remove requiredAction etc) and then check (for example with some tool like FireBug for Firefox) what are the underlying REST endpoint requests sent from admin console UI. Marek On 2.7.2014 21:24, Rodrigo Sasaki wrote: > I am trying to create a new user via the REST API, and I'm sending > this POST > > *POST /admin/realms/myrealm/users* > > *Headers:* > Authorization: Bearer (generated token, this part is OK) > Content-Type: application/json > > *Body:* > { > "username": "rodrigo.sasaki", > "enabled": true, > "totp": false, > "emailVerified": false, > "firstName": "Rodrigo", > "lastName": "Sasaki", > "email": "rodrigo.sasaki at email.com.br > ", > "credentials": [ > { > "type": "password", > "value": "myPassword" > } > ] > } > > The user is created normally, but the password doesn't work, when I > try to login it claims I have invalid credentials. > > I noticed there is a *device* attribute in /CredentialRepresentation/, > should I have filled that with some specific value? Could this be the > source of the problem? > > > On Wed, Jul 2, 2014 at 10:00 AM, Marek Posolda > wrote: > > Hi, > > actually you can do it with this endpoint: > http://docs.jboss.org/keycloak/docs/1.0-beta-3/rest-api/admin/realms/%7Brealm%7D/users/%7Busername%7D/#PUT > . You need to pass whole user representation of particular user in > the request body of this PUT request. See admin console (page for > updating users) for more details. > > Marek > > > > On 1.7.2014 16:27, Rodrigo Sasaki wrote: >> How would I remove the update password required action via the >> REST API? >> >> >> On Tue, Jul 1, 2014 at 5:20 AM, Stian Thorgersen >> > wrote: >> >> You can actually already do this if you want, both through >> endpoints and the admin console. You just need to set a >> temporary password and afterwards remove the update password >> required action. As Marek says though it doesn't really make >> sense to do so. >> >> ----- Original Message ----- >> > From: "Marek Posolda" > > >> > To: "Rodrigo Sasaki" > >, >> keycloak-user at lists.jboss.org >> >> > Sent: Tuesday, 1 July, 2014 8:07:36 AM >> > Subject: Re: [keycloak-user] Defining a new user password >> through REST API >> > >> > Hi, >> > >> > Is it good practice to define password for users this way? >> I assume that >> > usually just user himself should have access to his >> plain-text password and >> > be able to login with it? >> > >> > If you really need this, there is just endpoint >> > >> http://docs.jboss.org/keycloak/docs/1.0-beta-3/rest-api/admin/realms/%7Brealm%7D/users/%7Busername%7D/reset-password/index.html >> > for reset password, which is also used by admin console, >> but user needs to >> > choose new password when login for the first time after >> reset. So I assume >> > that this is the possibility you are already aware of. >> > >> > But note that after this reset, you know user's temporary >> password, so you >> > can login with this temporary password and update password >> as user himself. >> > Then user doesn't need to do anything, you just need to say >> him his >> > password. >> > >> > Another possibility is to create new REST endpoint by >> yourself, which will >> > use model API to do exactly what you want. For example see this >> > >> https://github.com/keycloak/keycloak/tree/master/testsuite/tools >> which is >> > REST application for adding big number of new users. You >> can maybe use >> > something similar. >> > >> > Marek >> > >> > >> > On 1.7.2014 00:01, Rodrigo Sasaki wrote: >> > >> > >> > >> > Hello again! >> > >> > Is there a way for me to define a password for a user >> through the REST API >> > without him having to define a new one on the next login? >> > >> > The only method I found to be close to what I want was the >> one that resets >> > the password, but I would like to redefine it without the >> user having >> > anything to do with it. >> > >> > Is it possible? >> > >> > -- >> > Rodrigo Sasaki >> > >> > >> > _______________________________________________ >> > keycloak-user mailing list keycloak-user at lists.jboss.org >> >> > https://lists.jboss.org/mailman/listinfo/keycloak-user >> > >> > >> > _______________________________________________ >> > keycloak-user mailing list >> > keycloak-user at lists.jboss.org >> >> > https://lists.jboss.org/mailman/listinfo/keycloak-user >> >> >> >> >> -- >> Rodrigo Sasaki > > > > > -- > Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140703/0cd5a883/attachment-0001.html From stian at redhat.com Thu Jul 3 04:36:51 2014 From: stian at redhat.com (Stian Thorgersen) Date: Thu, 3 Jul 2014 04:36:51 -0400 (EDT) Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: <1843524834.31400020.1403512964696.JavaMail.zimbra@redhat.com> References: <1843524834.31400020.1403512964696.JavaMail.zimbra@redhat.com> Message-ID: <1289758206.2795041.1404376611616.JavaMail.zimbra@redhat.com> How are you getting along with this? BTW Don't use the model API as I suggested, that's an internal API so wouldn't make much sense. Extending the *Representation classes sounds like a good option. ----- Original Message ----- > From: "Stian Thorgersen" > To: "Rodrigo Sasaki" > Cc: keycloak-user at lists.jboss.org > Sent: Monday, 23 June, 2014 9:42:44 AM > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > That's great! Absolutely something we want. Once it's in a usable state I'd > like to pull it in to our main Keycloak repo and include it as part of our > build and release. > > ----- Original Message ----- > > From: "Rodrigo Sasaki" > > To: keycloak-user at lists.jboss.org > > Sent: Friday, 20 June, 2014 9:00:57 PM > > Subject: [keycloak-user] Java Keycloak REST API Wrapper > > > > Hi, > > > > I'm working on a Java-based wrapper for the REST API, to make it look more > > OO, abstracting the access to servers. > > > > It uses methods such as > > > > User bill = realm.getUser("bburke") > > List roles = > > bill.getApplicationRoleMappings("customer-portal"); > > > > It's still in it's early stages, but if you find it interesting, I'd be > > happy > > to create a repo for other Java users to use it, and adapt it based on > > suggestions aswell. > > > > Best regards, > > > > -- > > Rodrigo Sasaki > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > From rodrigopsasaki at gmail.com Thu Jul 3 08:40:40 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Thu, 3 Jul 2014 09:40:40 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: <1289758206.2795041.1404376611616.JavaMail.zimbra@redhat.com> References: <1843524834.31400020.1403512964696.JavaMail.zimbra@redhat.com> <1289758206.2795041.1404376611616.JavaMail.zimbra@redhat.com> Message-ID: We have something working here, we're about to start using it, although it still isn't finished, I had some conversations with my superior, and he asked me to do some alterations, and as soon as we have it tested better, I'll request him to make the github repo public. I would really like to be able to contribute to Keycloak with this, so please let me know of any alterations you see fit as soon as you can see the code. But just so you can have a better feel (and maybe suggest something), this is an example of usage: Keycloak keycloak = Keycloak.getInstance(SERVER_URL, REALM, USERNAME, PASSWORD, CLIENT_ID, CLIENT_SECRET); // Create a new user UserRepresentation stian = new UserRepresentation(); stian.setUsername("stian"); keycloak.userService().create(stian); // Grant roles to user keycloak.userService().grantRoles("stian", roles); // Find all users List users = keycloak.userService().findAll(); My superior thought it was confusing to extend the representation, because some methods would only alter the values in the class, while others would actually access the REST API, so he suggested that we do it like the examples above. Any thoughts? On Thu, Jul 3, 2014 at 5:36 AM, Stian Thorgersen wrote: > How are you getting along with this? > > BTW Don't use the model API as I suggested, that's an internal API so > wouldn't make much sense. Extending the *Representation classes sounds like > a good option. > > ----- Original Message ----- > > From: "Stian Thorgersen" > > To: "Rodrigo Sasaki" > > Cc: keycloak-user at lists.jboss.org > > Sent: Monday, 23 June, 2014 9:42:44 AM > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > That's great! Absolutely something we want. Once it's in a usable state > I'd > > like to pull it in to our main Keycloak repo and include it as part of > our > > build and release. > > > > ----- Original Message ----- > > > From: "Rodrigo Sasaki" > > > To: keycloak-user at lists.jboss.org > > > Sent: Friday, 20 June, 2014 9:00:57 PM > > > Subject: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > Hi, > > > > > > I'm working on a Java-based wrapper for the REST API, to make it look > more > > > OO, abstracting the access to servers. > > > > > > It uses methods such as > > > > > > User bill = realm.getUser("bburke") > > > List roles = > > > bill.getApplicationRoleMappings("customer-portal"); > > > > > > It's still in it's early stages, but if you find it interesting, I'd be > > > happy > > > to create a repo for other Java users to use it, and adapt it based on > > > suggestions aswell. > > > > > > Best regards, > > > > > > -- > > > Rodrigo Sasaki > > > > > > _______________________________________________ > > > keycloak-user mailing list > > > keycloak-user at lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140703/32bd712a/attachment.html From stian at redhat.com Thu Jul 3 09:02:01 2014 From: stian at redhat.com (Stian Thorgersen) Date: Thu, 3 Jul 2014 09:02:01 -0400 (EDT) Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <1843524834.31400020.1403512964696.JavaMail.zimbra@redhat.com> <1289758206.2795041.1404376611616.JavaMail.zimbra@redhat.com> Message-ID: <1219105564.2991551.1404392521606.JavaMail.zimbra@redhat.com> Arguments for not extending the representation makes sense, and the example you include looks good as well. Nice stuff, look forward to looking at it once it's ready. ----- Original Message ----- > From: "Rodrigo Sasaki" > To: "Stian Thorgersen" > Cc: keycloak-user at lists.jboss.org > Sent: Thursday, 3 July, 2014 1:40:40 PM > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > We have something working here, we're about to start using it, although it > still isn't finished, > > I had some conversations with my superior, and he asked me to do some > alterations, and as soon as we have it tested better, I'll request him to > make the github repo public. I would really like to be able to contribute > to Keycloak with this, so please let me know of any alterations you see fit > as soon as you can see the code. > > But just so you can have a better feel (and maybe suggest something), this > is an example of usage: > > Keycloak keycloak = Keycloak.getInstance(SERVER_URL, REALM, USERNAME, > PASSWORD, CLIENT_ID, CLIENT_SECRET); > > // Create a new user > UserRepresentation stian = new UserRepresentation(); > stian.setUsername("stian"); > keycloak.userService().create(stian); > > // Grant roles to user > keycloak.userService().grantRoles("stian", roles); > > // Find all users > List users = keycloak.userService().findAll(); > > My superior thought it was confusing to extend the representation, because > some methods would only alter the values in the class, while others would > actually access the REST API, so he suggested that we do it like the > examples above. > > Any thoughts? > > > On Thu, Jul 3, 2014 at 5:36 AM, Stian Thorgersen wrote: > > > How are you getting along with this? > > > > BTW Don't use the model API as I suggested, that's an internal API so > > wouldn't make much sense. Extending the *Representation classes sounds like > > a good option. > > > > ----- Original Message ----- > > > From: "Stian Thorgersen" > > > To: "Rodrigo Sasaki" > > > Cc: keycloak-user at lists.jboss.org > > > Sent: Monday, 23 June, 2014 9:42:44 AM > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > That's great! Absolutely something we want. Once it's in a usable state > > I'd > > > like to pull it in to our main Keycloak repo and include it as part of > > our > > > build and release. > > > > > > ----- Original Message ----- > > > > From: "Rodrigo Sasaki" > > > > To: keycloak-user at lists.jboss.org > > > > Sent: Friday, 20 June, 2014 9:00:57 PM > > > > Subject: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > Hi, > > > > > > > > I'm working on a Java-based wrapper for the REST API, to make it look > > more > > > > OO, abstracting the access to servers. > > > > > > > > It uses methods such as > > > > > > > > User bill = realm.getUser("bburke") > > > > List roles = > > > > bill.getApplicationRoleMappings("customer-portal"); > > > > > > > > It's still in it's early stages, but if you find it interesting, I'd be > > > > happy > > > > to create a repo for other Java users to use it, and adapt it based on > > > > suggestions aswell. > > > > > > > > Best regards, > > > > > > > > -- > > > > Rodrigo Sasaki > > > > > > > > _______________________________________________ > > > > keycloak-user mailing list > > > > keycloak-user at lists.jboss.org > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > _______________________________________________ > > > keycloak-user mailing list > > > keycloak-user at lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > > -- > Rodrigo Sasaki > From stian at redhat.com Thu Jul 3 09:08:39 2014 From: stian at redhat.com (Stian Thorgersen) Date: Thu, 3 Jul 2014 09:08:39 -0400 (EDT) Subject: [keycloak-user] Bower for keycloak.js In-Reply-To: References: <1351976998.31398570.1403512840666.JavaMail.zimbra@redhat.com> Message-ID: <1190102066.2999055.1404392919878.JavaMail.zimbra@redhat.com> I've pulled in your stuff to https://github.com/keycloak/keycloak-js-bower I'd prefer the versions to match with Keycloak versions (1.0-beta-2, 1.0-beta-3, 1.0-final). Do you know if that'll be a problem? Also, I'm going to add minification of keycloak.js to our Maven build. We'll need it there as well + we're mainly Java/Maven guys ;) ----- Original Message ----- > From: "Josh" > To: "Stian Thorgersen" > Cc: keycloak-user at lists.jboss.org > Sent: Monday, 23 June, 2014 10:38:44 PM > Subject: Re: [keycloak-user] Bower for keycloak.js > > Looks like it's a manual process at the moment to get registry moved to a > different github endpont. Let me know when you have the project setup and > I'll contact the bower guys. > > - Josh > > > On Mon, Jun 23, 2014 at 12:56 PM, Josh wrote: > > > You bet, I actually had the thought that it would be better as part of the > > release cycle. I'll have to figure out how to transfer bower repositories > > because there was no login required to register a bower repo and currently > > I have taken "keycloak" which would be optimal for the project. > > > > > > On Mon, Jun 23, 2014 at 2:40 AM, Stian Thorgersen > > wrote: > > > >> Hi Josh, > >> > >> That's great - thanks for contributing this. I would like to transfer > >> this to https://github.com/keycloak though, I hope your happy with that. > >> > >> Thanks, > >> Stian > >> > >> ----- Original Message ----- > >> > From: "Josh" > >> > To: keycloak-user at lists.jboss.org > >> > Sent: Friday, 20 June, 2014 6:30:02 PM > >> > Subject: [keycloak-user] Bower for keycloak.js > >> > > >> > Hi guys, > >> > > >> > I have created a little github project to make keycloak.js available to > >> bower > >> > package manager . > >> > > >> > Project here: > >> > https://github.com/smysnk/keycloak-adapter-bower > >> > > >> > Usage: > >> > $ bower install keycloak > >> > > >> > - Josh > >> > > >> > > >> > _______________________________________________ > >> > keycloak-user mailing list > >> > keycloak-user at lists.jboss.org > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > >> > > > > > From rodrigopsasaki at gmail.com Thu Jul 3 09:36:16 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Thu, 3 Jul 2014 10:36:16 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: <1219105564.2991551.1404392521606.JavaMail.zimbra@redhat.com> References: <1843524834.31400020.1403512964696.JavaMail.zimbra@redhat.com> <1289758206.2795041.1404376611616.JavaMail.zimbra@redhat.com> <1219105564.2991551.1404392521606.JavaMail.zimbra@redhat.com> Message-ID: I have a thought, let me know if you think it's valid. the worst thing I see on this approach is having to send the username on every request, like this: keycloak.userService().grantRoles(username, roles); keycloak.userService().logoutFromAllSessions(username); What if there was a specific class for when you want to manipulate a specific user, like this: UserSomething user = keycloak.user(username); user.grantRoles(roles); user.logoutFromAllSessions(); And maybe the first one could be called as keycloak.users() and the latter as keycloak.user(username). Or it could be better to keep it as userSerivce, I'm not really sure what would be semantically better. Any thoughts? On Thu, Jul 3, 2014 at 10:02 AM, Stian Thorgersen wrote: > Arguments for not extending the representation makes sense, and the > example you include looks good as well. > > Nice stuff, look forward to looking at it once it's ready. > > ----- Original Message ----- > > From: "Rodrigo Sasaki" > > To: "Stian Thorgersen" > > Cc: keycloak-user at lists.jboss.org > > Sent: Thursday, 3 July, 2014 1:40:40 PM > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > We have something working here, we're about to start using it, although > it > > still isn't finished, > > > > I had some conversations with my superior, and he asked me to do some > > alterations, and as soon as we have it tested better, I'll request him to > > make the github repo public. I would really like to be able to contribute > > to Keycloak with this, so please let me know of any alterations you see > fit > > as soon as you can see the code. > > > > But just so you can have a better feel (and maybe suggest something), > this > > is an example of usage: > > > > Keycloak keycloak = Keycloak.getInstance(SERVER_URL, REALM, USERNAME, > > PASSWORD, CLIENT_ID, CLIENT_SECRET); > > > > // Create a new user > > UserRepresentation stian = new UserRepresentation(); > > stian.setUsername("stian"); > > keycloak.userService().create(stian); > > > > // Grant roles to user > > keycloak.userService().grantRoles("stian", roles); > > > > // Find all users > > List users = keycloak.userService().findAll(); > > > > My superior thought it was confusing to extend the representation, > because > > some methods would only alter the values in the class, while others would > > actually access the REST API, so he suggested that we do it like the > > examples above. > > > > Any thoughts? > > > > > > On Thu, Jul 3, 2014 at 5:36 AM, Stian Thorgersen > wrote: > > > > > How are you getting along with this? > > > > > > BTW Don't use the model API as I suggested, that's an internal API so > > > wouldn't make much sense. Extending the *Representation classes sounds > like > > > a good option. > > > > > > ----- Original Message ----- > > > > From: "Stian Thorgersen" > > > > To: "Rodrigo Sasaki" > > > > Cc: keycloak-user at lists.jboss.org > > > > Sent: Monday, 23 June, 2014 9:42:44 AM > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > That's great! Absolutely something we want. Once it's in a usable > state > > > I'd > > > > like to pull it in to our main Keycloak repo and include it as part > of > > > our > > > > build and release. > > > > > > > > ----- Original Message ----- > > > > > From: "Rodrigo Sasaki" > > > > > To: keycloak-user at lists.jboss.org > > > > > Sent: Friday, 20 June, 2014 9:00:57 PM > > > > > Subject: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > Hi, > > > > > > > > > > I'm working on a Java-based wrapper for the REST API, to make it > look > > > more > > > > > OO, abstracting the access to servers. > > > > > > > > > > It uses methods such as > > > > > > > > > > User bill = realm.getUser("bburke") > > > > > List roles = > > > > > bill.getApplicationRoleMappings("customer-portal"); > > > > > > > > > > It's still in it's early stages, but if you find it interesting, > I'd be > > > > > happy > > > > > to create a repo for other Java users to use it, and adapt it > based on > > > > > suggestions aswell. > > > > > > > > > > Best regards, > > > > > > > > > > -- > > > > > Rodrigo Sasaki > > > > > > > > > > _______________________________________________ > > > > > keycloak-user mailing list > > > > > keycloak-user at lists.jboss.org > > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > _______________________________________________ > > > > keycloak-user mailing list > > > > keycloak-user at lists.jboss.org > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > > > > > > > > -- > > Rodrigo Sasaki > > > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140703/e549d067/attachment-0001.html From smysnk at gmail.com Thu Jul 3 11:46:09 2014 From: smysnk at gmail.com (Josh) Date: Thu, 3 Jul 2014 09:46:09 -0600 Subject: [keycloak-user] Bower for keycloak.js In-Reply-To: <1190102066.2999055.1404392919878.JavaMail.zimbra@redhat.com> References: <1351976998.31398570.1403512840666.JavaMail.zimbra@redhat.com> <1190102066.2999055.1404392919878.JavaMail.zimbra@redhat.com> Message-ID: I do think there is a problem using that version format, I think I tried it originally and bower was having none of it. This could be because they use version for auto upgrade purposes, where one can use a "~" character to prefix the version to allow upgrades in version minors in the bower.json file. eg. "dependencies": { "keycloak": "~0.3.12" }, I have to admit I've been pulled to the dark side a little bit, it do enjoy npm / bower for doing javascript type build processes (sometimes a necessary evil). I was never a a fan of 'grunt' but found that 'gulp' is much better. I have a hybrid build process in my java apps where I sometimes break out of maven to execute some gulp build processes. But I understand for project like keycloak 'npm / gulp' adds a lot of complexity to build process and is not desirable. I'll talk to the bower guys to get keycloak switched over to your fork :D On Thu, Jul 3, 2014 at 7:08 AM, Stian Thorgersen wrote: > I've pulled in your stuff to https://github.com/keycloak/keycloak-js-bower > > I'd prefer the versions to match with Keycloak versions (1.0-beta-2, > 1.0-beta-3, 1.0-final). Do you know if that'll be a problem? > > Also, I'm going to add minification of keycloak.js to our Maven build. > We'll need it there as well + we're mainly Java/Maven guys ;) > > ----- Original Message ----- > > From: "Josh" > > To: "Stian Thorgersen" > > Cc: keycloak-user at lists.jboss.org > > Sent: Monday, 23 June, 2014 10:38:44 PM > > Subject: Re: [keycloak-user] Bower for keycloak.js > > > > Looks like it's a manual process at the moment to get registry moved to a > > different github endpont. Let me know when you have the project setup > and > > I'll contact the bower guys. > > > > - Josh > > > > > > On Mon, Jun 23, 2014 at 12:56 PM, Josh wrote: > > > > > You bet, I actually had the thought that it would be better as part of > the > > > release cycle. I'll have to figure out how to transfer bower > repositories > > > because there was no login required to register a bower repo and > currently > > > I have taken "keycloak" which would be optimal for the project. > > > > > > > > > On Mon, Jun 23, 2014 at 2:40 AM, Stian Thorgersen > > > wrote: > > > > > >> Hi Josh, > > >> > > >> That's great - thanks for contributing this. I would like to transfer > > >> this to https://github.com/keycloak though, I hope your happy with > that. > > >> > > >> Thanks, > > >> Stian > > >> > > >> ----- Original Message ----- > > >> > From: "Josh" > > >> > To: keycloak-user at lists.jboss.org > > >> > Sent: Friday, 20 June, 2014 6:30:02 PM > > >> > Subject: [keycloak-user] Bower for keycloak.js > > >> > > > >> > Hi guys, > > >> > > > >> > I have created a little github project to make keycloak.js > available to > > >> bower > > >> > package manager . > > >> > > > >> > Project here: > > >> > https://github.com/smysnk/keycloak-adapter-bower > > >> > > > >> > Usage: > > >> > $ bower install keycloak > > >> > > > >> > - Josh > > >> > > > >> > > > >> > _______________________________________________ > > >> > keycloak-user mailing list > > >> > keycloak-user at lists.jboss.org > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > >> > > > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140703/ea18cdfe/attachment.html From peterson.dean at gmail.com Thu Jul 3 12:25:03 2014 From: peterson.dean at gmail.com (Dean Peterson) Date: Thu, 3 Jul 2014 11:25:03 -0500 Subject: [keycloak-user] Ambiguous dependency error Message-ID: I just pulled down the latest version of everything, rebuilt, dropped in the new wildfly modules and I get the following error when I start the server: Caused by: org.jboss.weld.exceptions.AmbiguousResolutionException: WELD-001318: Cannot resolve an ambiguous dependency between: - Managed Bean [class org.keycloak.SkeletonKeyContextResolver] with qualifiers [@Any @Default], - Managed Bean [class org.keycloak.SkeletonKeyContextResolver] with qualifiers [@Any @Default] at org.jboss.weld.manager.BeanManagerImpl.resolve(BeanManagerImpl.java:1181) at org.jboss.weld.util.ForwardingBeanManager.resolve(ForwardingBeanManager.java:91) at org.jboss.weld.bean.builtin.BeanManagerProxy.resolve(BeanManagerProxy.java:110) at org.jboss.resteasy.cdi.CdiConstructorInjector.construct(CdiConstructorInjector.java:62) at org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2175) at org.jboss.resteasy.spi.ResteasyProviderFactory.addContextResolver(ResteasyProviderFactory.java:1072) at org.jboss.resteasy.spi.ResteasyProviderFactory.registerProvider(ResteasyProviderFactory.java:1601) ... 16 more -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140703/baf01fcb/attachment.html From peterson.dean at gmail.com Thu Jul 3 12:28:50 2014 From: peterson.dean at gmail.com (Dean Peterson) Date: Thu, 3 Jul 2014 11:28:50 -0500 Subject: [keycloak-user] Please disregard Message-ID: Please disregard my previous post about the ambiguous dependency error. I did not clean the working directory of the server. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140703/59c5b2cb/attachment.html From juraci at kroehling.de Tue Jul 8 08:32:33 2014 From: juraci at kroehling.de (=?ISO-8859-1?Q?Juraci_Paix=E3o_Kr=F6hling?=) Date: Tue, 08 Jul 2014 14:32:33 +0200 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: Message-ID: <53BBE4E1.1080405@kroehling.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello Rodrigo, Do you have news about this? I'm working on a task that would require me to do something similar, so, I think it would best if we can collaborate on this API :-) If/when you have some time, we could have a chat via IRC (jpkroehling at #keycloak on freenode). - - Juca. On 06/20/2014 10:00 PM, Rodrigo Sasaki wrote: > I'm working on a Java-based wrapper for the REST API, to make it > look more OO, abstracting the access to servers. > > It uses methods such as > > User bill = realm.getUser("bburke") List roles > = bill.getApplicationRoleMappings("customer-portal"); > > It's still in it's early stages, but if you find it interesting, > I'd be happy to create a repo for other Java users to use it, and > adapt it based on suggestions aswell. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= =3O4p -----END PGP SIGNATURE----- From rodrigopsasaki at gmail.com Tue Jul 8 08:50:14 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Tue, 8 Jul 2014 09:50:14 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: <53BBE4E1.1080405@kroehling.de> References: <53BBE4E1.1080405@kroehling.de> Message-ID: Oh yes, I believe it is already very usable. All I need now is to get my manager to agree to make this repo public, because there is a policy that all repos are private in this project we're working in, but I don't think we'll have problems with this. I pitched him the idea of contributing to Keycloak and he seemed to like it On Tue, Jul 8, 2014 at 9:32 AM, Juraci Paix?o Kr?hling wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hello Rodrigo, > > Do you have news about this? I'm working on a task that would require > me to do something similar, so, I think it would best if we can > collaborate on this API :-) > > If/when you have some time, we could have a chat via IRC (jpkroehling > at #keycloak on freenode). > > - - Juca. > > On 06/20/2014 10:00 PM, Rodrigo Sasaki wrote: > > I'm working on a Java-based wrapper for the REST API, to make it > > look more OO, abstracting the access to servers. > > > > It uses methods such as > > > > User bill = realm.getUser("bburke") List roles > > = bill.getApplicationRoleMappings("customer-portal"); > > > > It's still in it's early stages, but if you find it interesting, > > I'd be happy to create a repo for other Java users to use it, and > > adapt it based on suggestions aswell. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d > snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA > X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z > 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp > iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= > =3O4p > -----END PGP SIGNATURE----- > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140708/feae990d/attachment.html From stian at redhat.com Tue Jul 8 08:55:40 2014 From: stian at redhat.com (Stian Thorgersen) Date: Tue, 8 Jul 2014 08:55:40 -0400 (EDT) Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <53BBE4E1.1080405@kroehling.de> Message-ID: <1364847493.5591509.1404824140196.JavaMail.zimbra@redhat.com> Ideal way to contribute it to Keycloak would be if you fork the Keycloak repo, add a module and do a PR ;) ----- Original Message ----- > From: "Rodrigo Sasaki" > To: "Juraci Paix?o Kr?hling" > Cc: keycloak-user at lists.jboss.org > Sent: Tuesday, 8 July, 2014 1:50:14 PM > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > Oh yes, I believe it is already very usable. > > All I need now is to get my manager to agree to make this repo public, > because there is a policy that all repos are private in this project we're > working in, but I don't think we'll have problems with this. I pitched him > the idea of contributing to Keycloak and he seemed to like it > > > On Tue, Jul 8, 2014 at 9:32 AM, Juraci Paix?o Kr?hling < juraci at kroehling.de > > wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hello Rodrigo, > > Do you have news about this? I'm working on a task that would require > me to do something similar, so, I think it would best if we can > collaborate on this API :-) > > If/when you have some time, we could have a chat via IRC (jpkroehling > at #keycloak on freenode). > > - - Juca. > > On 06/20/2014 10:00 PM, Rodrigo Sasaki wrote: > > I'm working on a Java-based wrapper for the REST API, to make it > > look more OO, abstracting the access to servers. > > > > It uses methods such as > > > > User bill = realm.getUser("bburke") List roles > > = bill.getApplicationRoleMappings("customer-portal"); > > > > It's still in it's early stages, but if you find it interesting, > > I'd be happy to create a repo for other Java users to use it, and > > adapt it based on suggestions aswell. > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d > snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA > X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z > 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp > iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= > =3O4p > -----END PGP SIGNATURE----- > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > -- > Rodrigo Sasaki > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user From rodrigopsasaki at gmail.com Tue Jul 8 09:00:33 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Tue, 8 Jul 2014 10:00:33 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: <1364847493.5591509.1404824140196.JavaMail.zimbra@redhat.com> References: <53BBE4E1.1080405@kroehling.de> <1364847493.5591509.1404824140196.JavaMail.zimbra@redhat.com> Message-ID: I would really like to do that :) All I'm waiting for is an OK to do it, because it was built inside the company, so I need approval. But I really believe it'll get a lot better when it's out there, and you can all pitch in On Tue, Jul 8, 2014 at 9:55 AM, Stian Thorgersen wrote: > Ideal way to contribute it to Keycloak would be if you fork the Keycloak > repo, add a module and do a PR ;) > > ----- Original Message ----- > > From: "Rodrigo Sasaki" > > To: "Juraci Paix?o Kr?hling" > > Cc: keycloak-user at lists.jboss.org > > Sent: Tuesday, 8 July, 2014 1:50:14 PM > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > Oh yes, I believe it is already very usable. > > > > All I need now is to get my manager to agree to make this repo public, > > because there is a policy that all repos are private in this project > we're > > working in, but I don't think we'll have problems with this. I pitched > him > > the idea of contributing to Keycloak and he seemed to like it > > > > > > On Tue, Jul 8, 2014 at 9:32 AM, Juraci Paix?o Kr?hling < > juraci at kroehling.de > > > wrote: > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA512 > > > > Hello Rodrigo, > > > > Do you have news about this? I'm working on a task that would require > > me to do something similar, so, I think it would best if we can > > collaborate on this API :-) > > > > If/when you have some time, we could have a chat via IRC (jpkroehling > > at #keycloak on freenode). > > > > - - Juca. > > > > On 06/20/2014 10:00 PM, Rodrigo Sasaki wrote: > > > I'm working on a Java-based wrapper for the REST API, to make it > > > look more OO, abstracting the access to servers. > > > > > > It uses methods such as > > > > > > User bill = realm.getUser("bburke") List roles > > > = bill.getApplicationRoleMappings("customer-portal"); > > > > > > It's still in it's early stages, but if you find it interesting, > > > I'd be happy to create a repo for other Java users to use it, and > > > adapt it based on suggestions aswell. > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v2 > > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > > > iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d > > snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA > > X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z > > 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > > srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp > > iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= > > =3O4p > > -----END PGP SIGNATURE----- > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > -- > > Rodrigo Sasaki > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140708/ef51894f/attachment.html From christinalau28 at icloud.com Tue Jul 8 11:34:57 2014 From: christinalau28 at icloud.com (Christina Lau) Date: Tue, 08 Jul 2014 11:34:57 -0400 Subject: [keycloak-user] Keycloak and registration workflow for REST API platform Message-ID: I am wondering if I can use Keycloak to implementation the registration workflow for a REST API platform, similar to Twitter (https://apps.twitter.com/) or Linkedln (https://developer.linkedin.com/rest). I found some features like social login very applicable. However I am not quite sure how I will model this in Keycloak. For example, will I have 1 realm per user and each user that registers will have their own oauth client for their third party appl(s) that I need to grant access to similar to the Tutorial 3 demo? If this is feasible to implement, can you outline the steps involved in this use case. I am thinking I will need to build a lot of it using the REST APIs you provided. Thanks in advance for any help. Christina From stian at redhat.com Wed Jul 9 04:15:17 2014 From: stian at redhat.com (Stian Thorgersen) Date: Wed, 9 Jul 2014 04:15:17 -0400 (EDT) Subject: [keycloak-user] Keycloak and registration workflow for REST API platform In-Reply-To: References: Message-ID: <286449106.6274778.1404893717304.JavaMail.zimbra@redhat.com> To answer your question properly I'd need more details about what you're trying to achieve. It does sound like we pretty much already have what you need, with the exception of letting users themselves create clients. Depending on your use case it may be a good idea to have a single realm (and share users) between all developers/applications, or it may be better to have a realm per developer/application. For the latter we do have a role that lets users create new realms, but not use any other realms. This could be used to let a developer register with your platform and then be able to login to the admin console to create clients, users, or whatever they want. For the first we have discussed in the past, but do not support it yet, the ability to let users register clients through the account management console. ----- Original Message ----- > From: "Christina Lau" > To: keycloak-user at lists.jboss.org > Sent: Tuesday, 8 July, 2014 4:34:57 PM > Subject: [keycloak-user] Keycloak and registration workflow for REST API platform > > I am wondering if I can use Keycloak to implementation the registration > workflow for a REST API platform, similar to Twitter > (https://apps.twitter.com/) or Linkedln > (https://developer.linkedin.com/rest). > > I found some features like social login very applicable. However I am not > quite sure how I will model this in Keycloak. For example, will I have 1 > realm per user and each user that registers will have their own oauth client > for their third party appl(s) that I need to grant access to similar to the > Tutorial 3 demo? > > If this is feasible to implement, can you outline the steps involved in this > use case. I am thinking I will need to build a lot of it using the REST APIs > you provided. Thanks in advance for any help. > > Christina > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > From christinalau28 at icloud.com Wed Jul 9 08:46:41 2014 From: christinalau28 at icloud.com (Christina Lau) Date: Wed, 09 Jul 2014 08:46:41 -0400 Subject: [keycloak-user] Keycloak and registration workflow for REST API platform In-Reply-To: <286449106.6274778.1404893717304.JavaMail.zimbra@redhat.com> References: <286449106.6274778.1404893717304.JavaMail.zimbra@redhat.com> Message-ID: Hello Stian, here is what I am trying to do: 1. Create a self-service registration application, all users will use this application to register with their own email or twitter/facebook/google acct email. I will imagine I use the Keycloak login and use CSS to customize it to integrate with my own application. 2. The user will be issued a key/access token, this key will be used later to authorize the REST calls Now I want to support 3 kinds of authorization for the different REST calls: 1. API key only - for calls that just need to establish identity, but don't need to authenticate or authorize. 2. Authentication for more sensitive calls where I want to delegate authorization to a trusted location (i.e. keycloak) 3. Authorization for certain services where only authorized partners can invoke. Can you outline how I can implement this in Keycloak, esp what part I have to implement myself. I plan to use RestEasy to implement Restful services, but I need to make sure the Restful services can be called by all clients (i.e. support popular OAuth libraries). Thanks? Christina On Jul 9, 2014, at 4:15 AM, Stian Thorgersen wrote: > To answer your question properly I'd need more details about what you're trying to achieve. > > It does sound like we pretty much already have what you need, with the exception of letting users themselves create clients. Depending on your use case it may be a good idea to have a single realm (and share users) between all developers/applications, or it may be better to have a realm per developer/application. > > For the latter we do have a role that lets users create new realms, but not use any other realms. This could be used to let a developer register with your platform and then be able to login to the admin console to create clients, users, or whatever they want. For the first we have discussed in the past, but do not support it yet, the ability to let users register clients through the account management console. > > ----- Original Message ----- >> From: "Christina Lau" >> To: keycloak-user at lists.jboss.org >> Sent: Tuesday, 8 July, 2014 4:34:57 PM >> Subject: [keycloak-user] Keycloak and registration workflow for REST API platform >> >> I am wondering if I can use Keycloak to implementation the registration >> workflow for a REST API platform, similar to Twitter >> (https://apps.twitter.com/) or Linkedln >> (https://developer.linkedin.com/rest). >> >> I found some features like social login very applicable. However I am not >> quite sure how I will model this in Keycloak. For example, will I have 1 >> realm per user and each user that registers will have their own oauth client >> for their third party appl(s) that I need to grant access to similar to the >> Tutorial 3 demo? >> >> If this is feasible to implement, can you outline the steps involved in this >> use case. I am thinking I will need to build a lot of it using the REST APIs >> you provided. Thanks in advance for any help. >> >> Christina >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> From stian at redhat.com Wed Jul 9 11:01:00 2014 From: stian at redhat.com (Stian Thorgersen) Date: Wed, 9 Jul 2014 11:01:00 -0400 (EDT) Subject: [keycloak-user] Keycloak and registration workflow for REST API platform In-Reply-To: References: <286449106.6274778.1404893717304.JavaMail.zimbra@redhat.com> Message-ID: <1457676300.6564631.1404918060221.JavaMail.zimbra@redhat.com> We did have some plans to provide something like this in Keycloak. Basically it would be possible for users to create their own applications through account management console. However, we simply don't have time to add this at the moment. In the mean time there's at least two options available: * Create your own application that lets users register applications, and use the KC admin endpoints to create a client. You could then use the client_id as the API keys, so users wouldn't have to deal with both an API key and a oauth2 client id. You can also add scope mappings to these clients to control what roles/features of your app they can access * Contribute this to Keycloak - if this is something you're interested in let me know and we can look at how feasible that would be With regards to 1, you'd have to add that yourself. You could extend our adapter (or add your own) that extracts the API key from a query param and/or header and uses the KC admin endpoints to verify that it corresponds to the id of a client, and that the client has the required scopes. ----- Original Message ----- > From: "Christina Lau" > To: "Stian Thorgersen" , keycloak-user at lists.jboss.org > Sent: Wednesday, 9 July, 2014 1:46:41 PM > Subject: Re: [keycloak-user] Keycloak and registration workflow for REST API platform > > Hello Stian, here is what I am trying to do: > > 1. Create a self-service registration application, all users will use this > application to register with their own email or twitter/facebook/google acct > email. I will imagine I use the Keycloak login and use CSS to customize it > to integrate with my own application. > > 2. The user will be issued a key/access token, this key will be used later to > authorize the REST calls > > Now I want to support 3 kinds of authorization for the different REST calls: > > 1. API key only - for calls that just need to establish identity, but don't > need to authenticate or authorize. > 2. Authentication for more sensitive calls where I want to delegate > authorization to a trusted location (i.e. keycloak) > 3. Authorization for certain services where only authorized partners can > invoke. > > Can you outline how I can implement this in Keycloak, esp what part I have to > implement myself. I plan to use RestEasy to implement Restful services, but > I need to make sure the Restful services can be called by all clients (i.e. > support popular OAuth libraries). Thanks? > > Christina > > On Jul 9, 2014, at 4:15 AM, Stian Thorgersen wrote: > > > To answer your question properly I'd need more details about what you're > > trying to achieve. > > > > It does sound like we pretty much already have what you need, with the > > exception of letting users themselves create clients. Depending on your > > use case it may be a good idea to have a single realm (and share users) > > between all developers/applications, or it may be better to have a realm > > per developer/application. > > > > For the latter we do have a role that lets users create new realms, but not > > use any other realms. This could be used to let a developer register with > > your platform and then be able to login to the admin console to create > > clients, users, or whatever they want. For the first we have discussed in > > the past, but do not support it yet, the ability to let users register > > clients through the account management console. > > > > ----- Original Message ----- > >> From: "Christina Lau" > >> To: keycloak-user at lists.jboss.org > >> Sent: Tuesday, 8 July, 2014 4:34:57 PM > >> Subject: [keycloak-user] Keycloak and registration workflow for REST API > >> platform > >> > >> I am wondering if I can use Keycloak to implementation the registration > >> workflow for a REST API platform, similar to Twitter > >> (https://apps.twitter.com/) or Linkedln > >> (https://developer.linkedin.com/rest). > >> > >> I found some features like social login very applicable. However I am not > >> quite sure how I will model this in Keycloak. For example, will I have 1 > >> realm per user and each user that registers will have their own oauth > >> client > >> for their third party appl(s) that I need to grant access to similar to > >> the > >> Tutorial 3 demo? > >> > >> If this is feasible to implement, can you outline the steps involved in > >> this > >> use case. I am thinking I will need to build a lot of it using the REST > >> APIs > >> you provided. Thanks in advance for any help. > >> > >> Christina > >> _______________________________________________ > >> keycloak-user mailing list > >> keycloak-user at lists.jboss.org > >> https://lists.jboss.org/mailman/listinfo/keycloak-user > >> > > From christinalau28 at icloud.com Thu Jul 10 07:05:05 2014 From: christinalau28 at icloud.com (Christina Lau) Date: Thu, 10 Jul 2014 07:05:05 -0400 Subject: [keycloak-user] Keycloak and registration workflow for REST API platform In-Reply-To: <1457676300.6564631.1404918060221.JavaMail.zimbra@redhat.com> References: <286449106.6274778.1404893717304.JavaMail.zimbra@redhat.com> <1457676300.6564631.1404918060221.JavaMail.zimbra@redhat.com> Message-ID: <35CFDC62-7329-4229-83AD-B82C73866957@icloud.com> It seems a little involve what you described below. I may need more help if I go with the approach you mentioned. I am also asking Red Hat RestEasy team re their OAuth support, and they point me here as they also do not provide any OAuth support in RestEasy https://docs.jboss.org/resteasy/docs/3.0.7.Final/userguide/html/oauth2.html Support Case: https://access.redhat.com/support/cases/01136430/ It seems a little convoluted as well and I have to do a lot of work to secure the REST APIs. Can you comment on these 2 alternatives? I am not a security expert and don?t really want to spend a lot of time implementing, will rather have more out of the box solution. Thanks. Christina On Jul 9, 2014, at 11:01 AM, Stian Thorgersen wrote: > We did have some plans to provide something like this in Keycloak. Basically it would be possible for users to create their own applications through account management console. However, we simply don't have time to add this at the moment. > > In the mean time there's at least two options available: > > * Create your own application that lets users register applications, and use the KC admin endpoints to create a client. You could then use the client_id as the API keys, so users wouldn't have to deal with both an API key and a oauth2 client id. You can also add scope mappings to these clients to control what roles/features of your app they can access > * Contribute this to Keycloak - if this is something you're interested in let me know and we can look at how feasible that would be > > With regards to 1, you'd have to add that yourself. You could extend our adapter (or add your own) that extracts the API key from a query param and/or header and uses the KC admin endpoints to verify that it corresponds to the id of a client, and that the client has the required scopes. > > ----- Original Message ----- >> From: "Christina Lau" >> To: "Stian Thorgersen" , keycloak-user at lists.jboss.org >> Sent: Wednesday, 9 July, 2014 1:46:41 PM >> Subject: Re: [keycloak-user] Keycloak and registration workflow for REST API platform >> >> Hello Stian, here is what I am trying to do: >> >> 1. Create a self-service registration application, all users will use this >> application to register with their own email or twitter/facebook/google acct >> email. I will imagine I use the Keycloak login and use CSS to customize it >> to integrate with my own application. >> >> 2. The user will be issued a key/access token, this key will be used later to >> authorize the REST calls >> >> Now I want to support 3 kinds of authorization for the different REST calls: >> >> 1. API key only - for calls that just need to establish identity, but don't >> need to authenticate or authorize. >> 2. Authentication for more sensitive calls where I want to delegate >> authorization to a trusted location (i.e. keycloak) >> 3. Authorization for certain services where only authorized partners can >> invoke. >> >> Can you outline how I can implement this in Keycloak, esp what part I have to >> implement myself. I plan to use RestEasy to implement Restful services, but >> I need to make sure the Restful services can be called by all clients (i.e. >> support popular OAuth libraries). Thanks? >> >> Christina >> >> On Jul 9, 2014, at 4:15 AM, Stian Thorgersen wrote: >> >>> To answer your question properly I'd need more details about what you're >>> trying to achieve. >>> >>> It does sound like we pretty much already have what you need, with the >>> exception of letting users themselves create clients. Depending on your >>> use case it may be a good idea to have a single realm (and share users) >>> between all developers/applications, or it may be better to have a realm >>> per developer/application. >>> >>> For the latter we do have a role that lets users create new realms, but not >>> use any other realms. This could be used to let a developer register with >>> your platform and then be able to login to the admin console to create >>> clients, users, or whatever they want. For the first we have discussed in >>> the past, but do not support it yet, the ability to let users register >>> clients through the account management console. >>> >>> ----- Original Message ----- >>>> From: "Christina Lau" >>>> To: keycloak-user at lists.jboss.org >>>> Sent: Tuesday, 8 July, 2014 4:34:57 PM >>>> Subject: [keycloak-user] Keycloak and registration workflow for REST API >>>> platform >>>> >>>> I am wondering if I can use Keycloak to implementation the registration >>>> workflow for a REST API platform, similar to Twitter >>>> (https://apps.twitter.com/) or Linkedln >>>> (https://developer.linkedin.com/rest). >>>> >>>> I found some features like social login very applicable. However I am not >>>> quite sure how I will model this in Keycloak. For example, will I have 1 >>>> realm per user and each user that registers will have their own oauth >>>> client >>>> for their third party appl(s) that I need to grant access to similar to >>>> the >>>> Tutorial 3 demo? >>>> >>>> If this is feasible to implement, can you outline the steps involved in >>>> this >>>> use case. I am thinking I will need to build a lot of it using the REST >>>> APIs >>>> you provided. Thanks in advance for any help. >>>> >>>> Christina >>>> _______________________________________________ >>>> keycloak-user mailing list >>>> keycloak-user at lists.jboss.org >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>> >> >> From stian at redhat.com Thu Jul 10 09:07:32 2014 From: stian at redhat.com (Stian Thorgersen) Date: Thu, 10 Jul 2014 09:07:32 -0400 (EDT) Subject: [keycloak-user] Keycloak and registration workflow for REST API platform In-Reply-To: <35CFDC62-7329-4229-83AD-B82C73866957@icloud.com> References: <286449106.6274778.1404893717304.JavaMail.zimbra@redhat.com> <1457676300.6564631.1404918060221.JavaMail.zimbra@redhat.com> <35CFDC62-7329-4229-83AD-B82C73866957@icloud.com> Message-ID: <747490434.7341659.1404997652647.JavaMail.zimbra@redhat.com> There's not that much you have to do really. Keycloak provides most of what you'll need (OAuth2, securing rest services with rbac, user management, login/registration forms, social logins, etc.). As I said the only two pieces we don't provide are: 1. Allow users to register applications/clients themselves, this has to be done by admins at the moment 2. API key for unauthenticated requests - this could be done quite easily with a JAX-RS interceptor I'd start without 1 and 2, then add those once you've got things working. ----- Original Message ----- > From: "Christina Lau" > To: "Stian Thorgersen" > Cc: keycloak-user at lists.jboss.org > Sent: Thursday, 10 July, 2014 12:05:05 PM > Subject: Re: [keycloak-user] Keycloak and registration workflow for REST API platform > > It seems a little involve what you described below. I may need more help if I > go with the approach you mentioned. > > I am also asking Red Hat RestEasy team re their OAuth support, and they point > me here as they also do not provide any OAuth support in RestEasy > > https://docs.jboss.org/resteasy/docs/3.0.7.Final/userguide/html/oauth2.html > > Support Case: https://access.redhat.com/support/cases/01136430/ > > It seems a little convoluted as well and I have to do a lot of work to secure > the REST APIs. > > Can you comment on these 2 alternatives? I am not a security expert and don?t > really want to spend a lot of time implementing, will rather have more out > of the box solution. Thanks. > > Christina > > On Jul 9, 2014, at 11:01 AM, Stian Thorgersen wrote: > > > We did have some plans to provide something like this in Keycloak. > > Basically it would be possible for users to create their own applications > > through account management console. However, we simply don't have time to > > add this at the moment. > > > > In the mean time there's at least two options available: > > > > * Create your own application that lets users register applications, and > > use the KC admin endpoints to create a client. You could then use the > > client_id as the API keys, so users wouldn't have to deal with both an API > > key and a oauth2 client id. You can also add scope mappings to these > > clients to control what roles/features of your app they can access > > * Contribute this to Keycloak - if this is something you're interested in > > let me know and we can look at how feasible that would be > > > > With regards to 1, you'd have to add that yourself. You could extend our > > adapter (or add your own) that extracts the API key from a query param > > and/or header and uses the KC admin endpoints to verify that it > > corresponds to the id of a client, and that the client has the required > > scopes. > > > > ----- Original Message ----- > >> From: "Christina Lau" > >> To: "Stian Thorgersen" , keycloak-user at lists.jboss.org > >> Sent: Wednesday, 9 July, 2014 1:46:41 PM > >> Subject: Re: [keycloak-user] Keycloak and registration workflow for REST > >> API platform > >> > >> Hello Stian, here is what I am trying to do: > >> > >> 1. Create a self-service registration application, all users will use this > >> application to register with their own email or twitter/facebook/google > >> acct > >> email. I will imagine I use the Keycloak login and use CSS to customize > >> it > >> to integrate with my own application. > >> > >> 2. The user will be issued a key/access token, this key will be used later > >> to > >> authorize the REST calls > >> > >> Now I want to support 3 kinds of authorization for the different REST > >> calls: > >> > >> 1. API key only - for calls that just need to establish identity, but > >> don't > >> need to authenticate or authorize. > >> 2. Authentication for more sensitive calls where I want to delegate > >> authorization to a trusted location (i.e. keycloak) > >> 3. Authorization for certain services where only authorized partners can > >> invoke. > >> > >> Can you outline how I can implement this in Keycloak, esp what part I have > >> to > >> implement myself. I plan to use RestEasy to implement Restful services, > >> but > >> I need to make sure the Restful services can be called by all clients > >> (i.e. > >> support popular OAuth libraries). Thanks? > >> > >> Christina > >> > >> On Jul 9, 2014, at 4:15 AM, Stian Thorgersen wrote: > >> > >>> To answer your question properly I'd need more details about what you're > >>> trying to achieve. > >>> > >>> It does sound like we pretty much already have what you need, with the > >>> exception of letting users themselves create clients. Depending on your > >>> use case it may be a good idea to have a single realm (and share users) > >>> between all developers/applications, or it may be better to have a realm > >>> per developer/application. > >>> > >>> For the latter we do have a role that lets users create new realms, but > >>> not > >>> use any other realms. This could be used to let a developer register with > >>> your platform and then be able to login to the admin console to create > >>> clients, users, or whatever they want. For the first we have discussed in > >>> the past, but do not support it yet, the ability to let users register > >>> clients through the account management console. > >>> > >>> ----- Original Message ----- > >>>> From: "Christina Lau" > >>>> To: keycloak-user at lists.jboss.org > >>>> Sent: Tuesday, 8 July, 2014 4:34:57 PM > >>>> Subject: [keycloak-user] Keycloak and registration workflow for REST API > >>>> platform > >>>> > >>>> I am wondering if I can use Keycloak to implementation the registration > >>>> workflow for a REST API platform, similar to Twitter > >>>> (https://apps.twitter.com/) or Linkedln > >>>> (https://developer.linkedin.com/rest). > >>>> > >>>> I found some features like social login very applicable. However I am > >>>> not > >>>> quite sure how I will model this in Keycloak. For example, will I have 1 > >>>> realm per user and each user that registers will have their own oauth > >>>> client > >>>> for their third party appl(s) that I need to grant access to similar to > >>>> the > >>>> Tutorial 3 demo? > >>>> > >>>> If this is feasible to implement, can you outline the steps involved in > >>>> this > >>>> use case. I am thinking I will need to build a lot of it using the REST > >>>> APIs > >>>> you provided. Thanks in advance for any help. > >>>> > >>>> Christina > >>>> _______________________________________________ > >>>> keycloak-user mailing list > >>>> keycloak-user at lists.jboss.org > >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user > >>>> > >> > >> > > From bburke at redhat.com Thu Jul 10 10:38:54 2014 From: bburke at redhat.com (Bill Burke) Date: Thu, 10 Jul 2014 10:38:54 -0400 Subject: [keycloak-user] Keycloak and registration workflow for REST API platform In-Reply-To: <35CFDC62-7329-4229-83AD-B82C73866957@icloud.com> References: <286449106.6274778.1404893717304.JavaMail.zimbra@redhat.com> <1457676300.6564631.1404918060221.JavaMail.zimbra@redhat.com> <35CFDC62-7329-4229-83AD-B82C73866957@icloud.com> Message-ID: <53BEA57E.1050200@redhat.com> I wrote the resteasy oauth2 support. The problem with it is that it is *VERY* limited. It is built on top of the current JBoss EAP 6.x and AS 7.1 security architecture, specifically on top of JAAS LoginModules. Managing users, roles, role mappings, realm config, etc, is basically up to you. FYI, this limitation is the reason I started the Keycloak project!!!!! On 7/10/2014 7:05 AM, Christina Lau wrote: > It seems a little involve what you described below. I may need more help if I go with the approach you mentioned. > > I am also asking Red Hat RestEasy team re their OAuth support, and they point me here as they also do not provide any OAuth support in RestEasy > > https://docs.jboss.org/resteasy/docs/3.0.7.Final/userguide/html/oauth2.html > > Support Case: https://access.redhat.com/support/cases/01136430/ > > It seems a little convoluted as well and I have to do a lot of work to secure the REST APIs. > > Can you comment on these 2 alternatives? I am not a security expert and don?t really want to spend a lot of time implementing, will rather have more out of the box solution. Thanks. > > Christina > > On Jul 9, 2014, at 11:01 AM, Stian Thorgersen wrote: > >> We did have some plans to provide something like this in Keycloak. Basically it would be possible for users to create their own applications through account management console. However, we simply don't have time to add this at the moment. >> >> In the mean time there's at least two options available: >> >> * Create your own application that lets users register applications, and use the KC admin endpoints to create a client. You could then use the client_id as the API keys, so users wouldn't have to deal with both an API key and a oauth2 client id. You can also add scope mappings to these clients to control what roles/features of your app they can access >> * Contribute this to Keycloak - if this is something you're interested in let me know and we can look at how feasible that would be >> >> With regards to 1, you'd have to add that yourself. You could extend our adapter (or add your own) that extracts the API key from a query param and/or header and uses the KC admin endpoints to verify that it corresponds to the id of a client, and that the client has the required scopes. >> >> ----- Original Message ----- >>> From: "Christina Lau" >>> To: "Stian Thorgersen" , keycloak-user at lists.jboss.org >>> Sent: Wednesday, 9 July, 2014 1:46:41 PM >>> Subject: Re: [keycloak-user] Keycloak and registration workflow for REST API platform >>> >>> Hello Stian, here is what I am trying to do: >>> >>> 1. Create a self-service registration application, all users will use this >>> application to register with their own email or twitter/facebook/google acct >>> email. I will imagine I use the Keycloak login and use CSS to customize it >>> to integrate with my own application. >>> >>> 2. The user will be issued a key/access token, this key will be used later to >>> authorize the REST calls >>> >>> Now I want to support 3 kinds of authorization for the different REST calls: >>> >>> 1. API key only - for calls that just need to establish identity, but don't >>> need to authenticate or authorize. >>> 2. Authentication for more sensitive calls where I want to delegate >>> authorization to a trusted location (i.e. keycloak) >>> 3. Authorization for certain services where only authorized partners can >>> invoke. >>> >>> Can you outline how I can implement this in Keycloak, esp what part I have to >>> implement myself. I plan to use RestEasy to implement Restful services, but >>> I need to make sure the Restful services can be called by all clients (i.e. >>> support popular OAuth libraries). Thanks? >>> >>> Christina >>> >>> On Jul 9, 2014, at 4:15 AM, Stian Thorgersen wrote: >>> >>>> To answer your question properly I'd need more details about what you're >>>> trying to achieve. >>>> >>>> It does sound like we pretty much already have what you need, with the >>>> exception of letting users themselves create clients. Depending on your >>>> use case it may be a good idea to have a single realm (and share users) >>>> between all developers/applications, or it may be better to have a realm >>>> per developer/application. >>>> >>>> For the latter we do have a role that lets users create new realms, but not >>>> use any other realms. This could be used to let a developer register with >>>> your platform and then be able to login to the admin console to create >>>> clients, users, or whatever they want. For the first we have discussed in >>>> the past, but do not support it yet, the ability to let users register >>>> clients through the account management console. >>>> >>>> ----- Original Message ----- >>>>> From: "Christina Lau" >>>>> To: keycloak-user at lists.jboss.org >>>>> Sent: Tuesday, 8 July, 2014 4:34:57 PM >>>>> Subject: [keycloak-user] Keycloak and registration workflow for REST API >>>>> platform >>>>> >>>>> I am wondering if I can use Keycloak to implementation the registration >>>>> workflow for a REST API platform, similar to Twitter >>>>> (https://apps.twitter.com/) or Linkedln >>>>> (https://developer.linkedin.com/rest). >>>>> >>>>> I found some features like social login very applicable. However I am not >>>>> quite sure how I will model this in Keycloak. For example, will I have 1 >>>>> realm per user and each user that registers will have their own oauth >>>>> client >>>>> for their third party appl(s) that I need to grant access to similar to >>>>> the >>>>> Tutorial 3 demo? >>>>> >>>>> If this is feasible to implement, can you outline the steps involved in >>>>> this >>>>> use case. I am thinking I will need to build a lot of it using the REST >>>>> APIs >>>>> you provided. Thanks in advance for any help. >>>>> >>>>> Christina >>>>> _______________________________________________ >>>>> keycloak-user mailing list >>>>> keycloak-user at lists.jboss.org >>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>> >>> >>> > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From rodrigopsasaki at gmail.com Thu Jul 10 15:50:00 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Thu, 10 Jul 2014 16:50:00 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <53BBE4E1.1080405@kroehling.de> <1364847493.5591509.1404824140196.JavaMail.zimbra@redhat.com> Message-ID: Stian, how should I send the code that I made to the Keycloak repo? Can you tell me what module name to use, and where to create it? On Tue, Jul 8, 2014 at 10:00 AM, Rodrigo Sasaki wrote: > I would really like to do that :) All I'm waiting for is an OK to do it, > because it was built inside the company, so I need approval. > > But I really believe it'll get a lot better when it's out there, and you > can all pitch in > > > On Tue, Jul 8, 2014 at 9:55 AM, Stian Thorgersen wrote: > >> Ideal way to contribute it to Keycloak would be if you fork the Keycloak >> repo, add a module and do a PR ;) >> >> ----- Original Message ----- >> > From: "Rodrigo Sasaki" >> > To: "Juraci Paix?o Kr?hling" >> > Cc: keycloak-user at lists.jboss.org >> > Sent: Tuesday, 8 July, 2014 1:50:14 PM >> > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper >> > >> > Oh yes, I believe it is already very usable. >> > >> > All I need now is to get my manager to agree to make this repo public, >> > because there is a policy that all repos are private in this project >> we're >> > working in, but I don't think we'll have problems with this. I pitched >> him >> > the idea of contributing to Keycloak and he seemed to like it >> > >> > >> > On Tue, Jul 8, 2014 at 9:32 AM, Juraci Paix?o Kr?hling < >> juraci at kroehling.de >> > > wrote: >> > >> > >> > -----BEGIN PGP SIGNED MESSAGE----- >> > Hash: SHA512 >> > >> > Hello Rodrigo, >> > >> > Do you have news about this? I'm working on a task that would require >> > me to do something similar, so, I think it would best if we can >> > collaborate on this API :-) >> > >> > If/when you have some time, we could have a chat via IRC (jpkroehling >> > at #keycloak on freenode). >> > >> > - - Juca. >> > >> > On 06/20/2014 10:00 PM, Rodrigo Sasaki wrote: >> > > I'm working on a Java-based wrapper for the REST API, to make it >> > > look more OO, abstracting the access to servers. >> > > >> > > It uses methods such as >> > > >> > > User bill = realm.getUser("bburke") List roles >> > > = bill.getApplicationRoleMappings("customer-portal"); >> > > >> > > It's still in it's early stages, but if you find it interesting, >> > > I'd be happy to create a repo for other Java users to use it, and >> > > adapt it based on suggestions aswell. >> > >> > -----BEGIN PGP SIGNATURE----- >> > Version: GnuPG v2 >> > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >> > >> > iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d >> > snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA >> > X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z >> > 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 >> > srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp >> > iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= >> > =3O4p >> > -----END PGP SIGNATURE----- >> > _______________________________________________ >> > keycloak-user mailing list >> > keycloak-user at lists.jboss.org >> > https://lists.jboss.org/mailman/listinfo/keycloak-user >> > >> > >> > >> > -- >> > Rodrigo Sasaki >> > >> > _______________________________________________ >> > keycloak-user mailing list >> > keycloak-user at lists.jboss.org >> > https://lists.jboss.org/mailman/listinfo/keycloak-user >> > > > > -- > Rodrigo Sasaki > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140710/e0778178/attachment.html From stian at redhat.com Fri Jul 11 03:13:28 2014 From: stian at redhat.com (Stian Thorgersen) Date: Fri, 11 Jul 2014 03:13:28 -0400 (EDT) Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <53BBE4E1.1080405@kroehling.de> <1364847493.5591509.1404824140196.JavaMail.zimbra@redhat.com> Message-ID: <1122713242.8013355.1405062808152.JavaMail.zimbra@redhat.com> You can create a new module for it in: integration/admin-client ----- Original Message ----- > From: "Rodrigo Sasaki" > To: "Stian Thorgersen" > Cc: "Juraci Paix?o Kr?hling" , keycloak-user at lists.jboss.org > Sent: Thursday, 10 July, 2014 8:50:00 PM > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > Stian, how should I send the code that I made to the Keycloak repo? > > Can you tell me what module name to use, and where to create it? > > > On Tue, Jul 8, 2014 at 10:00 AM, Rodrigo Sasaki > wrote: > > > I would really like to do that :) All I'm waiting for is an OK to do it, > > because it was built inside the company, so I need approval. > > > > But I really believe it'll get a lot better when it's out there, and you > > can all pitch in > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, Stian Thorgersen wrote: > > > >> Ideal way to contribute it to Keycloak would be if you fork the Keycloak > >> repo, add a module and do a PR ;) > >> > >> ----- Original Message ----- > >> > From: "Rodrigo Sasaki" > >> > To: "Juraci Paix?o Kr?hling" > >> > Cc: keycloak-user at lists.jboss.org > >> > Sent: Tuesday, 8 July, 2014 1:50:14 PM > >> > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > >> > > >> > Oh yes, I believe it is already very usable. > >> > > >> > All I need now is to get my manager to agree to make this repo public, > >> > because there is a policy that all repos are private in this project > >> we're > >> > working in, but I don't think we'll have problems with this. I pitched > >> him > >> > the idea of contributing to Keycloak and he seemed to like it > >> > > >> > > >> > On Tue, Jul 8, 2014 at 9:32 AM, Juraci Paix?o Kr?hling < > >> juraci at kroehling.de > >> > > wrote: > >> > > >> > > >> > -----BEGIN PGP SIGNED MESSAGE----- > >> > Hash: SHA512 > >> > > >> > Hello Rodrigo, > >> > > >> > Do you have news about this? I'm working on a task that would require > >> > me to do something similar, so, I think it would best if we can > >> > collaborate on this API :-) > >> > > >> > If/when you have some time, we could have a chat via IRC (jpkroehling > >> > at #keycloak on freenode). > >> > > >> > - - Juca. > >> > > >> > On 06/20/2014 10:00 PM, Rodrigo Sasaki wrote: > >> > > I'm working on a Java-based wrapper for the REST API, to make it > >> > > look more OO, abstracting the access to servers. > >> > > > >> > > It uses methods such as > >> > > > >> > > User bill = realm.getUser("bburke") List roles > >> > > = bill.getApplicationRoleMappings("customer-portal"); > >> > > > >> > > It's still in it's early stages, but if you find it interesting, > >> > > I'd be happy to create a repo for other Java users to use it, and > >> > > adapt it based on suggestions aswell. > >> > > >> > -----BEGIN PGP SIGNATURE----- > >> > Version: GnuPG v2 > >> > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > >> > > >> > iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d > >> > snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA > >> > X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z > >> > 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > >> > srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp > >> > iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= > >> > =3O4p > >> > -----END PGP SIGNATURE----- > >> > _______________________________________________ > >> > keycloak-user mailing list > >> > keycloak-user at lists.jboss.org > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > >> > > >> > > >> > > >> > -- > >> > Rodrigo Sasaki > >> > > >> > _______________________________________________ > >> > keycloak-user mailing list > >> > keycloak-user at lists.jboss.org > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > >> > > > > > > > > -- > > Rodrigo Sasaki > > > > > > -- > Rodrigo Sasaki > From rodrigopsasaki at gmail.com Fri Jul 11 08:51:41 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Fri, 11 Jul 2014 09:51:41 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: <1122713242.8013355.1405062808152.JavaMail.zimbra@redhat.com> References: <53BBE4E1.1080405@kroehling.de> <1364847493.5591509.1404824140196.JavaMail.zimbra@redhat.com> <1122713242.8013355.1405062808152.JavaMail.zimbra@redhat.com> Message-ID: Just one more question, I created it with my companies' name in the package, should I replace it? Or just upload it as is? It's br.com.icarros.keycloak.api On Fri, Jul 11, 2014 at 4:13 AM, Stian Thorgersen wrote: > You can create a new module for it in: > > integration/admin-client > > ----- Original Message ----- > > From: "Rodrigo Sasaki" > > To: "Stian Thorgersen" > > Cc: "Juraci Paix?o Kr?hling" , > keycloak-user at lists.jboss.org > > Sent: Thursday, 10 July, 2014 8:50:00 PM > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > Stian, how should I send the code that I made to the Keycloak repo? > > > > Can you tell me what module name to use, and where to create it? > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, Rodrigo Sasaki < > rodrigopsasaki at gmail.com> > > wrote: > > > > > I would really like to do that :) All I'm waiting for is an OK to do > it, > > > because it was built inside the company, so I need approval. > > > > > > But I really believe it'll get a lot better when it's out there, and > you > > > can all pitch in > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, Stian Thorgersen > wrote: > > > > > >> Ideal way to contribute it to Keycloak would be if you fork the > Keycloak > > >> repo, add a module and do a PR ;) > > >> > > >> ----- Original Message ----- > > >> > From: "Rodrigo Sasaki" > > >> > To: "Juraci Paix?o Kr?hling" > > >> > Cc: keycloak-user at lists.jboss.org > > >> > Sent: Tuesday, 8 July, 2014 1:50:14 PM > > >> > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > >> > > > >> > Oh yes, I believe it is already very usable. > > >> > > > >> > All I need now is to get my manager to agree to make this repo > public, > > >> > because there is a policy that all repos are private in this project > > >> we're > > >> > working in, but I don't think we'll have problems with this. I > pitched > > >> him > > >> > the idea of contributing to Keycloak and he seemed to like it > > >> > > > >> > > > >> > On Tue, Jul 8, 2014 at 9:32 AM, Juraci Paix?o Kr?hling < > > >> juraci at kroehling.de > > >> > > wrote: > > >> > > > >> > > > >> > -----BEGIN PGP SIGNED MESSAGE----- > > >> > Hash: SHA512 > > >> > > > >> > Hello Rodrigo, > > >> > > > >> > Do you have news about this? I'm working on a task that would > require > > >> > me to do something similar, so, I think it would best if we can > > >> > collaborate on this API :-) > > >> > > > >> > If/when you have some time, we could have a chat via IRC > (jpkroehling > > >> > at #keycloak on freenode). > > >> > > > >> > - - Juca. > > >> > > > >> > On 06/20/2014 10:00 PM, Rodrigo Sasaki wrote: > > >> > > I'm working on a Java-based wrapper for the REST API, to make it > > >> > > look more OO, abstracting the access to servers. > > >> > > > > >> > > It uses methods such as > > >> > > > > >> > > User bill = realm.getUser("bburke") List roles > > >> > > = bill.getApplicationRoleMappings("customer-portal"); > > >> > > > > >> > > It's still in it's early stages, but if you find it interesting, > > >> > > I'd be happy to create a repo for other Java users to use it, and > > >> > > adapt it based on suggestions aswell. > > >> > > > >> > -----BEGIN PGP SIGNATURE----- > > >> > Version: GnuPG v2 > > >> > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > >> > > > >> > iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d > > >> > snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA > > >> > X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z > > >> > 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > > >> > srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp > > >> > iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= > > >> > =3O4p > > >> > -----END PGP SIGNATURE----- > > >> > _______________________________________________ > > >> > keycloak-user mailing list > > >> > keycloak-user at lists.jboss.org > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > >> > > > >> > > > >> > > > >> > -- > > >> > Rodrigo Sasaki > > >> > > > >> > _______________________________________________ > > >> > keycloak-user mailing list > > >> > keycloak-user at lists.jboss.org > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > >> > > > > > > > > > > > > -- > > > Rodrigo Sasaki > > > > > > > > > > > -- > > Rodrigo Sasaki > > > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140711/ea948358/attachment.html From stian at redhat.com Fri Jul 11 08:56:25 2014 From: stian at redhat.com (Stian Thorgersen) Date: Fri, 11 Jul 2014 08:56:25 -0400 (EDT) Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <53BBE4E1.1080405@kroehling.de> <1364847493.5591509.1404824140196.JavaMail.zimbra@redhat.com> <1122713242.8013355.1405062808152.JavaMail.zimbra@redhat.com> Message-ID: <2008246421.8198022.1405083385278.JavaMail.zimbra@redhat.com> Please change package names to 'org.keycloak.admin.client' ----- Original Message ----- > From: "Rodrigo Sasaki" > To: "Stian Thorgersen" > Cc: "Juraci Paix?o Kr?hling" , keycloak-user at lists.jboss.org > Sent: Friday, 11 July, 2014 1:51:41 PM > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > Just one more question, I created it with my companies' name in the > package, should I replace it? Or just upload it as is? > > It's br.com.icarros.keycloak.api > > > > > On Fri, Jul 11, 2014 at 4:13 AM, Stian Thorgersen wrote: > > > You can create a new module for it in: > > > > integration/admin-client > > > > ----- Original Message ----- > > > From: "Rodrigo Sasaki" > > > To: "Stian Thorgersen" > > > Cc: "Juraci Paix?o Kr?hling" , > > keycloak-user at lists.jboss.org > > > Sent: Thursday, 10 July, 2014 8:50:00 PM > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > Stian, how should I send the code that I made to the Keycloak repo? > > > > > > Can you tell me what module name to use, and where to create it? > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, Rodrigo Sasaki < > > rodrigopsasaki at gmail.com> > > > wrote: > > > > > > > I would really like to do that :) All I'm waiting for is an OK to do > > it, > > > > because it was built inside the company, so I need approval. > > > > > > > > But I really believe it'll get a lot better when it's out there, and > > you > > > > can all pitch in > > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, Stian Thorgersen > > wrote: > > > > > > > >> Ideal way to contribute it to Keycloak would be if you fork the > > Keycloak > > > >> repo, add a module and do a PR ;) > > > >> > > > >> ----- Original Message ----- > > > >> > From: "Rodrigo Sasaki" > > > >> > To: "Juraci Paix?o Kr?hling" > > > >> > Cc: keycloak-user at lists.jboss.org > > > >> > Sent: Tuesday, 8 July, 2014 1:50:14 PM > > > >> > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > >> > > > > >> > Oh yes, I believe it is already very usable. > > > >> > > > > >> > All I need now is to get my manager to agree to make this repo > > public, > > > >> > because there is a policy that all repos are private in this project > > > >> we're > > > >> > working in, but I don't think we'll have problems with this. I > > pitched > > > >> him > > > >> > the idea of contributing to Keycloak and he seemed to like it > > > >> > > > > >> > > > > >> > On Tue, Jul 8, 2014 at 9:32 AM, Juraci Paix?o Kr?hling < > > > >> juraci at kroehling.de > > > >> > > wrote: > > > >> > > > > >> > > > > >> > -----BEGIN PGP SIGNED MESSAGE----- > > > >> > Hash: SHA512 > > > >> > > > > >> > Hello Rodrigo, > > > >> > > > > >> > Do you have news about this? I'm working on a task that would > > require > > > >> > me to do something similar, so, I think it would best if we can > > > >> > collaborate on this API :-) > > > >> > > > > >> > If/when you have some time, we could have a chat via IRC > > (jpkroehling > > > >> > at #keycloak on freenode). > > > >> > > > > >> > - - Juca. > > > >> > > > > >> > On 06/20/2014 10:00 PM, Rodrigo Sasaki wrote: > > > >> > > I'm working on a Java-based wrapper for the REST API, to make it > > > >> > > look more OO, abstracting the access to servers. > > > >> > > > > > >> > > It uses methods such as > > > >> > > > > > >> > > User bill = realm.getUser("bburke") List roles > > > >> > > = bill.getApplicationRoleMappings("customer-portal"); > > > >> > > > > > >> > > It's still in it's early stages, but if you find it interesting, > > > >> > > I'd be happy to create a repo for other Java users to use it, and > > > >> > > adapt it based on suggestions aswell. > > > >> > > > > >> > -----BEGIN PGP SIGNATURE----- > > > >> > Version: GnuPG v2 > > > >> > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > > >> > > > > >> > iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d > > > >> > snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA > > > >> > X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z > > > >> > 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > > > >> > srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp > > > >> > iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= > > > >> > =3O4p > > > >> > -----END PGP SIGNATURE----- > > > >> > _______________________________________________ > > > >> > keycloak-user mailing list > > > >> > keycloak-user at lists.jboss.org > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > >> > > > > >> > > > > >> > > > > >> > -- > > > >> > Rodrigo Sasaki > > > >> > > > > >> > _______________________________________________ > > > >> > keycloak-user mailing list > > > >> > keycloak-user at lists.jboss.org > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > >> > > > > > > > > > > > > > > > > -- > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > -- > > > Rodrigo Sasaki > > > > > > > > > -- > Rodrigo Sasaki > From christinalau28 at icloud.com Fri Jul 11 10:59:59 2014 From: christinalau28 at icloud.com (Christina Lau) Date: Fri, 11 Jul 2014 10:59:59 -0400 Subject: [keycloak-user] Keycloak and registration workflow for REST API platform Message-ID: <37615079-E4BF-4C55-9907-B70FBCA8D1DE@icloud.com> Hi Bill, thx for the insight on RestEasy oauth2 history. But what about the integration of RestEasy with Keycloak then? I feel that there are still a lot of things that is up to me to figure out (i.e. try and error), and I will rather just have an example to copy from so that I can focus on my core development. From rodrigopsasaki at gmail.com Fri Jul 11 13:43:56 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Fri, 11 Jul 2014 14:43:56 -0300 Subject: [keycloak-user] Duplicate user when logging in with social link Message-ID: I created a keycloak user, and then I created social links for it on facebook and google, on the account manager at /auth/realms/{realm}/account After that I tried logging in with the user via the social link (google), and it logged in but had no roles associated with it. When I looked into it, I saw that another user was created, and I wasn't logged in with the user I wanted. I have now 2 users with the same social link. When I try to login again with the social link, I get this exception: java.lang.IllegalStateException: More results found for socialProvider=google, socialUserId=108513709823832858822, results=[org.keycloak.models.jpa.entities.UserEntity at 2a8bbbe, org.keycloak.models.jpa.entities.UserEntity at 13bdb84f] I am using the beta-2 version here, is this a known problem? -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140711/1f01ff11/attachment.html From rodrigopsasaki at gmail.com Fri Jul 11 15:46:31 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Fri, 11 Jul 2014 16:46:31 -0300 Subject: [keycloak-user] Duplicate user when logging in with social link In-Reply-To: References: Message-ID: I apologize, please disconsider the previous email, it was an error caused by us here, nothing regarding keycloak On Fri, Jul 11, 2014 at 2:43 PM, Rodrigo Sasaki wrote: > I created a keycloak user, and then I created social links for it on > facebook and google, on the account manager at /auth/realms/{realm}/account > > After that I tried logging in with the user via the social link (google), > and it logged in but had no roles associated with it. > > When I looked into it, I saw that another user was created, and I wasn't > logged in with the user I wanted. I have now 2 users with the same social > link. > > When I try to login again with the social link, I get this exception: > > java.lang.IllegalStateException: More results found for > socialProvider=google, socialUserId=108513709823832858822, > results=[org.keycloak.models.jpa.entities.UserEntity at 2a8bbbe, > org.keycloak.models.jpa.entities.UserEntity at 13bdb84f] > > I am using the beta-2 version here, is this a known problem? > > -- > Rodrigo Sasaki > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140711/73cb7b60/attachment-0001.html From bburke at redhat.com Fri Jul 11 15:47:47 2014 From: bburke at redhat.com (Bill Burke) Date: Fri, 11 Jul 2014 15:47:47 -0400 Subject: [keycloak-user] Duplicate user when logging in with social link In-Reply-To: References: Message-ID: <53C03F63.8080208@redhat.com> My favorite kinds of bugs! :) On 7/11/2014 3:46 PM, Rodrigo Sasaki wrote: > I apologize, please disconsider the previous email, it was an error > caused by us here, nothing regarding keycloak > > > On Fri, Jul 11, 2014 at 2:43 PM, Rodrigo Sasaki > > wrote: > > I created a keycloak user, and then I created social links for it on > facebook and google, on the account manager at > /auth/realms/{realm}/account > > After that I tried logging in with the user via the social link > (google), and it logged in but had no roles associated with it. > > When I looked into it, I saw that another user was created, and I > wasn't logged in with the user I wanted. I have now 2 users with the > same social link. > > When I try to login again with the social link, I get this exception: > > java.lang.IllegalStateException: More results found for > socialProvider=google, socialUserId=108513709823832858822, > results=[org.keycloak.models.jpa.entities.UserEntity at 2a8bbbe, > org.keycloak.models.jpa.entities.UserEntity at 13bdb84f] > > I am using the beta-2 version here, is this a known problem? > > -- > Rodrigo Sasaki > > > > > -- > Rodrigo Sasaki > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From stian at redhat.com Mon Jul 14 07:10:55 2014 From: stian at redhat.com (Stian Thorgersen) Date: Mon, 14 Jul 2014 07:10:55 -0400 (EDT) Subject: [keycloak-user] Bower for keycloak.js In-Reply-To: References: <1351976998.31398570.1403512840666.JavaMail.zimbra@redhat.com> <1190102066.2999055.1404392919878.JavaMail.zimbra@redhat.com> Message-ID: <992945221.9491639.1405336255468.JavaMail.zimbra@redhat.com> Have you contacted the Bower guys to get this changed yet? By the way we're going to stick with the same versioning that we use for Keycloak except we'll remove -final from the final release. So versions would be: 1.0-beta4 1.0-rc1 1.0 That should mean that versions such as ">=1.0" will work, and will only use stable versions, while if someone wants to use a beta or rc they can explicitly specify the version. ----- Original Message ----- > From: "Josh" > To: "Stian Thorgersen" > Cc: keycloak-user at lists.jboss.org > Sent: Thursday, 3 July, 2014 4:46:09 PM > Subject: Re: [keycloak-user] Bower for keycloak.js > > I do think there is a problem using that version format, I think I tried it > originally and bower was having none of it. This could be because they use > version for auto upgrade purposes, where one can use a "~" character to > prefix the version to allow upgrades in version minors in the bower.json > file. > > eg. > "dependencies": { > "keycloak": "~0.3.12" > }, > > > I have to admit I've been pulled to the dark side a little bit, it do enjoy > npm / bower for doing javascript type build processes (sometimes a > necessary evil). I was never a a fan of 'grunt' but found that 'gulp' is > much better. I have a hybrid build process in my java apps where I > sometimes break out of maven to execute some gulp build processes. > > But I understand for project like keycloak 'npm / gulp' adds a lot of > complexity to build process and is not desirable. > > I'll talk to the bower guys to get keycloak switched over to your fork :D > > > > On Thu, Jul 3, 2014 at 7:08 AM, Stian Thorgersen wrote: > > > I've pulled in your stuff to https://github.com/keycloak/keycloak-js-bower > > > > I'd prefer the versions to match with Keycloak versions (1.0-beta-2, > > 1.0-beta-3, 1.0-final). Do you know if that'll be a problem? > > > > Also, I'm going to add minification of keycloak.js to our Maven build. > > We'll need it there as well + we're mainly Java/Maven guys ;) > > > > ----- Original Message ----- > > > From: "Josh" > > > To: "Stian Thorgersen" > > > Cc: keycloak-user at lists.jboss.org > > > Sent: Monday, 23 June, 2014 10:38:44 PM > > > Subject: Re: [keycloak-user] Bower for keycloak.js > > > > > > Looks like it's a manual process at the moment to get registry moved to a > > > different github endpont. Let me know when you have the project setup > > and > > > I'll contact the bower guys. > > > > > > - Josh > > > > > > > > > On Mon, Jun 23, 2014 at 12:56 PM, Josh wrote: > > > > > > > You bet, I actually had the thought that it would be better as part of > > the > > > > release cycle. I'll have to figure out how to transfer bower > > repositories > > > > because there was no login required to register a bower repo and > > currently > > > > I have taken "keycloak" which would be optimal for the project. > > > > > > > > > > > > On Mon, Jun 23, 2014 at 2:40 AM, Stian Thorgersen > > > > wrote: > > > > > > > >> Hi Josh, > > > >> > > > >> That's great - thanks for contributing this. I would like to transfer > > > >> this to https://github.com/keycloak though, I hope your happy with > > that. > > > >> > > > >> Thanks, > > > >> Stian > > > >> > > > >> ----- Original Message ----- > > > >> > From: "Josh" > > > >> > To: keycloak-user at lists.jboss.org > > > >> > Sent: Friday, 20 June, 2014 6:30:02 PM > > > >> > Subject: [keycloak-user] Bower for keycloak.js > > > >> > > > > >> > Hi guys, > > > >> > > > > >> > I have created a little github project to make keycloak.js > > available to > > > >> bower > > > >> > package manager . > > > >> > > > > >> > Project here: > > > >> > https://github.com/smysnk/keycloak-adapter-bower > > > >> > > > > >> > Usage: > > > >> > $ bower install keycloak > > > >> > > > > >> > - Josh > > > >> > > > > >> > > > > >> > _______________________________________________ > > > >> > keycloak-user mailing list > > > >> > keycloak-user at lists.jboss.org > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > >> > > > > > > > > > > > > > > From rodrigopsasaki at gmail.com Mon Jul 14 09:40:17 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Mon, 14 Jul 2014 10:40:17 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: <2008246421.8198022.1405083385278.JavaMail.zimbra@redhat.com> References: <53BBE4E1.1080405@kroehling.de> <1364847493.5591509.1404824140196.JavaMail.zimbra@redhat.com> <1122713242.8013355.1405062808152.JavaMail.zimbra@redhat.com> <2008246421.8198022.1405083385278.JavaMail.zimbra@redhat.com> Message-ID: PR submitted :) On Fri, Jul 11, 2014 at 9:56 AM, Stian Thorgersen wrote: > Please change package names to 'org.keycloak.admin.client' > > ----- Original Message ----- > > From: "Rodrigo Sasaki" > > To: "Stian Thorgersen" > > Cc: "Juraci Paix?o Kr?hling" , > keycloak-user at lists.jboss.org > > Sent: Friday, 11 July, 2014 1:51:41 PM > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > Just one more question, I created it with my companies' name in the > > package, should I replace it? Or just upload it as is? > > > > It's br.com.icarros.keycloak.api > > > > > > > > > > On Fri, Jul 11, 2014 at 4:13 AM, Stian Thorgersen > wrote: > > > > > You can create a new module for it in: > > > > > > integration/admin-client > > > > > > ----- Original Message ----- > > > > From: "Rodrigo Sasaki" > > > > To: "Stian Thorgersen" > > > > Cc: "Juraci Paix?o Kr?hling" , > > > keycloak-user at lists.jboss.org > > > > Sent: Thursday, 10 July, 2014 8:50:00 PM > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > Stian, how should I send the code that I made to the Keycloak repo? > > > > > > > > Can you tell me what module name to use, and where to create it? > > > > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, Rodrigo Sasaki < > > > rodrigopsasaki at gmail.com> > > > > wrote: > > > > > > > > > I would really like to do that :) All I'm waiting for is an OK to > do > > > it, > > > > > because it was built inside the company, so I need approval. > > > > > > > > > > But I really believe it'll get a lot better when it's out there, > and > > > you > > > > > can all pitch in > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, Stian Thorgersen > > > > wrote: > > > > > > > > > >> Ideal way to contribute it to Keycloak would be if you fork the > > > Keycloak > > > > >> repo, add a module and do a PR ;) > > > > >> > > > > >> ----- Original Message ----- > > > > >> > From: "Rodrigo Sasaki" > > > > >> > To: "Juraci Paix?o Kr?hling" > > > > >> > Cc: keycloak-user at lists.jboss.org > > > > >> > Sent: Tuesday, 8 July, 2014 1:50:14 PM > > > > >> > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > >> > > > > > >> > Oh yes, I believe it is already very usable. > > > > >> > > > > > >> > All I need now is to get my manager to agree to make this repo > > > public, > > > > >> > because there is a policy that all repos are private in this > project > > > > >> we're > > > > >> > working in, but I don't think we'll have problems with this. I > > > pitched > > > > >> him > > > > >> > the idea of contributing to Keycloak and he seemed to like it > > > > >> > > > > > >> > > > > > >> > On Tue, Jul 8, 2014 at 9:32 AM, Juraci Paix?o Kr?hling < > > > > >> juraci at kroehling.de > > > > >> > > wrote: > > > > >> > > > > > >> > > > > > >> > -----BEGIN PGP SIGNED MESSAGE----- > > > > >> > Hash: SHA512 > > > > >> > > > > > >> > Hello Rodrigo, > > > > >> > > > > > >> > Do you have news about this? I'm working on a task that would > > > require > > > > >> > me to do something similar, so, I think it would best if we can > > > > >> > collaborate on this API :-) > > > > >> > > > > > >> > If/when you have some time, we could have a chat via IRC > > > (jpkroehling > > > > >> > at #keycloak on freenode). > > > > >> > > > > > >> > - - Juca. > > > > >> > > > > > >> > On 06/20/2014 10:00 PM, Rodrigo Sasaki wrote: > > > > >> > > I'm working on a Java-based wrapper for the REST API, to make > it > > > > >> > > look more OO, abstracting the access to servers. > > > > >> > > > > > > >> > > It uses methods such as > > > > >> > > > > > > >> > > User bill = realm.getUser("bburke") List > roles > > > > >> > > = bill.getApplicationRoleMappings("customer-portal"); > > > > >> > > > > > > >> > > It's still in it's early stages, but if you find it > interesting, > > > > >> > > I'd be happy to create a repo for other Java users to use it, > and > > > > >> > > adapt it based on suggestions aswell. > > > > >> > > > > > >> > -----BEGIN PGP SIGNATURE----- > > > > >> > Version: GnuPG v2 > > > > >> > Comment: Using GnuPG with Thunderbird - > http://www.enigmail.net/ > > > > >> > > > > > >> > iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d > > > > >> > snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA > > > > >> > X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z > > > > >> > 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > > > > >> > srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp > > > > >> > iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= > > > > >> > =3O4p > > > > >> > -----END PGP SIGNATURE----- > > > > >> > _______________________________________________ > > > > >> > keycloak-user mailing list > > > > >> > keycloak-user at lists.jboss.org > > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > >> > > > > > >> > > > > > >> > > > > > >> > -- > > > > >> > Rodrigo Sasaki > > > > >> > > > > > >> > _______________________________________________ > > > > >> > keycloak-user mailing list > > > > >> > keycloak-user at lists.jboss.org > > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > >> > > > > > > > > > > > > > > > > > > > > -- > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > -- > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > -- > > Rodrigo Sasaki > > > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140714/f97a307c/attachment.html From stian at redhat.com Mon Jul 14 09:43:37 2014 From: stian at redhat.com (Stian Thorgersen) Date: Mon, 14 Jul 2014 09:43:37 -0400 (EDT) Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <1364847493.5591509.1404824140196.JavaMail.zimbra@redhat.com> <1122713242.8013355.1405062808152.JavaMail.zimbra@redhat.com> <2008246421.8198022.1405083385278.JavaMail.zimbra@redhat.com> Message-ID: <1494828793.9646510.1405345417189.JavaMail.zimbra@redhat.com> Great stuff, I'll have a look at it soon. At first glance it looks really good! Thanks :) ----- Original Message ----- > From: "Rodrigo Sasaki" > To: "Stian Thorgersen" > Cc: "Juraci Paix?o Kr?hling" , keycloak-user at lists.jboss.org > Sent: Monday, 14 July, 2014 2:40:17 PM > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > PR submitted :) > > > On Fri, Jul 11, 2014 at 9:56 AM, Stian Thorgersen wrote: > > > Please change package names to 'org.keycloak.admin.client' > > > > ----- Original Message ----- > > > From: "Rodrigo Sasaki" > > > To: "Stian Thorgersen" > > > Cc: "Juraci Paix?o Kr?hling" , > > keycloak-user at lists.jboss.org > > > Sent: Friday, 11 July, 2014 1:51:41 PM > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > Just one more question, I created it with my companies' name in the > > > package, should I replace it? Or just upload it as is? > > > > > > It's br.com.icarros.keycloak.api > > > > > > > > > > > > > > > On Fri, Jul 11, 2014 at 4:13 AM, Stian Thorgersen > > wrote: > > > > > > > You can create a new module for it in: > > > > > > > > integration/admin-client > > > > > > > > ----- Original Message ----- > > > > > From: "Rodrigo Sasaki" > > > > > To: "Stian Thorgersen" > > > > > Cc: "Juraci Paix?o Kr?hling" , > > > > keycloak-user at lists.jboss.org > > > > > Sent: Thursday, 10 July, 2014 8:50:00 PM > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > Stian, how should I send the code that I made to the Keycloak repo? > > > > > > > > > > Can you tell me what module name to use, and where to create it? > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, Rodrigo Sasaki < > > > > rodrigopsasaki at gmail.com> > > > > > wrote: > > > > > > > > > > > I would really like to do that :) All I'm waiting for is an OK to > > do > > > > it, > > > > > > because it was built inside the company, so I need approval. > > > > > > > > > > > > But I really believe it'll get a lot better when it's out there, > > and > > > > you > > > > > > can all pitch in > > > > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, Stian Thorgersen > > > > > > wrote: > > > > > > > > > > > >> Ideal way to contribute it to Keycloak would be if you fork the > > > > Keycloak > > > > > >> repo, add a module and do a PR ;) > > > > > >> > > > > > >> ----- Original Message ----- > > > > > >> > From: "Rodrigo Sasaki" > > > > > >> > To: "Juraci Paix?o Kr?hling" > > > > > >> > Cc: keycloak-user at lists.jboss.org > > > > > >> > Sent: Tuesday, 8 July, 2014 1:50:14 PM > > > > > >> > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > >> > > > > > > >> > Oh yes, I believe it is already very usable. > > > > > >> > > > > > > >> > All I need now is to get my manager to agree to make this repo > > > > public, > > > > > >> > because there is a policy that all repos are private in this > > project > > > > > >> we're > > > > > >> > working in, but I don't think we'll have problems with this. I > > > > pitched > > > > > >> him > > > > > >> > the idea of contributing to Keycloak and he seemed to like it > > > > > >> > > > > > > >> > > > > > > >> > On Tue, Jul 8, 2014 at 9:32 AM, Juraci Paix?o Kr?hling < > > > > > >> juraci at kroehling.de > > > > > >> > > wrote: > > > > > >> > > > > > > >> > > > > > > >> > -----BEGIN PGP SIGNED MESSAGE----- > > > > > >> > Hash: SHA512 > > > > > >> > > > > > > >> > Hello Rodrigo, > > > > > >> > > > > > > >> > Do you have news about this? I'm working on a task that would > > > > require > > > > > >> > me to do something similar, so, I think it would best if we can > > > > > >> > collaborate on this API :-) > > > > > >> > > > > > > >> > If/when you have some time, we could have a chat via IRC > > > > (jpkroehling > > > > > >> > at #keycloak on freenode). > > > > > >> > > > > > > >> > - - Juca. > > > > > >> > > > > > > >> > On 06/20/2014 10:00 PM, Rodrigo Sasaki wrote: > > > > > >> > > I'm working on a Java-based wrapper for the REST API, to make > > it > > > > > >> > > look more OO, abstracting the access to servers. > > > > > >> > > > > > > > >> > > It uses methods such as > > > > > >> > > > > > > > >> > > User bill = realm.getUser("bburke") List > > roles > > > > > >> > > = bill.getApplicationRoleMappings("customer-portal"); > > > > > >> > > > > > > > >> > > It's still in it's early stages, but if you find it > > interesting, > > > > > >> > > I'd be happy to create a repo for other Java users to use it, > > and > > > > > >> > > adapt it based on suggestions aswell. > > > > > >> > > > > > > >> > -----BEGIN PGP SIGNATURE----- > > > > > >> > Version: GnuPG v2 > > > > > >> > Comment: Using GnuPG with Thunderbird - > > http://www.enigmail.net/ > > > > > >> > > > > > > >> > iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d > > > > > >> > snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA > > > > > >> > X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z > > > > > >> > 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > > > > > >> > srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp > > > > > >> > iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= > > > > > >> > =3O4p > > > > > >> > -----END PGP SIGNATURE----- > > > > > >> > _______________________________________________ > > > > > >> > keycloak-user mailing list > > > > > >> > keycloak-user at lists.jboss.org > > > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > -- > > > > > >> > Rodrigo Sasaki > > > > > >> > > > > > > >> > _______________________________________________ > > > > > >> > keycloak-user mailing list > > > > > >> > keycloak-user at lists.jboss.org > > > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > -- > > > Rodrigo Sasaki > > > > > > > > > -- > Rodrigo Sasaki > From rodrigopsasaki at gmail.com Mon Jul 14 09:44:48 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Mon, 14 Jul 2014 10:44:48 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: <1494828793.9646510.1405345417189.JavaMail.zimbra@redhat.com> References: <1364847493.5591509.1404824140196.JavaMail.zimbra@redhat.com> <1122713242.8013355.1405062808152.JavaMail.zimbra@redhat.com> <2008246421.8198022.1405083385278.JavaMail.zimbra@redhat.com> <1494828793.9646510.1405345417189.JavaMail.zimbra@redhat.com> Message-ID: Glad to hear it :) I'll be waiting on more replies and ideas to perhaps make it better. Thanks! :) On Mon, Jul 14, 2014 at 10:43 AM, Stian Thorgersen wrote: > Great stuff, I'll have a look at it soon. At first glance it looks really > good! > > Thanks :) > > ----- Original Message ----- > > From: "Rodrigo Sasaki" > > To: "Stian Thorgersen" > > Cc: "Juraci Paix?o Kr?hling" , > keycloak-user at lists.jboss.org > > Sent: Monday, 14 July, 2014 2:40:17 PM > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > PR submitted :) > > > > > > On Fri, Jul 11, 2014 at 9:56 AM, Stian Thorgersen > wrote: > > > > > Please change package names to 'org.keycloak.admin.client' > > > > > > ----- Original Message ----- > > > > From: "Rodrigo Sasaki" > > > > To: "Stian Thorgersen" > > > > Cc: "Juraci Paix?o Kr?hling" , > > > keycloak-user at lists.jboss.org > > > > Sent: Friday, 11 July, 2014 1:51:41 PM > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > Just one more question, I created it with my companies' name in the > > > > package, should I replace it? Or just upload it as is? > > > > > > > > It's br.com.icarros.keycloak.api > > > > > > > > > > > > > > > > > > > > On Fri, Jul 11, 2014 at 4:13 AM, Stian Thorgersen > > > wrote: > > > > > > > > > You can create a new module for it in: > > > > > > > > > > integration/admin-client > > > > > > > > > > ----- Original Message ----- > > > > > > From: "Rodrigo Sasaki" > > > > > > To: "Stian Thorgersen" > > > > > > Cc: "Juraci Paix?o Kr?hling" , > > > > > keycloak-user at lists.jboss.org > > > > > > Sent: Thursday, 10 July, 2014 8:50:00 PM > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > > > Stian, how should I send the code that I made to the Keycloak > repo? > > > > > > > > > > > > Can you tell me what module name to use, and where to create it? > > > > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, Rodrigo Sasaki < > > > > > rodrigopsasaki at gmail.com> > > > > > > wrote: > > > > > > > > > > > > > I would really like to do that :) All I'm waiting for is an OK > to > > > do > > > > > it, > > > > > > > because it was built inside the company, so I need approval. > > > > > > > > > > > > > > But I really believe it'll get a lot better when it's out > there, > > > and > > > > > you > > > > > > > can all pitch in > > > > > > > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, Stian Thorgersen < > stian at redhat.com > > > > > > > > > wrote: > > > > > > > > > > > > > >> Ideal way to contribute it to Keycloak would be if you fork > the > > > > > Keycloak > > > > > > >> repo, add a module and do a PR ;) > > > > > > >> > > > > > > >> ----- Original Message ----- > > > > > > >> > From: "Rodrigo Sasaki" > > > > > > >> > To: "Juraci Paix?o Kr?hling" > > > > > > >> > Cc: keycloak-user at lists.jboss.org > > > > > > >> > Sent: Tuesday, 8 July, 2014 1:50:14 PM > > > > > > >> > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > >> > > > > > > > >> > Oh yes, I believe it is already very usable. > > > > > > >> > > > > > > > >> > All I need now is to get my manager to agree to make this > repo > > > > > public, > > > > > > >> > because there is a policy that all repos are private in this > > > project > > > > > > >> we're > > > > > > >> > working in, but I don't think we'll have problems with > this. I > > > > > pitched > > > > > > >> him > > > > > > >> > the idea of contributing to Keycloak and he seemed to like > it > > > > > > >> > > > > > > > >> > > > > > > > >> > On Tue, Jul 8, 2014 at 9:32 AM, Juraci Paix?o Kr?hling < > > > > > > >> juraci at kroehling.de > > > > > > >> > > wrote: > > > > > > >> > > > > > > > >> > > > > > > > >> > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > >> > Hash: SHA512 > > > > > > >> > > > > > > > >> > Hello Rodrigo, > > > > > > >> > > > > > > > >> > Do you have news about this? I'm working on a task that > would > > > > > require > > > > > > >> > me to do something similar, so, I think it would best if we > can > > > > > > >> > collaborate on this API :-) > > > > > > >> > > > > > > > >> > If/when you have some time, we could have a chat via IRC > > > > > (jpkroehling > > > > > > >> > at #keycloak on freenode). > > > > > > >> > > > > > > > >> > - - Juca. > > > > > > >> > > > > > > > >> > On 06/20/2014 10:00 PM, Rodrigo Sasaki wrote: > > > > > > >> > > I'm working on a Java-based wrapper for the REST API, to > make > > > it > > > > > > >> > > look more OO, abstracting the access to servers. > > > > > > >> > > > > > > > > >> > > It uses methods such as > > > > > > >> > > > > > > > > >> > > User bill = realm.getUser("bburke") > List > > > roles > > > > > > >> > > = bill.getApplicationRoleMappings("customer-portal"); > > > > > > >> > > > > > > > > >> > > It's still in it's early stages, but if you find it > > > interesting, > > > > > > >> > > I'd be happy to create a repo for other Java users to use > it, > > > and > > > > > > >> > > adapt it based on suggestions aswell. > > > > > > >> > > > > > > > >> > -----BEGIN PGP SIGNATURE----- > > > > > > >> > Version: GnuPG v2 > > > > > > >> > Comment: Using GnuPG with Thunderbird - > > > http://www.enigmail.net/ > > > > > > >> > > > > > > > >> > > iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d > > > > > > >> > > snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA > > > > > > >> > > X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z > > > > > > >> > > 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > > > > > > >> > > srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp > > > > > > >> > > iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= > > > > > > >> > =3O4p > > > > > > >> > -----END PGP SIGNATURE----- > > > > > > >> > _______________________________________________ > > > > > > >> > keycloak-user mailing list > > > > > > >> > keycloak-user at lists.jboss.org > > > > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > >> > -- > > > > > > >> > Rodrigo Sasaki > > > > > > >> > > > > > > > >> > _______________________________________________ > > > > > > >> > keycloak-user mailing list > > > > > > >> > keycloak-user at lists.jboss.org > > > > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > -- > > Rodrigo Sasaki > > > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140714/52ea90b9/attachment.html From christinalau28 at icloud.com Mon Jul 14 15:08:08 2014 From: christinalau28 at icloud.com (Christina Lau) Date: Mon, 14 Jul 2014 15:08:08 -0400 Subject: [keycloak-user] Is it possible to use a non Keycloak client to call a Keycloak secured Rest services? Message-ID: <5AE33188-7FD0-4492-8BB6-0617EA9A136A@icloud.com> Hi, I finally got some basic code to work. I have a WAR file that contains RestEasy services, and I updated the web.xml and added keycloak.json to secure it. I then add a application similar to customer-app-cli to my KeyCloak realm. I am able to call my Rest services from this program. However this cli program needs to use Keycloakinstalled().getTokenString() in order to get the bearer token to add to the HTTP header. Is it possible to have different non-keycloak clients, i.e. is there a way for other clients to obtain this token string to add to the header, or is this a step that is required, i.e. the client app must be registered to the Keycloak server as well. I may be missing something obvious completely... Christina From bburke at redhat.com Mon Jul 14 15:14:12 2014 From: bburke at redhat.com (Bill Burke) Date: Mon, 14 Jul 2014 15:14:12 -0400 Subject: [keycloak-user] Is it possible to use a non Keycloak client to call a Keycloak secured Rest services? In-Reply-To: <5AE33188-7FD0-4492-8BB6-0617EA9A136A@icloud.com> References: <5AE33188-7FD0-4492-8BB6-0617EA9A136A@icloud.com> Message-ID: <53C42C04.2080500@redhat.com> Example is here: https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java On 7/14/2014 3:08 PM, Christina Lau wrote: > Hi, I finally got some basic code to work. I have a WAR file that contains RestEasy services, and I updated the web.xml and added keycloak.json to secure it. > > I then add a application similar to customer-app-cli to my KeyCloak realm. I am able to call my Rest services from this program. > > However this cli program needs to use Keycloakinstalled().getTokenString() in order to get the bearer token to add to the HTTP header. > > Is it possible to have different non-keycloak clients, i.e. is there a way for other clients to obtain this token string to add to the header, or is this a step that is required, i.e. the client app must be registered to the Keycloak server as well. > > I may be missing something obvious completely... > > Christina > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From christinalau28 at icloud.com Tue Jul 15 11:38:14 2014 From: christinalau28 at icloud.com (Christina Lau) Date: Tue, 15 Jul 2014 11:38:14 -0400 Subject: [keycloak-user] Is it possible to use a non Keycloak client to call a Keycloak secured Rest services? Message-ID: <18DB6E0E-180C-4C5F-9AB0-203FAA9C96CC@icloud.com> Thanks Bill, it works. However I noticed that it is using the admin-client as the OAuth client for granting access to all users in the same realm. i.e. after I created my own realm, I have to add admin-client to my own realm in order for this to work. New Question: Do you recommend we use admin-client as a generic OAuth client for getting the access token, or should each user have their own OAuth client app like what you show in Keycloak tutorial 3? I am not yet understanding their differences. Using admin-client OAuth client seems more straightforward without the extra grant page and without the need to create more OAuth clients. I just want to make sure that it is intended to be use this way for client making Restful service calls secured by Keycloak. The Keycloak notion still seems to be exposed a little bit, but it is not too bad. Thanks for your help. Christina From bburke at redhat.com Tue Jul 15 11:44:30 2014 From: bburke at redhat.com (Bill Burke) Date: Tue, 15 Jul 2014 11:44:30 -0400 Subject: [keycloak-user] Is it possible to use a non Keycloak client to call a Keycloak secured Rest services? In-Reply-To: <18DB6E0E-180C-4C5F-9AB0-203FAA9C96CC@icloud.com> References: <18DB6E0E-180C-4C5F-9AB0-203FAA9C96CC@icloud.com> Message-ID: <53C54C5E.9040206@redhat.com> using admin-client is fine. On 7/15/2014 11:38 AM, Christina Lau wrote: > Thanks Bill, it works. However I noticed that it is using the admin-client as the OAuth client for granting access to all users in the same realm. i.e. after I created my own realm, I have to add admin-client to my own realm in order for this to work. > > New Question: Do you recommend we use admin-client as a generic OAuth client for getting the access token, or should each user have their own OAuth client app like what you show in Keycloak tutorial 3? I am not yet understanding their differences. Using admin-client OAuth client seems more straightforward without the extra grant page and without the need to create more OAuth clients. I just want to make sure that it is intended to be use this way for client making Restful service calls secured by Keycloak. The Keycloak notion still seems to be exposed a little bit, but it is not too bad. > > Thanks for your help. > > Christina > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From christinalau28 at icloud.com Tue Jul 15 12:00:30 2014 From: christinalau28 at icloud.com (Christina Lau) Date: Tue, 15 Jul 2014 12:00:30 -0400 Subject: [keycloak-user] Is it possible to use a non Keycloak client to call a Keycloak secured Rest services? In-Reply-To: <53C54C5E.9040206@redhat.com> References: <18DB6E0E-180C-4C5F-9AB0-203FAA9C96CC@icloud.com> <53C54C5E.9040206@redhat.com> Message-ID: <641F6D8A-E374-442B-88AF-327BBF3C3B92@icloud.com> Ok great. Is it correct to map this admin-client approach to what is typically call 2-legged OAuth, and the tutorial 3 approach to 3-legged OAuth? On Jul 15, 2014, at 11:44 AM, Bill Burke wrote: > using admin-client is fine. > > On 7/15/2014 11:38 AM, Christina Lau wrote: >> Thanks Bill, it works. However I noticed that it is using the admin-client as the OAuth client for granting access to all users in the same realm. i.e. after I created my own realm, I have to add admin-client to my own realm in order for this to work. >> >> New Question: Do you recommend we use admin-client as a generic OAuth client for getting the access token, or should each user have their own OAuth client app like what you show in Keycloak tutorial 3? I am not yet understanding their differences. Using admin-client OAuth client seems more straightforward without the extra grant page and without the need to create more OAuth clients. I just want to make sure that it is intended to be use this way for client making Restful service calls secured by Keycloak. The Keycloak notion still seems to be exposed a little bit, but it is not too bad. >> >> Thanks for your help. >> >> Christina >> > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com From rodrigopsasaki at gmail.com Tue Jul 15 12:36:47 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Tue, 15 Jul 2014 13:36:47 -0300 Subject: [keycloak-user] Authenticate user without using login page Message-ID: Is there a way to authenticate the user without having to input username and password on the login page? For example: Say there's a situation in my application where I request the user for his username and password, and I wouldn't like to redirect that to the keycloak login page to authenticate him, would there be a way for me to do that? -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140715/56d908d8/attachment.html From bburke at redhat.com Tue Jul 15 13:19:44 2014 From: bburke at redhat.com (Bill Burke) Date: Tue, 15 Jul 2014 13:19:44 -0400 Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: References: Message-ID: <53C562B0.2010302@redhat.com> If you want to handle your own login pages, IMO, you are missing out on a lot of Keycloak features. Specifically: * SSO * forgot password * admin forced credential reset/setup Login pages can be styled however you like to look like your application. There is a REST api for obtaining an access token. Here is an example: https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: > Is there a way to authenticate the user without having to input username > and password on the login page? > > For example: > > Say there's a situation in my application where I request the user for > his username and password, and I wouldn't like to redirect that to the > keycloak login page to authenticate him, would there be a way for me to > do that? > > -- > Rodrigo Sasaki > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From rodrigopsasaki at gmail.com Tue Jul 15 13:35:16 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Tue, 15 Jul 2014 14:35:16 -0300 Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: <53C562B0.2010302@redhat.com> References: <53C562B0.2010302@redhat.com> Message-ID: I don't want to miss out on all of that, which is why we're mostly migrating everything to use keycloak that way. It's just that we have cases that are so specific, that it would be better to authenticate the user in a different manner, create the user session and everything, without redirecting. I'll have a look at that code. Thanks! On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke wrote: > If you want to handle your own login pages, IMO, you are missing out on > a lot of Keycloak features. Specifically: > > * SSO > * forgot password > * admin forced credential reset/setup > > > Login pages can be styled however you like to look like your application. > > There is a REST api for obtaining an access token. Here is an example: > > > https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java > > On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: > > Is there a way to authenticate the user without having to input username > > and password on the login page? > > > > For example: > > > > Say there's a situation in my application where I request the user for > > his username and password, and I wouldn't like to redirect that to the > > keycloak login page to authenticate him, would there be a way for me to > > do that? > > > > -- > > Rodrigo Sasaki > > > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140715/25d37dec/attachment.html From christinalau28 at icloud.com Tue Jul 15 14:47:12 2014 From: christinalau28 at icloud.com (Christina Lau) Date: Tue, 15 Jul 2014 14:47:12 -0400 Subject: [keycloak-user] Is it possible to use a non Keycloak client to call a Keycloak secured Rest services? Message-ID: Hi Biil, although I can get the token, when I use it to call the same Rest service, I am getting 403 instead. I also noticed the token string value is not the same as the one that is obtained from key cloak.getTokenString() but I am not sure if they are supposed to be the same or not. Any suggestion what I may be missing now? Thx. Christina From christinalau28 at icloud.com Tue Jul 15 15:15:38 2014 From: christinalau28 at icloud.com (Christina Lau) Date: Tue, 15 Jul 2014 15:15:38 -0400 Subject: [keycloak-user] Is it possible to use a non Keycloak client to call a Keycloak secured Rest services? Message-ID: <43F5D8B3-D5FC-4679-846B-FD4ADADF2E1F@icloud.com> Hi Bill, further to last comment, i.e. although I can get the token, when I use it to call the same Rest service, I am getting 403 instead. I don?t know if this helps or not, but I have also noticed that the console produced different output: Using non-keycloak client (Did not work - get 403) 15:05:28,228 INFO [org.keycloak.services.resources.TokenService] (default task-1) no authorization header 15:05:28,345 INFO [org.keycloak.audit] (default task-1) event=LOGIN, realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, clientId=admin-client, userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, ipAddress=127.0.0.1, username=roger at mailinator.com, response_type=token, auth_method=oauth_credentials, refresh_token_id=3730424f-a718-4be8-a9fc-a090e5932564, token_id=dd1bfeaa-54b1-4824-a6fe-d14eb1ae6f97 15:05:28,547 INFO [org.keycloak.adapters.RequestAuthenticator] (default task-2) --> authenticate() 15:05:28,548 INFO [org.keycloak.adapters.RequestAuthenticator] (default task-2) try bearer 15:05:28,566 INFO [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-2) checking whether to refresh. 15:05:28,566 INFO [org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default task-2) use realm role mappings 15:05:28,571 INFO [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default task-2) propagate security context to wildfly 15:05:28,571 INFO [org.keycloak.adapters.RequestAuthenticator] (default task-2) Bearer AUTHENTICATED Using keycloak app (similar to customer-cli sample) Work 15:06:30,254 INFO [org.keycloak.services.resources.TokenService] (default task-1) createLogin() now... 15:06:39,965 INFO [org.keycloak.audit] (default task-2) event=LOGIN, realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, clientId=hellokeycloak, userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, ipAddress=127.0.0.1, username=roger at mailinator.com, response_type=code, redirect_uri=http://localhost:59999, auth_method=form, code_id=bd10d4cc-9f99-42df-b984-b92093f5a6af1405451199946 15:06:39,966 INFO [org.keycloak.services.managers.AuthenticationManager] (default task-2) createLoginCookie 15:06:39,966 INFO [org.keycloak.services.managers.AuthenticationManager] (default task-2) createIdentityToken 15:06:40,092 INFO [org.keycloak.services.resources.TokenService] (default task-3) no authorization header 15:06:40,119 INFO [org.keycloak.audit] (default task-3) event=CODE_TO_TOKEN, realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, clientId=hellokeycloak, userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, ipAddress=127.0.0.1, refresh_token_id=476b2f86-3df4-4cf6-8d51-55aa70264346, code_id=bd10d4cc-9f99-42df-b984-b92093f5a6af1405451199946, token_id=be0358ab-2c28-4bdc-a95c-681b63095217 15:06:46,567 INFO [org.keycloak.adapters.RequestAuthenticator] (default task-4) --> authenticate() 15:06:46,568 INFO [org.keycloak.adapters.RequestAuthenticator] (default task-4) try bearer 15:06:46,584 INFO [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default task-4) checking whether to refresh. 15:06:46,584 INFO [org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default task-4) use realm role mappings 15:06:46,589 INFO [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default task-4) propagate security context to wildfly 15:06:46,590 INFO [org.keycloak.adapters.RequestAuthenticator] (default task-4) Bearer AUTHENTICATED -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140715/af2c5a33/attachment-0001.html From bburke at redhat.com Tue Jul 15 15:48:28 2014 From: bburke at redhat.com (Bill Burke) Date: Tue, 15 Jul 2014 15:48:28 -0400 Subject: [keycloak-user] Is it possible to use a non Keycloak client to call a Keycloak secured Rest services? In-Reply-To: <43F5D8B3-D5FC-4679-846B-FD4ADADF2E1F@icloud.com> References: <43F5D8B3-D5FC-4679-846B-FD4ADADF2E1F@icloud.com> Message-ID: <53C5858C.5070503@redhat.com> Please elaborate on your code to obtain a token. Your client (not user) may not have the scope you need and the token may not be getting set with the desired role mappings. On 7/15/2014 3:15 PM, Christina Lau wrote: > Hi Bill, further to last comment, i.e. although I can get the token, > when I use it to call the same Rest service, I am getting 403 instead. > > I don?t know if this helps or not, but I have also noticed that the > console produced different output: > > *Using non-keycloak client (Did not work - get 403)* > > 15:05:28,228 INFO [org.keycloak.services.resources.TokenService] > (default task-1) no authorization header > 15:05:28,345 INFO [org.keycloak.audit] (default task-1) event=LOGIN, > realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, clientId=admin-client, > userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, ipAddress=127.0.0.1, > username=roger at mailinator.com , > response_type=token, auth_method=oauth_credentials, > refresh_token_id=3730424f-a718-4be8-a9fc-a090e5932564, > token_id=dd1bfeaa-54b1-4824-a6fe-d14eb1ae6f97 > 15:05:28,547 INFO [org.keycloak.adapters.RequestAuthenticator] (default > task-2) --> authenticate() > 15:05:28,548 INFO [org.keycloak.adapters.RequestAuthenticator] (default > task-2) try bearer > 15:05:28,566 INFO > [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default > task-2) checking whether to refresh. > 15:05:28,566 INFO > [org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default > task-2) use realm role mappings > 15:05:28,571 INFO > [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default > task-2) propagate security context to wildfly > 15:05:28,571 INFO [org.keycloak.adapters.RequestAuthenticator] (default > task-2) Bearer AUTHENTICATED > > > *Using keycloak app (similar to customer-cli sample) Work* > > 15:06:30,254 INFO [org.keycloak.services.resources.TokenService] > (default task-1) createLogin() now... > 15:06:39,965 INFO [org.keycloak.audit] (default task-2) event=LOGIN, > realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, clientId=hellokeycloak, > userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, ipAddress=127.0.0.1, > username=roger at mailinator.com , > response_type=code, redirect_uri=http://localhost:59999, > auth_method=form, code_id=bd10d4cc-9f99-42df-b984-b92093f5a6af1405451199946 > 15:06:39,966 INFO > [org.keycloak.services.managers.AuthenticationManager] (default > task-2) createLoginCookie > 15:06:39,966 INFO > [org.keycloak.services.managers.AuthenticationManager] (default > task-2) createIdentityToken > 15:06:40,092 INFO [org.keycloak.services.resources.TokenService] > (default task-3) no authorization header > 15:06:40,119 INFO [org.keycloak.audit] (default task-3) > event=CODE_TO_TOKEN, realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, > clientId=hellokeycloak, userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, > ipAddress=127.0.0.1, > refresh_token_id=476b2f86-3df4-4cf6-8d51-55aa70264346, > code_id=bd10d4cc-9f99-42df-b984-b92093f5a6af1405451199946, > token_id=be0358ab-2c28-4bdc-a95c-681b63095217 > 15:06:46,567 INFO [org.keycloak.adapters.RequestAuthenticator] (default > task-4) --> authenticate() > 15:06:46,568 INFO [org.keycloak.adapters.RequestAuthenticator] (default > task-4) try bearer > 15:06:46,584 INFO > [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default > task-4) checking whether to refresh. > 15:06:46,584 INFO > [org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default > task-4) use realm role mappings > 15:06:46,589 INFO > [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default > task-4) propagate security context to wildfly > 15:06:46,590 INFO [org.keycloak.adapters.RequestAuthenticator] (default > task-4) Bearer AUTHENTICATED > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From christinalau28 at icloud.com Tue Jul 15 16:05:18 2014 From: christinalau28 at icloud.com (Christina Lau) Date: Tue, 15 Jul 2014 16:05:18 -0400 Subject: [keycloak-user] Is it possible to use a non Keycloak client to call a Keycloak secured Rest services? In-Reply-To: <53C5858C.5070503@redhat.com> References: <43F5D8B3-D5FC-4679-846B-FD4ADADF2E1F@icloud.com> <53C5858C.5070503@redhat.com> Message-ID: <5D77AF21-678A-438A-B337-FAC15D895142@icloud.com> The code is the same as the AdminClient you pointed me to. However, I just try something based on what you said. In the admin-client oauth client, I went to Scope Mappings and added user role (which is the security role for the rest services). Now it works. Does this sound right to you? Seems magical... On Jul 15, 2014, at 3:48 PM, Bill Burke wrote: > Please elaborate on your code to obtain a token. Your client (not user) may not have the scope you need and the token may not be getting set with the desired role mappings. > > On 7/15/2014 3:15 PM, Christina Lau wrote: >> Hi Bill, further to last comment, i.e. although I can get the token, >> when I use it to call the same Rest service, I am getting 403 instead. >> >> I don?t know if this helps or not, but I have also noticed that the >> console produced different output: >> >> *Using non-keycloak client (Did not work - get 403)* >> >> 15:05:28,228 INFO [org.keycloak.services.resources.TokenService] >> (default task-1) no authorization header >> 15:05:28,345 INFO [org.keycloak.audit] (default task-1) event=LOGIN, >> realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, clientId=admin-client, >> userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, ipAddress=127.0.0.1, >> username=roger at mailinator.com , >> response_type=token, auth_method=oauth_credentials, >> refresh_token_id=3730424f-a718-4be8-a9fc-a090e5932564, >> token_id=dd1bfeaa-54b1-4824-a6fe-d14eb1ae6f97 >> 15:05:28,547 INFO [org.keycloak.adapters.RequestAuthenticator] (default >> task-2) --> authenticate() >> 15:05:28,548 INFO [org.keycloak.adapters.RequestAuthenticator] (default >> task-2) try bearer >> 15:05:28,566 INFO >> [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default >> task-2) checking whether to refresh. >> 15:05:28,566 INFO >> [org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default >> task-2) use realm role mappings >> 15:05:28,571 INFO >> [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default >> task-2) propagate security context to wildfly >> 15:05:28,571 INFO [org.keycloak.adapters.RequestAuthenticator] (default >> task-2) Bearer AUTHENTICATED >> >> >> *Using keycloak app (similar to customer-cli sample) Work* >> >> 15:06:30,254 INFO [org.keycloak.services.resources.TokenService] >> (default task-1) createLogin() now... >> 15:06:39,965 INFO [org.keycloak.audit] (default task-2) event=LOGIN, >> realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, clientId=hellokeycloak, >> userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, ipAddress=127.0.0.1, >> username=roger at mailinator.com , >> response_type=code, redirect_uri=http://localhost:59999, >> auth_method=form, code_id=bd10d4cc-9f99-42df-b984-b92093f5a6af1405451199946 >> 15:06:39,966 INFO >> [org.keycloak.services.managers.AuthenticationManager] (default >> task-2) createLoginCookie >> 15:06:39,966 INFO >> [org.keycloak.services.managers.AuthenticationManager] (default >> task-2) createIdentityToken >> 15:06:40,092 INFO [org.keycloak.services.resources.TokenService] >> (default task-3) no authorization header >> 15:06:40,119 INFO [org.keycloak.audit] (default task-3) >> event=CODE_TO_TOKEN, realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, >> clientId=hellokeycloak, userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, >> ipAddress=127.0.0.1, >> refresh_token_id=476b2f86-3df4-4cf6-8d51-55aa70264346, >> code_id=bd10d4cc-9f99-42df-b984-b92093f5a6af1405451199946, >> token_id=be0358ab-2c28-4bdc-a95c-681b63095217 >> 15:06:46,567 INFO [org.keycloak.adapters.RequestAuthenticator] (default >> task-4) --> authenticate() >> 15:06:46,568 INFO [org.keycloak.adapters.RequestAuthenticator] (default >> task-4) try bearer >> 15:06:46,584 INFO >> [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default >> task-4) checking whether to refresh. >> 15:06:46,584 INFO >> [org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default >> task-4) use realm role mappings >> 15:06:46,589 INFO >> [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default >> task-4) propagate security context to wildfly >> 15:06:46,590 INFO [org.keycloak.adapters.RequestAuthenticator] (default >> task-4) Bearer AUTHENTICATED >> > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140715/2b3219ff/attachment.html From bburke at redhat.com Tue Jul 15 16:15:04 2014 From: bburke at redhat.com (Bill Burke) Date: Tue, 15 Jul 2014 16:15:04 -0400 Subject: [keycloak-user] Is it possible to use a non Keycloak client to call a Keycloak secured Rest services? In-Reply-To: <5D77AF21-678A-438A-B337-FAC15D895142@icloud.com> References: <43F5D8B3-D5FC-4679-846B-FD4ADADF2E1F@icloud.com> <53C5858C.5070503@redhat.com> <5D77AF21-678A-438A-B337-FAC15D895142@icloud.com> Message-ID: <53C58BC8.1040704@redhat.com> You should create a new oauth client. Add the scope you want for it. Change your code to use your new oauth client. It is not magic. Here's an explanation: * "client" are not the same thing as "users". Clients are devices or servers that are requesting an access token for a specific users. * "scope" are the roles a "client" is allowed to ask for. * Access token contains role mappings from the union of the user's role mappings (the user's permissions) and the client's scope (roles the client is allowed to access for a user). Make sense? On 7/15/2014 4:05 PM, Christina Lau wrote: > The code is the same as the AdminClient you pointed me to. However, I > just try something based on what you said. In the admin-client oauth > client, I went to Scope Mappings and added user role (which is the > security role for the rest services). Now it works. Does this sound > right to you? Seems magical... > > On Jul 15, 2014, at 3:48 PM, Bill Burke > wrote: > >> Please elaborate on your code to obtain a token. Your client (not >> user) may not have the scope you need and the token may not be getting >> set with the desired role mappings. >> >> On 7/15/2014 3:15 PM, Christina Lau wrote: >>> Hi Bill, further to last comment, i.e. although I can get the token, >>> when I use it to call the same Rest service, I am getting 403 instead. >>> >>> I don?t know if this helps or not, but I have also noticed that the >>> console produced different output: >>> >>> *Using non-keycloak client (Did not work - get 403)* >>> >>> 15:05:28,228 INFO [org.keycloak.services.resources.TokenService] >>> (default task-1) no authorization header >>> 15:05:28,345 INFO [org.keycloak.audit] (default task-1) event=LOGIN, >>> realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, clientId=admin-client, >>> userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, ipAddress=127.0.0.1, >>> username=roger at mailinator.com >>> , >>> response_type=token, auth_method=oauth_credentials, >>> refresh_token_id=3730424f-a718-4be8-a9fc-a090e5932564, >>> token_id=dd1bfeaa-54b1-4824-a6fe-d14eb1ae6f97 >>> 15:05:28,547 INFO [org.keycloak.adapters.RequestAuthenticator] (default >>> task-2) --> authenticate() >>> 15:05:28,548 INFO [org.keycloak.adapters.RequestAuthenticator] (default >>> task-2) try bearer >>> 15:05:28,566 INFO >>> [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default >>> task-2) checking whether to refresh. >>> 15:05:28,566 INFO >>> [org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default >>> task-2) use realm role mappings >>> 15:05:28,571 INFO >>> [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default >>> task-2) propagate security context to wildfly >>> 15:05:28,571 INFO [org.keycloak.adapters.RequestAuthenticator] (default >>> task-2) Bearer AUTHENTICATED >>> >>> >>> *Using keycloak app (similar to customer-cli sample) Work* >>> >>> 15:06:30,254 INFO [org.keycloak.services.resources.TokenService] >>> (default task-1) createLogin() now... >>> 15:06:39,965 INFO [org.keycloak.audit] (default task-2) event=LOGIN, >>> realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, clientId=hellokeycloak, >>> userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, ipAddress=127.0.0.1, >>> username=roger at mailinator.com >>> , >>> response_type=code, redirect_uri=http://localhost:59999, >>> auth_method=form, >>> code_id=bd10d4cc-9f99-42df-b984-b92093f5a6af1405451199946 >>> 15:06:39,966 INFO >>> [org.keycloak.services.managers.AuthenticationManager] (default >>> task-2) createLoginCookie >>> 15:06:39,966 INFO >>> [org.keycloak.services.managers.AuthenticationManager] (default >>> task-2) createIdentityToken >>> 15:06:40,092 INFO [org.keycloak.services.resources.TokenService] >>> (default task-3) no authorization header >>> 15:06:40,119 INFO [org.keycloak.audit] (default task-3) >>> event=CODE_TO_TOKEN, realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, >>> clientId=hellokeycloak, userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, >>> ipAddress=127.0.0.1, >>> refresh_token_id=476b2f86-3df4-4cf6-8d51-55aa70264346, >>> code_id=bd10d4cc-9f99-42df-b984-b92093f5a6af1405451199946, >>> token_id=be0358ab-2c28-4bdc-a95c-681b63095217 >>> 15:06:46,567 INFO [org.keycloak.adapters.RequestAuthenticator] (default >>> task-4) --> authenticate() >>> 15:06:46,568 INFO [org.keycloak.adapters.RequestAuthenticator] (default >>> task-4) try bearer >>> 15:06:46,584 INFO >>> [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default >>> task-4) checking whether to refresh. >>> 15:06:46,584 INFO >>> [org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default >>> task-4) use realm role mappings >>> 15:06:46,589 INFO >>> [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default >>> task-4) propagate security context to wildfly >>> 15:06:46,590 INFO [org.keycloak.adapters.RequestAuthenticator] (default >>> task-4) Bearer AUTHENTICATED >>> >> >> -- >> Bill Burke >> JBoss, a division of Red Hat >> http://bill.burkecentral.com > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From christinalau28 at icloud.com Tue Jul 15 16:28:43 2014 From: christinalau28 at icloud.com (Christina Lau) Date: Tue, 15 Jul 2014 16:28:43 -0400 Subject: [keycloak-user] Is it possible to use a non Keycloak client to call a Keycloak secured Rest services? In-Reply-To: <53C58BC8.1040704@redhat.com> References: <43F5D8B3-D5FC-4679-846B-FD4ADADF2E1F@icloud.com> <53C5858C.5070503@redhat.com> <5D77AF21-678A-438A-B337-FAC15D895142@icloud.com> <53C58BC8.1040704@redhat.com> Message-ID: Thx for the explanation, that is clear. Is there some doc on how to create an oauth client (i.e. what does it actually do or is it empty?). Or you can point me to the code for the admin-client? I must say I do not understand that third-party example (Bootstrap.java) so hopefully there is something that is easier to understand. On Jul 15, 2014, at 4:15 PM, Bill Burke wrote: > You should create a new oauth client. Add the scope you want for it. Change your code to use your new oauth client. > > It is not magic. Here's an explanation: > > * "client" are not the same thing as "users". Clients are devices or servers that are requesting an access token for a specific users. > * "scope" are the roles a "client" is allowed to ask for. > * Access token contains role mappings from the union of the user's role mappings (the user's permissions) and the client's scope (roles the client is allowed to access for a user). > > Make sense? > > On 7/15/2014 4:05 PM, Christina Lau wrote: >> The code is the same as the AdminClient you pointed me to. However, I >> just try something based on what you said. In the admin-client oauth >> client, I went to Scope Mappings and added user role (which is the >> security role for the rest services). Now it works. Does this sound >> right to you? Seems magical... >> >> On Jul 15, 2014, at 3:48 PM, Bill Burke > > wrote: >> >>> Please elaborate on your code to obtain a token. Your client (not >>> user) may not have the scope you need and the token may not be getting >>> set with the desired role mappings. >>> >>> On 7/15/2014 3:15 PM, Christina Lau wrote: >>>> Hi Bill, further to last comment, i.e. although I can get the token, >>>> when I use it to call the same Rest service, I am getting 403 instead. >>>> >>>> I don?t know if this helps or not, but I have also noticed that the >>>> console produced different output: >>>> >>>> *Using non-keycloak client (Did not work - get 403)* >>>> >>>> 15:05:28,228 INFO [org.keycloak.services.resources.TokenService] >>>> (default task-1) no authorization header >>>> 15:05:28,345 INFO [org.keycloak.audit] (default task-1) event=LOGIN, >>>> realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, clientId=admin-client, >>>> userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, ipAddress=127.0.0.1, >>>> username=roger at mailinator.com >>>> , >>>> response_type=token, auth_method=oauth_credentials, >>>> refresh_token_id=3730424f-a718-4be8-a9fc-a090e5932564, >>>> token_id=dd1bfeaa-54b1-4824-a6fe-d14eb1ae6f97 >>>> 15:05:28,547 INFO [org.keycloak.adapters.RequestAuthenticator] (default >>>> task-2) --> authenticate() >>>> 15:05:28,548 INFO [org.keycloak.adapters.RequestAuthenticator] (default >>>> task-2) try bearer >>>> 15:05:28,566 INFO >>>> [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default >>>> task-2) checking whether to refresh. >>>> 15:05:28,566 INFO >>>> [org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default >>>> task-2) use realm role mappings >>>> 15:05:28,571 INFO >>>> [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default >>>> task-2) propagate security context to wildfly >>>> 15:05:28,571 INFO [org.keycloak.adapters.RequestAuthenticator] (default >>>> task-2) Bearer AUTHENTICATED >>>> >>>> >>>> *Using keycloak app (similar to customer-cli sample) Work* >>>> >>>> 15:06:30,254 INFO [org.keycloak.services.resources.TokenService] >>>> (default task-1) createLogin() now... >>>> 15:06:39,965 INFO [org.keycloak.audit] (default task-2) event=LOGIN, >>>> realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, clientId=hellokeycloak, >>>> userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, ipAddress=127.0.0.1, >>>> username=roger at mailinator.com >>>> , >>>> response_type=code, redirect_uri=http://localhost:59999, >>>> auth_method=form, >>>> code_id=bd10d4cc-9f99-42df-b984-b92093f5a6af1405451199946 >>>> 15:06:39,966 INFO >>>> [org.keycloak.services.managers.AuthenticationManager] (default >>>> task-2) createLoginCookie >>>> 15:06:39,966 INFO >>>> [org.keycloak.services.managers.AuthenticationManager] (default >>>> task-2) createIdentityToken >>>> 15:06:40,092 INFO [org.keycloak.services.resources.TokenService] >>>> (default task-3) no authorization header >>>> 15:06:40,119 INFO [org.keycloak.audit] (default task-3) >>>> event=CODE_TO_TOKEN, realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, >>>> clientId=hellokeycloak, userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, >>>> ipAddress=127.0.0.1, >>>> refresh_token_id=476b2f86-3df4-4cf6-8d51-55aa70264346, >>>> code_id=bd10d4cc-9f99-42df-b984-b92093f5a6af1405451199946, >>>> token_id=be0358ab-2c28-4bdc-a95c-681b63095217 >>>> 15:06:46,567 INFO [org.keycloak.adapters.RequestAuthenticator] (default >>>> task-4) --> authenticate() >>>> 15:06:46,568 INFO [org.keycloak.adapters.RequestAuthenticator] (default >>>> task-4) try bearer >>>> 15:06:46,584 INFO >>>> [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default >>>> task-4) checking whether to refresh. >>>> 15:06:46,584 INFO >>>> [org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default >>>> task-4) use realm role mappings >>>> 15:06:46,589 INFO >>>> [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default >>>> task-4) propagate security context to wildfly >>>> 15:06:46,590 INFO [org.keycloak.adapters.RequestAuthenticator] (default >>>> task-4) Bearer AUTHENTICATED >>>> >>> >>> -- >>> Bill Burke >>> JBoss, a division of Red Hat >>> http://bill.burkecentral.com >> > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140715/56ba1055/attachment-0001.html From stian at redhat.com Wed Jul 16 09:27:34 2014 From: stian at redhat.com (Stian Thorgersen) Date: Wed, 16 Jul 2014 09:27:34 -0400 (EDT) Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <1122713242.8013355.1405062808152.JavaMail.zimbra@redhat.com> <2008246421.8198022.1405083385278.JavaMail.zimbra@redhat.com> <1494828793.9646510.1405345417189.JavaMail.zimbra@redhat.com> Message-ID: <489963702.11205123.1405517254028.JavaMail.zimbra@redhat.com> Great work with the admin-client. As I commented on GitHub I added it to 'admin-client' branch, and would like a few changes before merging to master: * Make it use RestEasy client framwork * Tests - I've added a starting point to https://github.com/keycloak/keycloak/blob/admin-client/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminClientTest.java * Better error handling - instead of swallowing exceptions it now throws KeycloakException (RuntimeException), but there's HTTP response codes are not checked (see above test that tries to create two users with the same username) If you're happy to do this work that would be awesome! ----- Original Message ----- > From: "Rodrigo Sasaki" > To: "Stian Thorgersen" > Cc: "Juraci Paix?o Kr?hling" , keycloak-user at lists.jboss.org > Sent: Monday, 14 July, 2014 2:44:48 PM > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > Glad to hear it :) > > I'll be waiting on more replies and ideas to perhaps make it better. > Thanks! :) > > > On Mon, Jul 14, 2014 at 10:43 AM, Stian Thorgersen wrote: > > > Great stuff, I'll have a look at it soon. At first glance it looks really > > good! > > > > Thanks :) > > > > ----- Original Message ----- > > > From: "Rodrigo Sasaki" > > > To: "Stian Thorgersen" > > > Cc: "Juraci Paix?o Kr?hling" , > > keycloak-user at lists.jboss.org > > > Sent: Monday, 14 July, 2014 2:40:17 PM > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > PR submitted :) > > > > > > > > > On Fri, Jul 11, 2014 at 9:56 AM, Stian Thorgersen > > wrote: > > > > > > > Please change package names to 'org.keycloak.admin.client' > > > > > > > > ----- Original Message ----- > > > > > From: "Rodrigo Sasaki" > > > > > To: "Stian Thorgersen" > > > > > Cc: "Juraci Paix?o Kr?hling" , > > > > keycloak-user at lists.jboss.org > > > > > Sent: Friday, 11 July, 2014 1:51:41 PM > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > Just one more question, I created it with my companies' name in the > > > > > package, should I replace it? Or just upload it as is? > > > > > > > > > > It's br.com.icarros.keycloak.api > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, Jul 11, 2014 at 4:13 AM, Stian Thorgersen > > > > wrote: > > > > > > > > > > > You can create a new module for it in: > > > > > > > > > > > > integration/admin-client > > > > > > > > > > > > ----- Original Message ----- > > > > > > > From: "Rodrigo Sasaki" > > > > > > > To: "Stian Thorgersen" > > > > > > > Cc: "Juraci Paix?o Kr?hling" , > > > > > > keycloak-user at lists.jboss.org > > > > > > > Sent: Thursday, 10 July, 2014 8:50:00 PM > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > > > > > Stian, how should I send the code that I made to the Keycloak > > repo? > > > > > > > > > > > > > > Can you tell me what module name to use, and where to create it? > > > > > > > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, Rodrigo Sasaki < > > > > > > rodrigopsasaki at gmail.com> > > > > > > > wrote: > > > > > > > > > > > > > > > I would really like to do that :) All I'm waiting for is an OK > > to > > > > do > > > > > > it, > > > > > > > > because it was built inside the company, so I need approval. > > > > > > > > > > > > > > > > But I really believe it'll get a lot better when it's out > > there, > > > > and > > > > > > you > > > > > > > > can all pitch in > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, Stian Thorgersen < > > stian at redhat.com > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > >> Ideal way to contribute it to Keycloak would be if you fork > > the > > > > > > Keycloak > > > > > > > >> repo, add a module and do a PR ;) > > > > > > > >> > > > > > > > >> ----- Original Message ----- > > > > > > > >> > From: "Rodrigo Sasaki" > > > > > > > >> > To: "Juraci Paix?o Kr?hling" > > > > > > > >> > Cc: keycloak-user at lists.jboss.org > > > > > > > >> > Sent: Tuesday, 8 July, 2014 1:50:14 PM > > > > > > > >> > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > >> > > > > > > > > >> > Oh yes, I believe it is already very usable. > > > > > > > >> > > > > > > > > >> > All I need now is to get my manager to agree to make this > > repo > > > > > > public, > > > > > > > >> > because there is a policy that all repos are private in this > > > > project > > > > > > > >> we're > > > > > > > >> > working in, but I don't think we'll have problems with > > this. I > > > > > > pitched > > > > > > > >> him > > > > > > > >> > the idea of contributing to Keycloak and he seemed to like > > it > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > On Tue, Jul 8, 2014 at 9:32 AM, Juraci Paix?o Kr?hling < > > > > > > > >> juraci at kroehling.de > > > > > > > >> > > wrote: > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > > >> > Hash: SHA512 > > > > > > > >> > > > > > > > > >> > Hello Rodrigo, > > > > > > > >> > > > > > > > > >> > Do you have news about this? I'm working on a task that > > would > > > > > > require > > > > > > > >> > me to do something similar, so, I think it would best if we > > can > > > > > > > >> > collaborate on this API :-) > > > > > > > >> > > > > > > > > >> > If/when you have some time, we could have a chat via IRC > > > > > > (jpkroehling > > > > > > > >> > at #keycloak on freenode). > > > > > > > >> > > > > > > > > >> > - - Juca. > > > > > > > >> > > > > > > > > >> > On 06/20/2014 10:00 PM, Rodrigo Sasaki wrote: > > > > > > > >> > > I'm working on a Java-based wrapper for the REST API, to > > make > > > > it > > > > > > > >> > > look more OO, abstracting the access to servers. > > > > > > > >> > > > > > > > > > >> > > It uses methods such as > > > > > > > >> > > > > > > > > > >> > > User bill = realm.getUser("bburke") > > List > > > > roles > > > > > > > >> > > = bill.getApplicationRoleMappings("customer-portal"); > > > > > > > >> > > > > > > > > > >> > > It's still in it's early stages, but if you find it > > > > interesting, > > > > > > > >> > > I'd be happy to create a repo for other Java users to use > > it, > > > > and > > > > > > > >> > > adapt it based on suggestions aswell. > > > > > > > >> > > > > > > > > >> > -----BEGIN PGP SIGNATURE----- > > > > > > > >> > Version: GnuPG v2 > > > > > > > >> > Comment: Using GnuPG with Thunderbird - > > > > http://www.enigmail.net/ > > > > > > > >> > > > > > > > > >> > > > iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d > > > > > > > >> > > > snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA > > > > > > > >> > > > X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z > > > > > > > >> > > > 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > > > > > > > >> > > > srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp > > > > > > > >> > > > iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= > > > > > > > >> > =3O4p > > > > > > > >> > -----END PGP SIGNATURE----- > > > > > > > >> > _______________________________________________ > > > > > > > >> > keycloak-user mailing list > > > > > > > >> > keycloak-user at lists.jboss.org > > > > > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > -- > > > > > > > >> > Rodrigo Sasaki > > > > > > > >> > > > > > > > > >> > _______________________________________________ > > > > > > > >> > keycloak-user mailing list > > > > > > > >> > keycloak-user at lists.jboss.org > > > > > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > -- > > > Rodrigo Sasaki > > > > > > > > > -- > Rodrigo Sasaki > From rodrigopsasaki at gmail.com Wed Jul 16 09:31:35 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Wed, 16 Jul 2014 10:31:35 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: <489963702.11205123.1405517254028.JavaMail.zimbra@redhat.com> References: <1122713242.8013355.1405062808152.JavaMail.zimbra@redhat.com> <2008246421.8198022.1405083385278.JavaMail.zimbra@redhat.com> <1494828793.9646510.1405345417189.JavaMail.zimbra@redhat.com> <489963702.11205123.1405517254028.JavaMail.zimbra@redhat.com> Message-ID: I'll get on it for sure. Just one thing, should I create myself the interfaces for the services? Or is there a more integrated way to do that? On Wed, Jul 16, 2014 at 10:27 AM, Stian Thorgersen wrote: > Great work with the admin-client. As I commented on GitHub I added it to > 'admin-client' branch, and would like a few changes before merging to > master: > > * Make it use RestEasy client framwork > * Tests - I've added a starting point to > https://github.com/keycloak/keycloak/blob/admin-client/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminClientTest.java > * Better error handling - instead of swallowing exceptions it now throws > KeycloakException (RuntimeException), but there's HTTP response codes are > not checked (see above test that tries to create two users with the same > username) > > If you're happy to do this work that would be awesome! > > ----- Original Message ----- > > From: "Rodrigo Sasaki" > > To: "Stian Thorgersen" > > Cc: "Juraci Paix?o Kr?hling" , > keycloak-user at lists.jboss.org > > Sent: Monday, 14 July, 2014 2:44:48 PM > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > Glad to hear it :) > > > > I'll be waiting on more replies and ideas to perhaps make it better. > > Thanks! :) > > > > > > On Mon, Jul 14, 2014 at 10:43 AM, Stian Thorgersen > wrote: > > > > > Great stuff, I'll have a look at it soon. At first glance it looks > really > > > good! > > > > > > Thanks :) > > > > > > ----- Original Message ----- > > > > From: "Rodrigo Sasaki" > > > > To: "Stian Thorgersen" > > > > Cc: "Juraci Paix?o Kr?hling" , > > > keycloak-user at lists.jboss.org > > > > Sent: Monday, 14 July, 2014 2:40:17 PM > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > PR submitted :) > > > > > > > > > > > > On Fri, Jul 11, 2014 at 9:56 AM, Stian Thorgersen > > > wrote: > > > > > > > > > Please change package names to 'org.keycloak.admin.client' > > > > > > > > > > ----- Original Message ----- > > > > > > From: "Rodrigo Sasaki" > > > > > > To: "Stian Thorgersen" > > > > > > Cc: "Juraci Paix?o Kr?hling" , > > > > > keycloak-user at lists.jboss.org > > > > > > Sent: Friday, 11 July, 2014 1:51:41 PM > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > > > Just one more question, I created it with my companies' name in > the > > > > > > package, should I replace it? Or just upload it as is? > > > > > > > > > > > > It's br.com.icarros.keycloak.api > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, Jul 11, 2014 at 4:13 AM, Stian Thorgersen < > stian at redhat.com> > > > > > wrote: > > > > > > > > > > > > > You can create a new module for it in: > > > > > > > > > > > > > > integration/admin-client > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > > From: "Rodrigo Sasaki" > > > > > > > > To: "Stian Thorgersen" > > > > > > > > Cc: "Juraci Paix?o Kr?hling" , > > > > > > > keycloak-user at lists.jboss.org > > > > > > > > Sent: Thursday, 10 July, 2014 8:50:00 PM > > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > > > > > > > Stian, how should I send the code that I made to the Keycloak > > > repo? > > > > > > > > > > > > > > > > Can you tell me what module name to use, and where to create > it? > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, Rodrigo Sasaki < > > > > > > > rodrigopsasaki at gmail.com> > > > > > > > > wrote: > > > > > > > > > > > > > > > > > I would really like to do that :) All I'm waiting for is > an OK > > > to > > > > > do > > > > > > > it, > > > > > > > > > because it was built inside the company, so I need > approval. > > > > > > > > > > > > > > > > > > But I really believe it'll get a lot better when it's out > > > there, > > > > > and > > > > > > > you > > > > > > > > > can all pitch in > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, Stian Thorgersen < > > > stian at redhat.com > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > >> Ideal way to contribute it to Keycloak would be if you > fork > > > the > > > > > > > Keycloak > > > > > > > > >> repo, add a module and do a PR ;) > > > > > > > > >> > > > > > > > > >> ----- Original Message ----- > > > > > > > > >> > From: "Rodrigo Sasaki" > > > > > > > > >> > To: "Juraci Paix?o Kr?hling" > > > > > > > > >> > Cc: keycloak-user at lists.jboss.org > > > > > > > > >> > Sent: Tuesday, 8 July, 2014 1:50:14 PM > > > > > > > > >> > Subject: Re: [keycloak-user] Java Keycloak REST API > Wrapper > > > > > > > > >> > > > > > > > > > >> > Oh yes, I believe it is already very usable. > > > > > > > > >> > > > > > > > > > >> > All I need now is to get my manager to agree to make > this > > > repo > > > > > > > public, > > > > > > > > >> > because there is a policy that all repos are private in > this > > > > > project > > > > > > > > >> we're > > > > > > > > >> > working in, but I don't think we'll have problems with > > > this. I > > > > > > > pitched > > > > > > > > >> him > > > > > > > > >> > the idea of contributing to Keycloak and he seemed to > like > > > it > > > > > > > > >> > > > > > > > > > >> > > > > > > > > > >> > On Tue, Jul 8, 2014 at 9:32 AM, Juraci Paix?o Kr?hling < > > > > > > > > >> juraci at kroehling.de > > > > > > > > >> > > wrote: > > > > > > > > >> > > > > > > > > > >> > > > > > > > > > >> > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > > > >> > Hash: SHA512 > > > > > > > > >> > > > > > > > > > >> > Hello Rodrigo, > > > > > > > > >> > > > > > > > > > >> > Do you have news about this? I'm working on a task that > > > would > > > > > > > require > > > > > > > > >> > me to do something similar, so, I think it would best > if we > > > can > > > > > > > > >> > collaborate on this API :-) > > > > > > > > >> > > > > > > > > > >> > If/when you have some time, we could have a chat via IRC > > > > > > > (jpkroehling > > > > > > > > >> > at #keycloak on freenode). > > > > > > > > >> > > > > > > > > > >> > - - Juca. > > > > > > > > >> > > > > > > > > > >> > On 06/20/2014 10:00 PM, Rodrigo Sasaki wrote: > > > > > > > > >> > > I'm working on a Java-based wrapper for the REST API, > to > > > make > > > > > it > > > > > > > > >> > > look more OO, abstracting the access to servers. > > > > > > > > >> > > > > > > > > > > >> > > It uses methods such as > > > > > > > > >> > > > > > > > > > > >> > > User bill = realm.getUser("bburke") > > > List > > > > > roles > > > > > > > > >> > > = bill.getApplicationRoleMappings("customer-portal"); > > > > > > > > >> > > > > > > > > > > >> > > It's still in it's early stages, but if you find it > > > > > interesting, > > > > > > > > >> > > I'd be happy to create a repo for other Java users to > use > > > it, > > > > > and > > > > > > > > >> > > adapt it based on suggestions aswell. > > > > > > > > >> > > > > > > > > > >> > -----BEGIN PGP SIGNATURE----- > > > > > > > > >> > Version: GnuPG v2 > > > > > > > > >> > Comment: Using GnuPG with Thunderbird - > > > > > http://www.enigmail.net/ > > > > > > > > >> > > > > > > > > > >> > > > > iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d > > > > > > > > >> > > > > snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA > > > > > > > > >> > > > > X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z > > > > > > > > >> > > > > 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > > > > > > > > >> > > > > srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp > > > > > > > > >> > > > > iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= > > > > > > > > >> > =3O4p > > > > > > > > >> > -----END PGP SIGNATURE----- > > > > > > > > >> > _______________________________________________ > > > > > > > > >> > keycloak-user mailing list > > > > > > > > >> > keycloak-user at lists.jboss.org > > > > > > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > >> > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > > >> > -- > > > > > > > > >> > Rodrigo Sasaki > > > > > > > > >> > > > > > > > > > >> > _______________________________________________ > > > > > > > > >> > keycloak-user mailing list > > > > > > > > >> > keycloak-user at lists.jboss.org > > > > > > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > -- > > Rodrigo Sasaki > > > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140716/203e6698/attachment-0001.html From stian at redhat.com Wed Jul 16 09:34:44 2014 From: stian at redhat.com (Stian Thorgersen) Date: Wed, 16 Jul 2014 09:34:44 -0400 (EDT) Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <2008246421.8198022.1405083385278.JavaMail.zimbra@redhat.com> <1494828793.9646510.1405345417189.JavaMail.zimbra@redhat.com> <489963702.11205123.1405517254028.JavaMail.zimbra@redhat.com> Message-ID: <1254963878.11212811.1405517684970.JavaMail.zimbra@redhat.com> Bill: does it make sense for us to share interfaces (with jax-rs annotations) for services and admin-client? ----- Original Message ----- > From: "Rodrigo Sasaki" > To: "Stian Thorgersen" > Cc: "Juraci Paix?o Kr?hling" , keycloak-user at lists.jboss.org > Sent: Wednesday, 16 July, 2014 2:31:35 PM > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > I'll get on it for sure. > > Just one thing, should I create myself the interfaces for the services? Or > is there a more integrated way to do that? > > > On Wed, Jul 16, 2014 at 10:27 AM, Stian Thorgersen wrote: > > > Great work with the admin-client. As I commented on GitHub I added it to > > 'admin-client' branch, and would like a few changes before merging to > > master: > > > > * Make it use RestEasy client framwork > > * Tests - I've added a starting point to > > https://github.com/keycloak/keycloak/blob/admin-client/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminClientTest.java > > * Better error handling - instead of swallowing exceptions it now throws > > KeycloakException (RuntimeException), but there's HTTP response codes are > > not checked (see above test that tries to create two users with the same > > username) > > > > If you're happy to do this work that would be awesome! > > > > ----- Original Message ----- > > > From: "Rodrigo Sasaki" > > > To: "Stian Thorgersen" > > > Cc: "Juraci Paix?o Kr?hling" , > > keycloak-user at lists.jboss.org > > > Sent: Monday, 14 July, 2014 2:44:48 PM > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > Glad to hear it :) > > > > > > I'll be waiting on more replies and ideas to perhaps make it better. > > > Thanks! :) > > > > > > > > > On Mon, Jul 14, 2014 at 10:43 AM, Stian Thorgersen > > wrote: > > > > > > > Great stuff, I'll have a look at it soon. At first glance it looks > > really > > > > good! > > > > > > > > Thanks :) > > > > > > > > ----- Original Message ----- > > > > > From: "Rodrigo Sasaki" > > > > > To: "Stian Thorgersen" > > > > > Cc: "Juraci Paix?o Kr?hling" , > > > > keycloak-user at lists.jboss.org > > > > > Sent: Monday, 14 July, 2014 2:40:17 PM > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > PR submitted :) > > > > > > > > > > > > > > > On Fri, Jul 11, 2014 at 9:56 AM, Stian Thorgersen > > > > wrote: > > > > > > > > > > > Please change package names to 'org.keycloak.admin.client' > > > > > > > > > > > > ----- Original Message ----- > > > > > > > From: "Rodrigo Sasaki" > > > > > > > To: "Stian Thorgersen" > > > > > > > Cc: "Juraci Paix?o Kr?hling" , > > > > > > keycloak-user at lists.jboss.org > > > > > > > Sent: Friday, 11 July, 2014 1:51:41 PM > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > > > > > Just one more question, I created it with my companies' name in > > the > > > > > > > package, should I replace it? Or just upload it as is? > > > > > > > > > > > > > > It's br.com.icarros.keycloak.api > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, Jul 11, 2014 at 4:13 AM, Stian Thorgersen < > > stian at redhat.com> > > > > > > wrote: > > > > > > > > > > > > > > > You can create a new module for it in: > > > > > > > > > > > > > > > > integration/admin-client > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > > > From: "Rodrigo Sasaki" > > > > > > > > > To: "Stian Thorgersen" > > > > > > > > > Cc: "Juraci Paix?o Kr?hling" , > > > > > > > > keycloak-user at lists.jboss.org > > > > > > > > > Sent: Thursday, 10 July, 2014 8:50:00 PM > > > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > > > > > > > > > Stian, how should I send the code that I made to the Keycloak > > > > repo? > > > > > > > > > > > > > > > > > > Can you tell me what module name to use, and where to create > > it? > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, Rodrigo Sasaki < > > > > > > > > rodrigopsasaki at gmail.com> > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > I would really like to do that :) All I'm waiting for is > > an OK > > > > to > > > > > > do > > > > > > > > it, > > > > > > > > > > because it was built inside the company, so I need > > approval. > > > > > > > > > > > > > > > > > > > > But I really believe it'll get a lot better when it's out > > > > there, > > > > > > and > > > > > > > > you > > > > > > > > > > can all pitch in > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, Stian Thorgersen < > > > > stian at redhat.com > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > >> Ideal way to contribute it to Keycloak would be if you > > fork > > > > the > > > > > > > > Keycloak > > > > > > > > > >> repo, add a module and do a PR ;) > > > > > > > > > >> > > > > > > > > > >> ----- Original Message ----- > > > > > > > > > >> > From: "Rodrigo Sasaki" > > > > > > > > > >> > To: "Juraci Paix?o Kr?hling" > > > > > > > > > >> > Cc: keycloak-user at lists.jboss.org > > > > > > > > > >> > Sent: Tuesday, 8 July, 2014 1:50:14 PM > > > > > > > > > >> > Subject: Re: [keycloak-user] Java Keycloak REST API > > Wrapper > > > > > > > > > >> > > > > > > > > > > >> > Oh yes, I believe it is already very usable. > > > > > > > > > >> > > > > > > > > > > >> > All I need now is to get my manager to agree to make > > this > > > > repo > > > > > > > > public, > > > > > > > > > >> > because there is a policy that all repos are private in > > this > > > > > > project > > > > > > > > > >> we're > > > > > > > > > >> > working in, but I don't think we'll have problems with > > > > this. I > > > > > > > > pitched > > > > > > > > > >> him > > > > > > > > > >> > the idea of contributing to Keycloak and he seemed to > > like > > > > it > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > On Tue, Jul 8, 2014 at 9:32 AM, Juraci Paix?o Kr?hling < > > > > > > > > > >> juraci at kroehling.de > > > > > > > > > >> > > wrote: > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > > > > >> > Hash: SHA512 > > > > > > > > > >> > > > > > > > > > > >> > Hello Rodrigo, > > > > > > > > > >> > > > > > > > > > > >> > Do you have news about this? I'm working on a task that > > > > would > > > > > > > > require > > > > > > > > > >> > me to do something similar, so, I think it would best > > if we > > > > can > > > > > > > > > >> > collaborate on this API :-) > > > > > > > > > >> > > > > > > > > > > >> > If/when you have some time, we could have a chat via IRC > > > > > > > > (jpkroehling > > > > > > > > > >> > at #keycloak on freenode). > > > > > > > > > >> > > > > > > > > > > >> > - - Juca. > > > > > > > > > >> > > > > > > > > > > >> > On 06/20/2014 10:00 PM, Rodrigo Sasaki wrote: > > > > > > > > > >> > > I'm working on a Java-based wrapper for the REST API, > > to > > > > make > > > > > > it > > > > > > > > > >> > > look more OO, abstracting the access to servers. > > > > > > > > > >> > > > > > > > > > > > >> > > It uses methods such as > > > > > > > > > >> > > > > > > > > > > > >> > > User bill = realm.getUser("bburke") > > > > List > > > > > > roles > > > > > > > > > >> > > = bill.getApplicationRoleMappings("customer-portal"); > > > > > > > > > >> > > > > > > > > > > > >> > > It's still in it's early stages, but if you find it > > > > > > interesting, > > > > > > > > > >> > > I'd be happy to create a repo for other Java users to > > use > > > > it, > > > > > > and > > > > > > > > > >> > > adapt it based on suggestions aswell. > > > > > > > > > >> > > > > > > > > > > >> > -----BEGIN PGP SIGNATURE----- > > > > > > > > > >> > Version: GnuPG v2 > > > > > > > > > >> > Comment: Using GnuPG with Thunderbird - > > > > > > http://www.enigmail.net/ > > > > > > > > > >> > > > > > > > > > > >> > > > > > iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d > > > > > > > > > >> > > > > > snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA > > > > > > > > > >> > > > > > X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z > > > > > > > > > >> > > > > > 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > > > > > > > > > >> > > > > > srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp > > > > > > > > > >> > > > > > iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= > > > > > > > > > >> > =3O4p > > > > > > > > > >> > -----END PGP SIGNATURE----- > > > > > > > > > >> > _______________________________________________ > > > > > > > > > >> > keycloak-user mailing list > > > > > > > > > >> > keycloak-user at lists.jboss.org > > > > > > > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > -- > > > > > > > > > >> > Rodrigo Sasaki > > > > > > > > > >> > > > > > > > > > > >> > _______________________________________________ > > > > > > > > > >> > keycloak-user mailing list > > > > > > > > > >> > keycloak-user at lists.jboss.org > > > > > > > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > -- > > > Rodrigo Sasaki > > > > > > > > > -- > Rodrigo Sasaki > From john.c.stier at gmail.com Wed Jul 16 11:13:21 2014 From: john.c.stier at gmail.com (Chris Stier) Date: Wed, 16 Jul 2014 09:13:21 -0600 Subject: [keycloak-user] Logging Message-ID: Hi all, Just a quick question... I have a spring app that I'm deploying into the KeyCloak appliance 1.0 beta 3 and for some reason none of my logging statements are making it out to the console or to my file. The file gets created but nothing gets appended to it. I'm using logback and it was working previously on beta 2. I'm kind of perplexed here :) Is anyone else seeing this? Thanks for your time, Chris PS- I apologize if this email is redundant. I had previously sent this email but I guess I wasn't a member of group. So sorry about. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140716/db802a00/attachment.html From ssilvert at redhat.com Wed Jul 16 11:35:15 2014 From: ssilvert at redhat.com (Stan Silvert) Date: Wed, 16 Jul 2014 11:35:15 -0400 Subject: [keycloak-user] Logging In-Reply-To: References: Message-ID: <53C69BB3.9030506@redhat.com> That's a WildFly question rather than a Keycloak question. Try this doc: https://docs.jboss.org/author/display/WFLY8/Logging+Configuration If that doesn't help, I'd take the question to the WildFly forums. Stan On 7/16/2014 11:13 AM, Chris Stier wrote: > Hi all, > Just a quick question... I have a spring app that I'm deploying into > the KeyCloak appliance 1.0 beta 3 and for some reason none of my > logging statements are making it out to the console or to my file. The > file gets created but nothing gets appended to it. I'm using logback > and it was working previously on beta 2. I'm kind of perplexed here > :) Is anyone else seeing this? > Thanks for your time, > Chris > PS- I apologize if this email is redundant. I had previously sent > this email but I guess I wasn't a member of group. So sorry about. > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140716/7dc16db6/attachment.html From rodrigopsasaki at gmail.com Wed Jul 16 15:35:14 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Wed, 16 Jul 2014 16:35:14 -0300 Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: References: <53C562B0.2010302@redhat.com> Message-ID: Just for the sake of conversation, if I did want to handle my own login page, would there be a way for me to do it? On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki wrote: > I don't want to miss out on all of that, which is why we're mostly > migrating everything to use keycloak that way. > > It's just that we have cases that are so specific, that it would be better > to authenticate the user in a different manner, create the user session and > everything, without redirecting. > > I'll have a look at that code. Thanks! > > > On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke wrote: > >> If you want to handle your own login pages, IMO, you are missing out on >> a lot of Keycloak features. Specifically: >> >> * SSO >> * forgot password >> * admin forced credential reset/setup >> >> >> Login pages can be styled however you like to look like your application. >> >> There is a REST api for obtaining an access token. Here is an example: >> >> >> https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java >> >> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: >> > Is there a way to authenticate the user without having to input username >> > and password on the login page? >> > >> > For example: >> > >> > Say there's a situation in my application where I request the user for >> > his username and password, and I wouldn't like to redirect that to the >> > keycloak login page to authenticate him, would there be a way for me to >> > do that? >> > >> > -- >> > Rodrigo Sasaki >> > >> > >> > _______________________________________________ >> > keycloak-user mailing list >> > keycloak-user at lists.jboss.org >> > https://lists.jboss.org/mailman/listinfo/keycloak-user >> > >> >> -- >> Bill Burke >> JBoss, a division of Red Hat >> http://bill.burkecentral.com >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > > > > -- > Rodrigo Sasaki > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140716/86a7f26c/attachment.html From bburke at redhat.com Wed Jul 16 15:39:29 2014 From: bburke at redhat.com (Bill Burke) Date: Wed, 16 Jul 2014 15:39:29 -0400 Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: References: <53C562B0.2010302@redhat.com> Message-ID: <53C6D4F1.1000903@redhat.com> http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/direct-access-grants.html If you have to do it this way, please let us know why. Maybe we can solve the issue within keycloak itself. On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: > Just for the sake of conversation, if I did want to handle my own login > page, would there be a way for me to do it? > > > On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki > > wrote: > > I don't want to miss out on all of that, which is why we're mostly > migrating everything to use keycloak that way. > > It's just that we have cases that are so specific, that it would be > better to authenticate the user in a different manner, create the > user session and everything, without redirecting. > > I'll have a look at that code. Thanks! > > > On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke > wrote: > > If you want to handle your own login pages, IMO, you are missing > out on > a lot of Keycloak features. Specifically: > > * SSO > * forgot password > * admin forced credential reset/setup > > > Login pages can be styled however you like to look like your > application. > > There is a REST api for obtaining an access token. Here is an > example: > > https://github.com/keycloak/keycloak/blob/master/examples/demo-template/admin-access-app/src/main/java/org/keycloak/example/AdminClient.java > > On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: > > Is there a way to authenticate the user without having to > input username > > and password on the login page? > > > > For example: > > > > Say there's a situation in my application where I request the > user for > > his username and password, and I wouldn't like to redirect > that to the > > keycloak login page to authenticate him, would there be a way > for me to > > do that? > > > > -- > > Rodrigo Sasaki > > > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > -- > Rodrigo Sasaki > > > > > -- > Rodrigo Sasaki -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From rodrigopsasaki at gmail.com Wed Jul 16 15:41:58 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Wed, 16 Jul 2014 16:41:58 -0300 Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: <53C6D4F1.1000903@redhat.com> References: <53C562B0.2010302@redhat.com> <53C6D4F1.1000903@redhat.com> Message-ID: I'll give you an example: We have a situation in our website where we only ask for the user's e-mail, and he can go on with the flow. On a determined step of the flow, if we identify that this is an e-mail that we already have in our user database, we ask him for his password, authenticate him, and let him go on, if this e-mail is new, we redirect him to a page where he can register himself, and after that continue on. On this specific case and others, we wouldn't like to have to redirect him to keycloak, because that would interrupt the flow that we designed. On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke wrote: > http://docs.jboss.org/keycloak/docs/1.0-beta-3/ > userguide/html/direct-access-grants.html > > If you have to do it this way, please let us know why. Maybe we can solve > the issue within keycloak itself. > > > On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: > >> Just for the sake of conversation, if I did want to handle my own login >> page, would there be a way for me to do it? >> >> >> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki >> > wrote: >> >> I don't want to miss out on all of that, which is why we're mostly >> migrating everything to use keycloak that way. >> >> It's just that we have cases that are so specific, that it would be >> better to authenticate the user in a different manner, create the >> user session and everything, without redirecting. >> >> I'll have a look at that code. Thanks! >> >> >> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke > > wrote: >> >> If you want to handle your own login pages, IMO, you are missing >> out on >> a lot of Keycloak features. Specifically: >> >> * SSO >> * forgot password >> * admin forced credential reset/setup >> >> >> Login pages can be styled however you like to look like your >> application. >> >> There is a REST api for obtaining an access token. Here is an >> example: >> >> https://github.com/keycloak/keycloak/blob/master/examples/ >> demo-template/admin-access-app/src/main/java/org/ >> keycloak/example/AdminClient.java >> >> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: >> > Is there a way to authenticate the user without having to >> input username >> > and password on the login page? >> > >> > For example: >> > >> > Say there's a situation in my application where I request the >> user for >> > his username and password, and I wouldn't like to redirect >> that to the >> > keycloak login page to authenticate him, would there be a way >> for me to >> > do that? >> > >> > -- >> > Rodrigo Sasaki >> > >> > >> > _______________________________________________ >> > keycloak-user mailing list >> > keycloak-user at lists.jboss.org >> >> >> > https://lists.jboss.org/mailman/listinfo/keycloak-user >> > >> >> -- >> Bill Burke >> JBoss, a division of Red Hat >> http://bill.burkecentral.com >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user at lists.jboss.org > jboss.org> >> >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> >> >> >> >> -- >> Rodrigo Sasaki >> >> >> >> >> -- >> Rodrigo Sasaki >> > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140716/3e38b070/attachment.html From emorny at gmail.com Thu Jul 17 07:14:16 2014 From: emorny at gmail.com (Edem Morny) Date: Thu, 17 Jul 2014 11:14:16 +0000 Subject: [keycloak-user] Securing subpaths with specific roles Message-ID: Hi, I'm currently using beta2 of keycloak, and we are building a new application with keycloak as our security platform. In our web module, all pages are located under the path src/main/webapps/views. Navigation to the index.xhtml file under this path triggers keycloack login, as expected. We've enabled self-registration and assigned the default realm role to be "user", so a new user automatically obtains the "user" role. Here is a snippet of our web.xml file. Users /views/* user Supervisor /views/supervisor/* supervisor ... In effect any person with "user" role can view any content directly under /views/*. However, the newly enrolled user is able to navigate to other subpaths under the /views like the /views/supervisor/* which should normally require the user to have the additional "supervisor" role in addition to being "user". So I have 2 questions. 1. Am I doing something wrong with regards to this setup? Does each registered application also need to have roles specified, or should the realm roles be enough. Or is my understanding wrong? 2. Is there an a means to obtain the roles that a user has after logging in? The IDToken doesn't seem to contain any such information. Looking forward to your response. Cheers. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140717/2dfdac18/attachment.html From rodrigopsasaki at gmail.com Thu Jul 17 08:09:21 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Thu, 17 Jul 2014 09:09:21 -0300 Subject: [keycloak-user] Securing subpaths with specific roles In-Reply-To: References: Message-ID: Hello there. I'm not a part of the keycloak team, so I think it's best to leave the 1st question for them, but I do know the answer to you second one. You can view any user's role mappings via the Keycloak REST API. Have a look at this URL: http://docs.jboss.org/keycloak/docs/1.0-beta-3/rest-api/admin/realms/%7Brealm%7D/users/%7Busername%7D/role-mappings/index.html On Thu, Jul 17, 2014 at 8:14 AM, Edem Morny wrote: > Hi, > > I'm currently using beta2 of keycloak, and we are building a new > application with keycloak as our security platform. > > In our web module, all pages are located under the path > src/main/webapps/views. Navigation to the index.xhtml file under this path > triggers keycloack login, as expected. We've enabled self-registration and > assigned the default realm role to be "user", so a new user automatically > obtains the "user" role. Here is a snippet of our web.xml file. > > > > > Users > /views/* > > > user > > > > > Supervisor > /views/supervisor/* > > > supervisor > > > ... > > In effect any person with "user" role can view any content directly under > /views/*. However, the newly enrolled user is able to navigate to other > subpaths under the /views like the /views/supervisor/* which should > normally require the user to have the additional "supervisor" role in > addition to being "user". > > So I have 2 questions. > 1. Am I doing something wrong with regards to this setup? Does each > registered application also need to have roles specified, or should the > realm roles be enough. Or is my understanding wrong? > 2. Is there an a means to obtain the roles that a user has after logging > in? The IDToken doesn't seem to contain any such information. > > Looking forward to your response. Cheers. > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140717/8c6a5253/attachment.html From emorny at gmail.com Thu Jul 17 08:20:31 2014 From: emorny at gmail.com (Edem Morny) Date: Thu, 17 Jul 2014 12:20:31 +0000 Subject: [keycloak-user] Securing subpaths with specific roles Message-ID: Hi, I'm currently using beta2 of keycloak, and we are building a new application with keycloak as our security platform. In our web module, all pages are located under the path src/main/webapps/views. Navigation to the index.xhtml file under this path triggers keycloack login, as expected. We've enabled self-registration and assigned the default realm role to be "user", so a new user automatically obtains the "user" role. Here is a snippet of our web.xml file. Users /views/* user Supervisor /views/supervisor/* supervisor ... In effect any person with "user" role can view any content directly under /views/*. However, the newly enrolled user is able to navigate to other subpaths under the /views like the /views/supervisor/* which should normally require the user to have the additional "supervisor" role in addition to being "user". So I have 2 questions. 1. Am I doing something wrong with regards to this setup? Does each registered application also need to have roles specified, or should the realm roles be enough. Or is my understanding wrong? 2. Is there an a means to obtain the roles that a user has after logging in? The IDToken doesn't seem to contain any such information so I can use that with some other security implementation like DeltaSpike's security support in case the above is not supported. Looking forward to your response. Cheers. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140717/2e8c2a79/attachment-0001.html From stian at redhat.com Thu Jul 17 08:33:39 2014 From: stian at redhat.com (Stian Thorgersen) Date: Thu, 17 Jul 2014 08:33:39 -0400 (EDT) Subject: [keycloak-user] Securing subpaths with specific roles In-Reply-To: References: Message-ID: <792927773.11977588.1405600419042.JavaMail.zimbra@redhat.com> ----- Original Message ----- > From: "Edem Morny" > To: keycloak-user at lists.jboss.org > Sent: Thursday, 17 July, 2014 1:20:31 PM > Subject: [keycloak-user] Securing subpaths with specific roles > > Hi, > > I'm currently using beta2 of keycloak, and we are building a new application > with keycloak as our security platform. > > In our web module, all pages are located under the path > src/main/webapps/views. Navigation to the index.xhtml file under this path > triggers keycloack login, as expected. We've enabled self-registration and > assigned the default realm role to be "user", so a new user automatically > obtains the "user" role. Here is a snippet of our web.xml file. > > > > > Users > /views/* > > > user > > > > > Supervisor > /views/supervisor/* > > > supervisor > > > ... > > In effect any person with "user" role can view any content directly under > /views/*. However, the newly enrolled user is able to navigate to other > subpaths under the /views like the /views/supervisor/* which should normally > require the user to have the additional "supervisor" role in addition to > being "user". > > So I have 2 questions. > 1. Am I doing something wrong with regards to this setup? Does each > registered application also need to have roles specified, or should the > realm roles be enough. Or is my understanding wrong? You'll need to more explicitly specify what patterns a user can access, as with that constraint you're giving permission to everything under view to users with the role 'user'. For example: Users /views/*.jsp /views/user/* user > 2. Is there an a means to obtain the roles that a user has after logging in? > The IDToken doesn't seem to contain any such information so I can use that > with some other security implementation like DeltaSpike's security support > in case the above is not supported. The roles are available from the AccessToken with getRealmAccess and getResourceAccess methods. The AccessToken can be retrieved using getToken method on KeycloakSecurityContext > > Looking forward to your response. Cheers. > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user From emorny at gmail.com Thu Jul 17 08:35:53 2014 From: emorny at gmail.com (Edem Morny) Date: Thu, 17 Jul 2014 12:35:53 +0000 Subject: [keycloak-user] Securing subpaths with specific roles In-Reply-To: <792927773.11977588.1405600419042.JavaMail.zimbra@redhat.com> References: <792927773.11977588.1405600419042.JavaMail.zimbra@redhat.com> Message-ID: <53C7C329.6000200@gmail.com> Thanks very much Stian. Will give your 2 suggestions immediate action. On 7/17/2014 12:33 PM, Stian Thorgersen wrote: > > ----- Original Message ----- >> From: "Edem Morny" >> To: keycloak-user at lists.jboss.org >> Sent: Thursday, 17 July, 2014 1:20:31 PM >> Subject: [keycloak-user] Securing subpaths with specific roles >> >> Hi, >> >> I'm currently using beta2 of keycloak, and we are building a new application >> with keycloak as our security platform. >> >> In our web module, all pages are located under the path >> src/main/webapps/views. Navigation to the index.xhtml file under this path >> triggers keycloack login, as expected. We've enabled self-registration and >> assigned the default realm role to be "user", so a new user automatically >> obtains the "user" role. Here is a snippet of our web.xml file. >> >> >> >> >> Users >> /views/* >> >> >> user >> >> >> >> >> Supervisor >> /views/supervisor/* >> >> >> supervisor >> >> >> ... >> >> In effect any person with "user" role can view any content directly under >> /views/*. However, the newly enrolled user is able to navigate to other >> subpaths under the /views like the /views/supervisor/* which should normally >> require the user to have the additional "supervisor" role in addition to >> being "user". >> >> So I have 2 questions. >> 1. Am I doing something wrong with regards to this setup? Does each >> registered application also need to have roles specified, or should the >> realm roles be enough. Or is my understanding wrong? > You'll need to more explicitly specify what patterns a user can access, as with that constraint you're giving permission to everything under view to users with the role 'user'. For example: > > > Users > /views/*.jsp > /views/user/* > > > user > > > > >> 2. Is there an a means to obtain the roles that a user has after logging in? >> The IDToken doesn't seem to contain any such information so I can use that >> with some other security implementation like DeltaSpike's security support >> in case the above is not supported. > The roles are available from the AccessToken with getRealmAccess and getResourceAccess methods. The AccessToken can be retrieved using getToken method on KeycloakSecurityContext > >> Looking forward to your response. Cheers. >> >> >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com From stian at redhat.com Thu Jul 17 08:37:52 2014 From: stian at redhat.com (Stian Thorgersen) Date: Thu, 17 Jul 2014 08:37:52 -0400 (EDT) Subject: [keycloak-user] Securing subpaths with specific roles In-Reply-To: <792927773.11977588.1405600419042.JavaMail.zimbra@redhat.com> References: <792927773.11977588.1405600419042.JavaMail.zimbra@redhat.com> Message-ID: <920988189.11980048.1405600672277.JavaMail.zimbra@redhat.com> You can also use HttpServletRequest.isUserInRole. We haven't tested it with DeltaSpike, but in theory it should just work. ----- Original Message ----- > From: "Stian Thorgersen" > To: "Edem Morny" > Cc: keycloak-user at lists.jboss.org > Sent: Thursday, 17 July, 2014 1:33:39 PM > Subject: Re: [keycloak-user] Securing subpaths with specific roles > > > > ----- Original Message ----- > > From: "Edem Morny" > > To: keycloak-user at lists.jboss.org > > Sent: Thursday, 17 July, 2014 1:20:31 PM > > Subject: [keycloak-user] Securing subpaths with specific roles > > > > Hi, > > > > I'm currently using beta2 of keycloak, and we are building a new > > application > > with keycloak as our security platform. > > > > In our web module, all pages are located under the path > > src/main/webapps/views. Navigation to the index.xhtml file under this path > > triggers keycloack login, as expected. We've enabled self-registration and > > assigned the default realm role to be "user", so a new user automatically > > obtains the "user" role. Here is a snippet of our web.xml file. > > > > > > > > > > Users > > /views/* > > > > > > user > > > > > > > > > > Supervisor > > /views/supervisor/* > > > > > > supervisor > > > > > > ... > > > > In effect any person with "user" role can view any content directly under > > /views/*. However, the newly enrolled user is able to navigate to other > > subpaths under the /views like the /views/supervisor/* which should > > normally > > require the user to have the additional "supervisor" role in addition to > > being "user". > > > > So I have 2 questions. > > 1. Am I doing something wrong with regards to this setup? Does each > > registered application also need to have roles specified, or should the > > realm roles be enough. Or is my understanding wrong? > > You'll need to more explicitly specify what patterns a user can access, as > with that constraint you're giving permission to everything under view to > users with the role 'user'. For example: > > > Users > /views/*.jsp > /views/user/* > > > user > > > > > > 2. Is there an a means to obtain the roles that a user has after logging > > in? > > The IDToken doesn't seem to contain any such information so I can use that > > with some other security implementation like DeltaSpike's security support > > in case the above is not supported. > > The roles are available from the AccessToken with getRealmAccess and > getResourceAccess methods. The AccessToken can be retrieved using getToken > method on KeycloakSecurityContext > > > > > Looking forward to your response. Cheers. > > > > > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > From stian at redhat.com Thu Jul 17 11:11:15 2014 From: stian at redhat.com (Stian Thorgersen) Date: Thu, 17 Jul 2014 11:11:15 -0400 (EDT) Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: <1254963878.11212811.1405517684970.JavaMail.zimbra@redhat.com> References: <2008246421.8198022.1405083385278.JavaMail.zimbra@redhat.com> <1494828793.9646510.1405345417189.JavaMail.zimbra@redhat.com> <489963702.11205123.1405517254028.JavaMail.zimbra@redhat.com> <1254963878.11212811.1405517684970.JavaMail.zimbra@redhat.com> Message-ID: <438546910.12158401.1405609875586.JavaMail.zimbra@redhat.com> Rodrigo: just create your own interfaces. If you can try to keep them as consistent with jax-rs classes in services as you can that would be great. ----- Original Message ----- > From: "Stian Thorgersen" > To: "Rodrigo Sasaki" , "Bill Burke" > Cc: keycloak-user at lists.jboss.org > Sent: Wednesday, 16 July, 2014 2:34:44 PM > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > Bill: does it make sense for us to share interfaces (with jax-rs annotations) > for services and admin-client? > > ----- Original Message ----- > > From: "Rodrigo Sasaki" > > To: "Stian Thorgersen" > > Cc: "Juraci Paix?o Kr?hling" , > > keycloak-user at lists.jboss.org > > Sent: Wednesday, 16 July, 2014 2:31:35 PM > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > I'll get on it for sure. > > > > Just one thing, should I create myself the interfaces for the services? Or > > is there a more integrated way to do that? > > > > > > On Wed, Jul 16, 2014 at 10:27 AM, Stian Thorgersen > > wrote: > > > > > Great work with the admin-client. As I commented on GitHub I added it to > > > 'admin-client' branch, and would like a few changes before merging to > > > master: > > > > > > * Make it use RestEasy client framwork > > > * Tests - I've added a starting point to > > > https://github.com/keycloak/keycloak/blob/admin-client/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminClientTest.java > > > * Better error handling - instead of swallowing exceptions it now throws > > > KeycloakException (RuntimeException), but there's HTTP response codes are > > > not checked (see above test that tries to create two users with the same > > > username) > > > > > > If you're happy to do this work that would be awesome! > > > > > > ----- Original Message ----- > > > > From: "Rodrigo Sasaki" > > > > To: "Stian Thorgersen" > > > > Cc: "Juraci Paix?o Kr?hling" , > > > keycloak-user at lists.jboss.org > > > > Sent: Monday, 14 July, 2014 2:44:48 PM > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > Glad to hear it :) > > > > > > > > I'll be waiting on more replies and ideas to perhaps make it better. > > > > Thanks! :) > > > > > > > > > > > > On Mon, Jul 14, 2014 at 10:43 AM, Stian Thorgersen > > > wrote: > > > > > > > > > Great stuff, I'll have a look at it soon. At first glance it looks > > > really > > > > > good! > > > > > > > > > > Thanks :) > > > > > > > > > > ----- Original Message ----- > > > > > > From: "Rodrigo Sasaki" > > > > > > To: "Stian Thorgersen" > > > > > > Cc: "Juraci Paix?o Kr?hling" , > > > > > keycloak-user at lists.jboss.org > > > > > > Sent: Monday, 14 July, 2014 2:40:17 PM > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > > > PR submitted :) > > > > > > > > > > > > > > > > > > On Fri, Jul 11, 2014 at 9:56 AM, Stian Thorgersen > > > > > > > > > > > wrote: > > > > > > > > > > > > > Please change package names to 'org.keycloak.admin.client' > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > > From: "Rodrigo Sasaki" > > > > > > > > To: "Stian Thorgersen" > > > > > > > > Cc: "Juraci Paix?o Kr?hling" , > > > > > > > keycloak-user at lists.jboss.org > > > > > > > > Sent: Friday, 11 July, 2014 1:51:41 PM > > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > > > > > > > Just one more question, I created it with my companies' name in > > > the > > > > > > > > package, should I replace it? Or just upload it as is? > > > > > > > > > > > > > > > > It's br.com.icarros.keycloak.api > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, Jul 11, 2014 at 4:13 AM, Stian Thorgersen < > > > stian at redhat.com> > > > > > > > wrote: > > > > > > > > > > > > > > > > > You can create a new module for it in: > > > > > > > > > > > > > > > > > > integration/admin-client > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > > > > From: "Rodrigo Sasaki" > > > > > > > > > > To: "Stian Thorgersen" > > > > > > > > > > Cc: "Juraci Paix?o Kr?hling" , > > > > > > > > > keycloak-user at lists.jboss.org > > > > > > > > > > Sent: Thursday, 10 July, 2014 8:50:00 PM > > > > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > > > > > > > > > > > Stian, how should I send the code that I made to the > > > > > > > > > > Keycloak > > > > > repo? > > > > > > > > > > > > > > > > > > > > Can you tell me what module name to use, and where to > > > > > > > > > > create > > > it? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, Rodrigo Sasaki < > > > > > > > > > rodrigopsasaki at gmail.com> > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > I would really like to do that :) All I'm waiting for is > > > an OK > > > > > to > > > > > > > do > > > > > > > > > it, > > > > > > > > > > > because it was built inside the company, so I need > > > approval. > > > > > > > > > > > > > > > > > > > > > > But I really believe it'll get a lot better when it's out > > > > > there, > > > > > > > and > > > > > > > > > you > > > > > > > > > > > can all pitch in > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, Stian Thorgersen < > > > > > stian at redhat.com > > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > >> Ideal way to contribute it to Keycloak would be if you > > > fork > > > > > the > > > > > > > > > Keycloak > > > > > > > > > > >> repo, add a module and do a PR ;) > > > > > > > > > > >> > > > > > > > > > > >> ----- Original Message ----- > > > > > > > > > > >> > From: "Rodrigo Sasaki" > > > > > > > > > > >> > To: "Juraci Paix?o Kr?hling" > > > > > > > > > > >> > Cc: keycloak-user at lists.jboss.org > > > > > > > > > > >> > Sent: Tuesday, 8 July, 2014 1:50:14 PM > > > > > > > > > > >> > Subject: Re: [keycloak-user] Java Keycloak REST API > > > Wrapper > > > > > > > > > > >> > > > > > > > > > > > >> > Oh yes, I believe it is already very usable. > > > > > > > > > > >> > > > > > > > > > > > >> > All I need now is to get my manager to agree to make > > > this > > > > > repo > > > > > > > > > public, > > > > > > > > > > >> > because there is a policy that all repos are private > > > > > > > > > > >> > in > > > this > > > > > > > project > > > > > > > > > > >> we're > > > > > > > > > > >> > working in, but I don't think we'll have problems with > > > > > this. I > > > > > > > > > pitched > > > > > > > > > > >> him > > > > > > > > > > >> > the idea of contributing to Keycloak and he seemed to > > > like > > > > > it > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > > >> > On Tue, Jul 8, 2014 at 9:32 AM, Juraci Paix?o Kr?hling > > > > > > > > > > >> > < > > > > > > > > > > >> juraci at kroehling.de > > > > > > > > > > >> > > wrote: > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > > >> > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > > > > > >> > Hash: SHA512 > > > > > > > > > > >> > > > > > > > > > > > >> > Hello Rodrigo, > > > > > > > > > > >> > > > > > > > > > > > >> > Do you have news about this? I'm working on a task > > > > > > > > > > >> > that > > > > > would > > > > > > > > > require > > > > > > > > > > >> > me to do something similar, so, I think it would best > > > if we > > > > > can > > > > > > > > > > >> > collaborate on this API :-) > > > > > > > > > > >> > > > > > > > > > > > >> > If/when you have some time, we could have a chat via > > > > > > > > > > >> > IRC > > > > > > > > > (jpkroehling > > > > > > > > > > >> > at #keycloak on freenode). > > > > > > > > > > >> > > > > > > > > > > > >> > - - Juca. > > > > > > > > > > >> > > > > > > > > > > > >> > On 06/20/2014 10:00 PM, Rodrigo Sasaki wrote: > > > > > > > > > > >> > > I'm working on a Java-based wrapper for the REST > > > > > > > > > > >> > > API, > > > to > > > > > make > > > > > > > it > > > > > > > > > > >> > > look more OO, abstracting the access to servers. > > > > > > > > > > >> > > > > > > > > > > > > >> > > It uses methods such as > > > > > > > > > > >> > > > > > > > > > > > > >> > > User bill = realm.getUser("bburke") > > > > > List > > > > > > > roles > > > > > > > > > > >> > > = > > > > > > > > > > >> > > bill.getApplicationRoleMappings("customer-portal"); > > > > > > > > > > >> > > > > > > > > > > > > >> > > It's still in it's early stages, but if you find it > > > > > > > interesting, > > > > > > > > > > >> > > I'd be happy to create a repo for other Java users > > > > > > > > > > >> > > to > > > use > > > > > it, > > > > > > > and > > > > > > > > > > >> > > adapt it based on suggestions aswell. > > > > > > > > > > >> > > > > > > > > > > > >> > -----BEGIN PGP SIGNATURE----- > > > > > > > > > > >> > Version: GnuPG v2 > > > > > > > > > > >> > Comment: Using GnuPG with Thunderbird - > > > > > > > http://www.enigmail.net/ > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d > > > > > > > > > > >> > > > > > > snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA > > > > > > > > > > >> > > > > > > X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z > > > > > > > > > > >> > > > > > > 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > > > > > > > > > > >> > > > > > > srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp > > > > > > > > > > >> > > > > > > iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= > > > > > > > > > > >> > =3O4p > > > > > > > > > > >> > -----END PGP SIGNATURE----- > > > > > > > > > > >> > _______________________________________________ > > > > > > > > > > >> > keycloak-user mailing list > > > > > > > > > > >> > keycloak-user at lists.jboss.org > > > > > > > > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > > >> > -- > > > > > > > > > > >> > Rodrigo Sasaki > > > > > > > > > > >> > > > > > > > > > > > >> > _______________________________________________ > > > > > > > > > > >> > keycloak-user mailing list > > > > > > > > > > >> > keycloak-user at lists.jboss.org > > > > > > > > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > -- > > Rodrigo Sasaki > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user From rodrigopsasaki at gmail.com Thu Jul 17 11:18:28 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Thu, 17 Jul 2014 12:18:28 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: <438546910.12158401.1405609875586.JavaMail.zimbra@redhat.com> References: <2008246421.8198022.1405083385278.JavaMail.zimbra@redhat.com> <1494828793.9646510.1405345417189.JavaMail.zimbra@redhat.com> <489963702.11205123.1405517254028.JavaMail.zimbra@redhat.com> <1254963878.11212811.1405517684970.JavaMail.zimbra@redhat.com> <438546910.12158401.1405609875586.JavaMail.zimbra@redhat.com> Message-ID: OK, will do. Is there a way for me to do it like it is there? I'll explain a little better the class *AdminRoot* has the path set to "/admin", and it has a method getRealmsAdmin, with "realms" on the path, and on the *RealmsAdminResource* there's the getRealmAdmin mapped to "{realm}", making the full path for it "/admin/realms/{realm}", even though each one is in a different class. Is there a way for me to do it the same way, I don't know how the Proxy framework would understand that, maybe I would have to set the full path On Thu, Jul 17, 2014 at 12:11 PM, Stian Thorgersen wrote: > Rodrigo: just create your own interfaces. If you can try to keep them as > consistent with jax-rs classes in services as you can that would be great. > > ----- Original Message ----- > > From: "Stian Thorgersen" > > To: "Rodrigo Sasaki" , "Bill Burke" < > bburke at redhat.com> > > Cc: keycloak-user at lists.jboss.org > > Sent: Wednesday, 16 July, 2014 2:34:44 PM > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > Bill: does it make sense for us to share interfaces (with jax-rs > annotations) > > for services and admin-client? > > > > ----- Original Message ----- > > > From: "Rodrigo Sasaki" > > > To: "Stian Thorgersen" > > > Cc: "Juraci Paix?o Kr?hling" , > > > keycloak-user at lists.jboss.org > > > Sent: Wednesday, 16 July, 2014 2:31:35 PM > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > I'll get on it for sure. > > > > > > Just one thing, should I create myself the interfaces for the > services? Or > > > is there a more integrated way to do that? > > > > > > > > > On Wed, Jul 16, 2014 at 10:27 AM, Stian Thorgersen > > > wrote: > > > > > > > Great work with the admin-client. As I commented on GitHub I added > it to > > > > 'admin-client' branch, and would like a few changes before merging to > > > > master: > > > > > > > > * Make it use RestEasy client framwork > > > > * Tests - I've added a starting point to > > > > > https://github.com/keycloak/keycloak/blob/admin-client/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminClientTest.java > > > > * Better error handling - instead of swallowing exceptions it now > throws > > > > KeycloakException (RuntimeException), but there's HTTP response > codes are > > > > not checked (see above test that tries to create two users with the > same > > > > username) > > > > > > > > If you're happy to do this work that would be awesome! > > > > > > > > ----- Original Message ----- > > > > > From: "Rodrigo Sasaki" > > > > > To: "Stian Thorgersen" > > > > > Cc: "Juraci Paix?o Kr?hling" , > > > > keycloak-user at lists.jboss.org > > > > > Sent: Monday, 14 July, 2014 2:44:48 PM > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > Glad to hear it :) > > > > > > > > > > I'll be waiting on more replies and ideas to perhaps make it > better. > > > > > Thanks! :) > > > > > > > > > > > > > > > On Mon, Jul 14, 2014 at 10:43 AM, Stian Thorgersen < > stian at redhat.com> > > > > wrote: > > > > > > > > > > > Great stuff, I'll have a look at it soon. At first glance it > looks > > > > really > > > > > > good! > > > > > > > > > > > > Thanks :) > > > > > > > > > > > > ----- Original Message ----- > > > > > > > From: "Rodrigo Sasaki" > > > > > > > To: "Stian Thorgersen" > > > > > > > Cc: "Juraci Paix?o Kr?hling" , > > > > > > keycloak-user at lists.jboss.org > > > > > > > Sent: Monday, 14 July, 2014 2:40:17 PM > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > > > > > PR submitted :) > > > > > > > > > > > > > > > > > > > > > On Fri, Jul 11, 2014 at 9:56 AM, Stian Thorgersen > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > Please change package names to 'org.keycloak.admin.client' > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > > > From: "Rodrigo Sasaki" > > > > > > > > > To: "Stian Thorgersen" > > > > > > > > > Cc: "Juraci Paix?o Kr?hling" , > > > > > > > > keycloak-user at lists.jboss.org > > > > > > > > > Sent: Friday, 11 July, 2014 1:51:41 PM > > > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > > > > > > > > > Just one more question, I created it with my companies' > name in > > > > the > > > > > > > > > package, should I replace it? Or just upload it as is? > > > > > > > > > > > > > > > > > > It's br.com.icarros.keycloak.api > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, Jul 11, 2014 at 4:13 AM, Stian Thorgersen < > > > > stian at redhat.com> > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > You can create a new module for it in: > > > > > > > > > > > > > > > > > > > > integration/admin-client > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > > > > > From: "Rodrigo Sasaki" > > > > > > > > > > > To: "Stian Thorgersen" > > > > > > > > > > > Cc: "Juraci Paix?o Kr?hling" , > > > > > > > > > > keycloak-user at lists.jboss.org > > > > > > > > > > > Sent: Thursday, 10 July, 2014 8:50:00 PM > > > > > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API > Wrapper > > > > > > > > > > > > > > > > > > > > > > Stian, how should I send the code that I made to the > > > > > > > > > > > Keycloak > > > > > > repo? > > > > > > > > > > > > > > > > > > > > > > Can you tell me what module name to use, and where to > > > > > > > > > > > create > > > > it? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, Rodrigo Sasaki < > > > > > > > > > > rodrigopsasaki at gmail.com> > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > I would really like to do that :) All I'm waiting > for is > > > > an OK > > > > > > to > > > > > > > > do > > > > > > > > > > it, > > > > > > > > > > > > because it was built inside the company, so I need > > > > approval. > > > > > > > > > > > > > > > > > > > > > > > > But I really believe it'll get a lot better when > it's out > > > > > > there, > > > > > > > > and > > > > > > > > > > you > > > > > > > > > > > > can all pitch in > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, Stian Thorgersen < > > > > > > stian at redhat.com > > > > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > >> Ideal way to contribute it to Keycloak would be if > you > > > > fork > > > > > > the > > > > > > > > > > Keycloak > > > > > > > > > > > >> repo, add a module and do a PR ;) > > > > > > > > > > > >> > > > > > > > > > > > >> ----- Original Message ----- > > > > > > > > > > > >> > From: "Rodrigo Sasaki" > > > > > > > > > > > >> > To: "Juraci Paix?o Kr?hling" > > > > > > > > > > > > >> > Cc: keycloak-user at lists.jboss.org > > > > > > > > > > > >> > Sent: Tuesday, 8 July, 2014 1:50:14 PM > > > > > > > > > > > >> > Subject: Re: [keycloak-user] Java Keycloak REST > API > > > > Wrapper > > > > > > > > > > > >> > > > > > > > > > > > > >> > Oh yes, I believe it is already very usable. > > > > > > > > > > > >> > > > > > > > > > > > > >> > All I need now is to get my manager to agree to > make > > > > this > > > > > > repo > > > > > > > > > > public, > > > > > > > > > > > >> > because there is a policy that all repos are > private > > > > > > > > > > > >> > in > > > > this > > > > > > > > project > > > > > > > > > > > >> we're > > > > > > > > > > > >> > working in, but I don't think we'll have problems > with > > > > > > this. I > > > > > > > > > > pitched > > > > > > > > > > > >> him > > > > > > > > > > > >> > the idea of contributing to Keycloak and he > seemed to > > > > like > > > > > > it > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > On Tue, Jul 8, 2014 at 9:32 AM, Juraci Paix?o > Kr?hling > > > > > > > > > > > >> > < > > > > > > > > > > > >> juraci at kroehling.de > > > > > > > > > > > >> > > wrote: > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > > > > > > >> > Hash: SHA512 > > > > > > > > > > > >> > > > > > > > > > > > > >> > Hello Rodrigo, > > > > > > > > > > > >> > > > > > > > > > > > > >> > Do you have news about this? I'm working on a task > > > > > > > > > > > >> > that > > > > > > would > > > > > > > > > > require > > > > > > > > > > > >> > me to do something similar, so, I think it would > best > > > > if we > > > > > > can > > > > > > > > > > > >> > collaborate on this API :-) > > > > > > > > > > > >> > > > > > > > > > > > > >> > If/when you have some time, we could have a chat > via > > > > > > > > > > > >> > IRC > > > > > > > > > > (jpkroehling > > > > > > > > > > > >> > at #keycloak on freenode). > > > > > > > > > > > >> > > > > > > > > > > > > >> > - - Juca. > > > > > > > > > > > >> > > > > > > > > > > > > >> > On 06/20/2014 10:00 PM, Rodrigo Sasaki wrote: > > > > > > > > > > > >> > > I'm working on a Java-based wrapper for the REST > > > > > > > > > > > >> > > API, > > > > to > > > > > > make > > > > > > > > it > > > > > > > > > > > >> > > look more OO, abstracting the access to servers. > > > > > > > > > > > >> > > > > > > > > > > > > > >> > > It uses methods such as > > > > > > > > > > > >> > > > > > > > > > > > > > >> > > User bill = realm.getUser("bburke") > > > > > > List > > > > > > > > roles > > > > > > > > > > > >> > > = > > > > > > > > > > > >> > > > bill.getApplicationRoleMappings("customer-portal"); > > > > > > > > > > > >> > > > > > > > > > > > > > >> > > It's still in it's early stages, but if you > find it > > > > > > > > interesting, > > > > > > > > > > > >> > > I'd be happy to create a repo for other Java > users > > > > > > > > > > > >> > > to > > > > use > > > > > > it, > > > > > > > > and > > > > > > > > > > > >> > > adapt it based on suggestions aswell. > > > > > > > > > > > >> > > > > > > > > > > > > >> > -----BEGIN PGP SIGNATURE----- > > > > > > > > > > > >> > Version: GnuPG v2 > > > > > > > > > > > >> > Comment: Using GnuPG with Thunderbird - > > > > > > > > http://www.enigmail.net/ > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d > > > > > > > > > > > >> > > > > > > > snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA > > > > > > > > > > > >> > > > > > > > X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z > > > > > > > > > > > >> > > > > > > > 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > > > > > > > > > > > >> > > > > > > > srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp > > > > > > > > > > > >> > > > > > > > iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= > > > > > > > > > > > >> > =3O4p > > > > > > > > > > > >> > -----END PGP SIGNATURE----- > > > > > > > > > > > >> > _______________________________________________ > > > > > > > > > > > >> > keycloak-user mailing list > > > > > > > > > > > >> > keycloak-user at lists.jboss.org > > > > > > > > > > > >> > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > -- > > > > > > > > > > > >> > Rodrigo Sasaki > > > > > > > > > > > >> > > > > > > > > > > > > >> > _______________________________________________ > > > > > > > > > > > >> > keycloak-user mailing list > > > > > > > > > > > >> > keycloak-user at lists.jboss.org > > > > > > > > > > > >> > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > -- > > > Rodrigo Sasaki > > > > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140717/aefb863e/attachment-0001.html From rodrigopsasaki at gmail.com Thu Jul 17 13:52:08 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Thu, 17 Jul 2014 14:52:08 -0300 Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: References: <53C562B0.2010302@redhat.com> <53C6D4F1.1000903@redhat.com> Message-ID: You think there could be a way to do this within keycloak itself? On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki wrote: > I'll give you an example: > > We have a situation in our website where we only ask for the user's > e-mail, and he can go on with the flow. > > On a determined step of the flow, if we identify that this is an e-mail > that we already have in our user database, we ask him for his password, > authenticate him, and let him go on, if this e-mail is new, we redirect him > to a page where he can register himself, and after that continue on. > > On this specific case and others, we wouldn't like to have to redirect him > to keycloak, because that would interrupt the flow that we designed. > > > On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke wrote: > >> http://docs.jboss.org/keycloak/docs/1.0-beta-3/ >> userguide/html/direct-access-grants.html >> >> If you have to do it this way, please let us know why. Maybe we can >> solve the issue within keycloak itself. >> >> >> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: >> >>> Just for the sake of conversation, if I did want to handle my own login >>> page, would there be a way for me to do it? >>> >>> >>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki >>> > wrote: >>> >>> I don't want to miss out on all of that, which is why we're mostly >>> migrating everything to use keycloak that way. >>> >>> It's just that we have cases that are so specific, that it would be >>> better to authenticate the user in a different manner, create the >>> user session and everything, without redirecting. >>> >>> I'll have a look at that code. Thanks! >>> >>> >>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke >> > wrote: >>> >>> If you want to handle your own login pages, IMO, you are missing >>> out on >>> a lot of Keycloak features. Specifically: >>> >>> * SSO >>> * forgot password >>> * admin forced credential reset/setup >>> >>> >>> Login pages can be styled however you like to look like your >>> application. >>> >>> There is a REST api for obtaining an access token. Here is an >>> example: >>> >>> https://github.com/keycloak/keycloak/blob/master/examples/ >>> demo-template/admin-access-app/src/main/java/org/ >>> keycloak/example/AdminClient.java >>> >>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: >>> > Is there a way to authenticate the user without having to >>> input username >>> > and password on the login page? >>> > >>> > For example: >>> > >>> > Say there's a situation in my application where I request the >>> user for >>> > his username and password, and I wouldn't like to redirect >>> that to the >>> > keycloak login page to authenticate him, would there be a way >>> for me to >>> > do that? >>> > >>> > -- >>> > Rodrigo Sasaki >>> > >>> > >>> > _______________________________________________ >>> > keycloak-user mailing list >>> > keycloak-user at lists.jboss.org >>> >>> >>> > https://lists.jboss.org/mailman/listinfo/keycloak-user >>> > >>> >>> -- >>> Bill Burke >>> JBoss, a division of Red Hat >>> http://bill.burkecentral.com >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user at lists.jboss.org >> jboss.org> >>> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> >>> >>> >>> >>> -- >>> Rodrigo Sasaki >>> >>> >>> >>> >>> -- >>> Rodrigo Sasaki >>> >> >> -- >> Bill Burke >> JBoss, a division of Red Hat >> http://bill.burkecentral.com >> > > > > -- > Rodrigo Sasaki > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140717/148970af/attachment.html From bburke at redhat.com Thu Jul 17 16:55:54 2014 From: bburke at redhat.com (Bill Burke) Date: Thu, 17 Jul 2014 16:55:54 -0400 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <2008246421.8198022.1405083385278.JavaMail.zimbra@redhat.com> <1494828793.9646510.1405345417189.JavaMail.zimbra@redhat.com> <489963702.11205123.1405517254028.JavaMail.zimbra@redhat.com> <1254963878.11212811.1405517684970.JavaMail.zimbra@redhat.com> <438546910.12158401.1405609875586.JavaMail.zimbra@redhat.com> Message-ID: <53C8385A.8030400@redhat.com> @Path("/admin public interface Admin { @Path("realms/{realm}") Realm realm(@PathParameter("realm") realmName); } public interface Realm { @GET @Produces("application/json") RealmRepresentation get(); @DELETE void delete(); @PUT @Consumes("application/json") void update(RealmRepresentation rep); @Path("users") Users users(); } public interface Users { ... } FOllow me? Then its just ResteasyClient client = new ResteasyClientBuilder().build(); ResteasyWebTarget target = client.target("http://localhost:8080/auth"); String token = ... get a token ... target.register(new BearerTokenFilter(token)); // you'd have to implement this Admin admin = target.proxy(Admin.class); admin.realm("master") That's about as much help I can give you right now. On 7/17/2014 11:18 AM, Rodrigo Sasaki wrote: > OK, will do. > > Is there a way for me to do it like it is there? I'll explain a little > better > > the class *AdminRoot* has the path set to "/admin", and it has a method > getRealmsAdmin, with "realms" on the path, and on the > *RealmsAdminResource* there's the getRealmAdmin mapped to "{realm}", > making the full path for it "/admin/realms/{realm}", even though each > one is in a different class. > > Is there a way for me to do it the same way, I don't know how the Proxy > framework would understand that, maybe I would have to set the full path > > > On Thu, Jul 17, 2014 at 12:11 PM, Stian Thorgersen > wrote: > > Rodrigo: just create your own interfaces. If you can try to keep > them as consistent with jax-rs classes in services as you can that > would be great. > > ----- Original Message ----- > > From: "Stian Thorgersen" > > > To: "Rodrigo Sasaki" >, "Bill Burke" > > > Cc: keycloak-user at lists.jboss.org > > > Sent: Wednesday, 16 July, 2014 2:34:44 PM > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > Bill: does it make sense for us to share interfaces (with jax-rs > annotations) > > for services and admin-client? > > > > ----- Original Message ----- > > > From: "Rodrigo Sasaki" > > > > To: "Stian Thorgersen" > > > > Cc: "Juraci Paix?o Kr?hling" >, > > > keycloak-user at lists.jboss.org > > > > Sent: Wednesday, 16 July, 2014 2:31:35 PM > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > I'll get on it for sure. > > > > > > Just one thing, should I create myself the interfaces for the > services? Or > > > is there a more integrated way to do that? > > > > > > > > > On Wed, Jul 16, 2014 at 10:27 AM, Stian Thorgersen > > > > > wrote: > > > > > > > Great work with the admin-client. As I commented on GitHub I > added it to > > > > 'admin-client' branch, and would like a few changes before > merging to > > > > master: > > > > > > > > * Make it use RestEasy client framwork > > > > * Tests - I've added a starting point to > > > > > https://github.com/keycloak/keycloak/blob/admin-client/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/AdminClientTest.java > > > > * Better error handling - instead of swallowing exceptions it > now throws > > > > KeycloakException (RuntimeException), but there's HTTP > response codes are > > > > not checked (see above test that tries to create two users > with the same > > > > username) > > > > > > > > If you're happy to do this work that would be awesome! > > > > > > > > ----- Original Message ----- > > > > > From: "Rodrigo Sasaki" > > > > > > To: "Stian Thorgersen" > > > > > > Cc: "Juraci Paix?o Kr?hling" >, > > > > keycloak-user at lists.jboss.org > > > > > > Sent: Monday, 14 July, 2014 2:44:48 PM > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > Glad to hear it :) > > > > > > > > > > I'll be waiting on more replies and ideas to perhaps make > it better. > > > > > Thanks! :) > > > > > > > > > > > > > > > On Mon, Jul 14, 2014 at 10:43 AM, Stian Thorgersen > > > > > > wrote: > > > > > > > > > > > Great stuff, I'll have a look at it soon. At first glance > it looks > > > > really > > > > > > good! > > > > > > > > > > > > Thanks :) > > > > > > > > > > > > ----- Original Message ----- > > > > > > > From: "Rodrigo Sasaki" > > > > > > > > To: "Stian Thorgersen" > > > > > > > > Cc: "Juraci Paix?o Kr?hling" >, > > > > > > keycloak-user at lists.jboss.org > > > > > > > > Sent: Monday, 14 July, 2014 2:40:17 PM > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > > > > > > > PR submitted :) > > > > > > > > > > > > > > > > > > > > > On Fri, Jul 11, 2014 at 9:56 AM, Stian Thorgersen > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > Please change package names to > 'org.keycloak.admin.client' > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > > > From: "Rodrigo Sasaki" > > > > > > > > > > To: "Stian Thorgersen" > > > > > > > > > > Cc: "Juraci Paix?o Kr?hling" >, > > > > > > > > keycloak-user at lists.jboss.org > > > > > > > > > > Sent: Friday, 11 July, 2014 1:51:41 PM > > > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API > Wrapper > > > > > > > > > > > > > > > > > > Just one more question, I created it with my > companies' name in > > > > the > > > > > > > > > package, should I replace it? Or just upload it as is? > > > > > > > > > > > > > > > > > > It's br.com.icarros.keycloak.api > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, Jul 11, 2014 at 4:13 AM, Stian Thorgersen < > > > > stian at redhat.com > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > You can create a new module for it in: > > > > > > > > > > > > > > > > > > > > integration/admin-client > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > > > > > From: "Rodrigo Sasaki" > > > > > > > > > > > > > To: "Stian Thorgersen" > > > > > > > > > > > > Cc: "Juraci Paix?o Kr?hling" > >, > > > > > > > > > > keycloak-user at lists.jboss.org > > > > > > > > > > > > Sent: Thursday, 10 July, 2014 8:50:00 PM > > > > > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST > API Wrapper > > > > > > > > > > > > > > > > > > > > > > Stian, how should I send the code that I made > to the > > > > > > > > > > > Keycloak > > > > > > repo? > > > > > > > > > > > > > > > > > > > > > > Can you tell me what module name to use, and > where to > > > > > > > > > > > create > > > > it? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, Rodrigo Sasaki < > > > > > > > > > > rodrigopsasaki at gmail.com > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > I would really like to do that :) All I'm > waiting for is > > > > an OK > > > > > > to > > > > > > > > do > > > > > > > > > > it, > > > > > > > > > > > > because it was built inside the company, so I > need > > > > approval. > > > > > > > > > > > > > > > > > > > > > > > > But I really believe it'll get a lot better > when it's out > > > > > > there, > > > > > > > > and > > > > > > > > > > you > > > > > > > > > > > > can all pitch in > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, Stian > Thorgersen < > > > > > > stian at redhat.com > > > > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > >> Ideal way to contribute it to Keycloak would > be if you > > > > fork > > > > > > the > > > > > > > > > > Keycloak > > > > > > > > > > > >> repo, add a module and do a PR ;) > > > > > > > > > > > >> > > > > > > > > > > > >> ----- Original Message ----- > > > > > > > > > > > >> > From: "Rodrigo Sasaki" > > > > > > > > > > > > > >> > To: "Juraci Paix?o Kr?hling" > > > > > > > > > > > > > >> > Cc: keycloak-user at lists.jboss.org > > > > > > > > > > > > >> > Sent: Tuesday, 8 July, 2014 1:50:14 PM > > > > > > > > > > > >> > Subject: Re: [keycloak-user] Java Keycloak > REST API > > > > Wrapper > > > > > > > > > > > >> > > > > > > > > > > > > >> > Oh yes, I believe it is already very usable. > > > > > > > > > > > >> > > > > > > > > > > > > >> > All I need now is to get my manager to > agree to make > > > > this > > > > > > repo > > > > > > > > > > public, > > > > > > > > > > > >> > because there is a policy that all repos > are private > > > > > > > > > > > >> > in > > > > this > > > > > > > > project > > > > > > > > > > > >> we're > > > > > > > > > > > >> > working in, but I don't think we'll have > problems with > > > > > > this. I > > > > > > > > > > pitched > > > > > > > > > > > >> him > > > > > > > > > > > >> > the idea of contributing to Keycloak and > he seemed to > > > > like > > > > > > it > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > On Tue, Jul 8, 2014 at 9:32 AM, Juraci > Paix?o Kr?hling > > > > > > > > > > > >> > < > > > > > > > > > > > >> juraci at kroehling.de > > > > > > > > > > > >> > > wrote: > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > > > > > > >> > Hash: SHA512 > > > > > > > > > > > >> > > > > > > > > > > > > >> > Hello Rodrigo, > > > > > > > > > > > >> > > > > > > > > > > > > >> > Do you have news about this? I'm working > on a task > > > > > > > > > > > >> > that > > > > > > would > > > > > > > > > > require > > > > > > > > > > > >> > me to do something similar, so, I think it > would best > > > > if we > > > > > > can > > > > > > > > > > > >> > collaborate on this API :-) > > > > > > > > > > > >> > > > > > > > > > > > > >> > If/when you have some time, we could have > a chat via > > > > > > > > > > > >> > IRC > > > > > > > > > > (jpkroehling > > > > > > > > > > > >> > at #keycloak on freenode). > > > > > > > > > > > >> > > > > > > > > > > > > >> > - - Juca. > > > > > > > > > > > >> > > > > > > > > > > > > >> > On 06/20/2014 10:00 PM, Rodrigo Sasaki wrote: > > > > > > > > > > > >> > > I'm working on a Java-based wrapper for > the REST > > > > > > > > > > > >> > > API, > > > > to > > > > > > make > > > > > > > > it > > > > > > > > > > > >> > > look more OO, abstracting the access to > servers. > > > > > > > > > > > >> > > > > > > > > > > > > > >> > > It uses methods such as > > > > > > > > > > > >> > > > > > > > > > > > > > >> > > User bill = realm.getUser("bburke") > > > > > > List > > > > > > > > roles > > > > > > > > > > > >> > > = > > > > > > > > > > > >> > > > bill.getApplicationRoleMappings("customer-portal"); > > > > > > > > > > > >> > > > > > > > > > > > > > >> > > It's still in it's early stages, but if > you find it > > > > > > > > interesting, > > > > > > > > > > > >> > > I'd be happy to create a repo for other > Java users > > > > > > > > > > > >> > > to > > > > use > > > > > > it, > > > > > > > > and > > > > > > > > > > > >> > > adapt it based on suggestions aswell. > > > > > > > > > > > >> > > > > > > > > > > > > >> > -----BEGIN PGP SIGNATURE----- > > > > > > > > > > > >> > Version: GnuPG v2 > > > > > > > > > > > >> > Comment: Using GnuPG with Thunderbird - > > > > > > > > http://www.enigmail.net/ > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d > > > > > > > > > > > >> > > > > > > > > snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA > > > > > > > > > > > >> > > > > > > > > X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z > > > > > > > > > > > >> > > > > > > > > 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > > > > > > > > > > > >> > > > > > > > > srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp > > > > > > > > > > > >> > > > > > > > > iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= > > > > > > > > > > > >> > =3O4p > > > > > > > > > > > >> > -----END PGP SIGNATURE----- > > > > > > > > > > > >> > > _______________________________________________ > > > > > > > > > > > >> > keycloak-user mailing list > > > > > > > > > > > >> > keycloak-user at lists.jboss.org > > > > > > > > > > > > >> > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > -- > > > > > > > > > > > >> > Rodrigo Sasaki > > > > > > > > > > > >> > > > > > > > > > > > > >> > > _______________________________________________ > > > > > > > > > > > >> > keycloak-user mailing list > > > > > > > > > > > >> > keycloak-user at lists.jboss.org > > > > > > > > > > > > >> > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > -- > > > Rodrigo Sasaki > > > > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > -- > Rodrigo Sasaki -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From rodrigopsasaki at gmail.com Thu Jul 17 17:36:05 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Thu, 17 Jul 2014 18:36:05 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: <53C8385A.8030400@redhat.com> References: <2008246421.8198022.1405083385278.JavaMail.zimbra@redhat.com> <1494828793.9646510.1405345417189.JavaMail.zimbra@redhat.com> <489963702.11205123.1405517254028.JavaMail.zimbra@redhat.com> <1254963878.11212811.1405517684970.JavaMail.zimbra@redhat.com> <438546910.12158401.1405609875586.JavaMail.zimbra@redhat.com> <53C8385A.8030400@redhat.com> Message-ID: That's perfect :) thanks for the help I'll get started on it as soon as I can On Jul 17, 2014 5:55 PM, "Bill Burke" wrote: > @Path("/admin > public interface Admin { > @Path("realms/{realm}") > Realm realm(@PathParameter("realm") realmName); > } > > public interface Realm { > @GET > @Produces("application/json") > RealmRepresentation get(); > > @DELETE > void delete(); > > @PUT > @Consumes("application/json") > void update(RealmRepresentation rep); > > @Path("users") > Users users(); > } > > public interface Users { > ... > } > > FOllow me? > > Then its just > > ResteasyClient client = new ResteasyClientBuilder().build(); > ResteasyWebTarget target = client.target("http://localhost:8080/auth"); > > String token = ... get a token ... > > target.register(new BearerTokenFilter(token)); // you'd have to implement > this > > Admin admin = target.proxy(Admin.class); > > admin.realm("master") > > That's about as much help I can give you right now. > > > > > On 7/17/2014 11:18 AM, Rodrigo Sasaki wrote: > >> OK, will do. >> >> Is there a way for me to do it like it is there? I'll explain a little >> better >> >> the class *AdminRoot* has the path set to "/admin", and it has a method >> getRealmsAdmin, with "realms" on the path, and on the >> *RealmsAdminResource* there's the getRealmAdmin mapped to "{realm}", >> making the full path for it "/admin/realms/{realm}", even though each >> one is in a different class. >> >> Is there a way for me to do it the same way, I don't know how the Proxy >> framework would understand that, maybe I would have to set the full path >> >> >> On Thu, Jul 17, 2014 at 12:11 PM, Stian Thorgersen > > wrote: >> >> Rodrigo: just create your own interfaces. If you can try to keep >> them as consistent with jax-rs classes in services as you can that >> would be great. >> >> ----- Original Message ----- >> > From: "Stian Thorgersen" > stian at redhat.com>> >> > To: "Rodrigo Sasaki" > >, "Bill Burke" > > >> > Cc: keycloak-user at lists.jboss.org >> >> > Sent: Wednesday, 16 July, 2014 2:34:44 PM >> > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper >> > >> > Bill: does it make sense for us to share interfaces (with jax-rs >> annotations) >> > for services and admin-client? >> > >> > ----- Original Message ----- >> > > From: "Rodrigo Sasaki" > > >> > > To: "Stian Thorgersen" > stian at redhat.com>> >> > > Cc: "Juraci Paix?o Kr?hling" > >, >> > > keycloak-user at lists.jboss.org >> >> > > Sent: Wednesday, 16 July, 2014 2:31:35 PM >> > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper >> > > >> > > I'll get on it for sure. >> > > >> > > Just one thing, should I create myself the interfaces for the >> services? Or >> > > is there a more integrated way to do that? >> > > >> > > >> > > On Wed, Jul 16, 2014 at 10:27 AM, Stian Thorgersen >> > >> > > wrote: >> > > >> > > > Great work with the admin-client. As I commented on GitHub I >> added it to >> > > > 'admin-client' branch, and would like a few changes before >> merging to >> > > > master: >> > > > >> > > > * Make it use RestEasy client framwork >> > > > * Tests - I've added a starting point to >> > > > >> https://github.com/keycloak/keycloak/blob/admin-client/ >> testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ >> AdminClientTest.java >> > > > * Better error handling - instead of swallowing exceptions it >> now throws >> > > > KeycloakException (RuntimeException), but there's HTTP >> response codes are >> > > > not checked (see above test that tries to create two users >> with the same >> > > > username) >> > > > >> > > > If you're happy to do this work that would be awesome! >> > > > >> > > > ----- Original Message ----- >> > > > > From: "Rodrigo Sasaki" > > >> > > > > To: "Stian Thorgersen" > > >> > > > > Cc: "Juraci Paix?o Kr?hling" > >, >> > > > keycloak-user at lists.jboss.org >> >> > > > > Sent: Monday, 14 July, 2014 2:44:48 PM >> > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper >> > > > > >> > > > > Glad to hear it :) >> > > > > >> > > > > I'll be waiting on more replies and ideas to perhaps make >> it better. >> > > > > Thanks! :) >> > > > > >> > > > > >> > > > > On Mon, Jul 14, 2014 at 10:43 AM, Stian Thorgersen >> > >> > > > wrote: >> > > > > >> > > > > > Great stuff, I'll have a look at it soon. At first glance >> it looks >> > > > really >> > > > > > good! >> > > > > > >> > > > > > Thanks :) >> > > > > > >> > > > > > ----- Original Message ----- >> > > > > > > From: "Rodrigo Sasaki" > > >> > > > > > > To: "Stian Thorgersen" > > >> > > > > > > Cc: "Juraci Paix?o Kr?hling" > >, >> > > > > > keycloak-user at lists.jboss.org >> >> > > > > > > Sent: Monday, 14 July, 2014 2:40:17 PM >> > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API >> Wrapper >> > > > > > > >> > > > > > > PR submitted :) >> > > > > > > >> > > > > > > >> > > > > > > On Fri, Jul 11, 2014 at 9:56 AM, Stian Thorgersen >> > > > > > > > >> > > > > > wrote: >> > > > > > > >> > > > > > > > Please change package names to >> 'org.keycloak.admin.client' >> > > > > > > > >> > > > > > > > ----- Original Message ----- >> > > > > > > > > From: "Rodrigo Sasaki" > > >> > > > > > > > > To: "Stian Thorgersen" > > >> > > > > > > > > Cc: "Juraci Paix?o Kr?hling" > >, >> > > > > > > > keycloak-user at lists.jboss.org >> >> > > > > > > > > Sent: Friday, 11 July, 2014 1:51:41 PM >> > > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API >> Wrapper >> > > > > > > > > >> > > > > > > > > Just one more question, I created it with my >> companies' name in >> > > > the >> > > > > > > > > package, should I replace it? Or just upload it as >> is? >> > > > > > > > > >> > > > > > > > > It's br.com.icarros.keycloak.api >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > On Fri, Jul 11, 2014 at 4:13 AM, Stian Thorgersen < >> > > > stian at redhat.com > >> > > > > > > > wrote: >> > > > > > > > > >> > > > > > > > > > You can create a new module for it in: >> > > > > > > > > > >> > > > > > > > > > integration/admin-client >> > > > > > > > > > >> > > > > > > > > > ----- Original Message ----- >> > > > > > > > > > > From: "Rodrigo Sasaki" >> > >> > > > > > > > > > > To: "Stian Thorgersen" > > >> > > > > > > > > > > Cc: "Juraci Paix?o Kr?hling" >> >, >> > > > > > > > > > keycloak-user at lists.jboss.org >> >> > > > > > > > > > > Sent: Thursday, 10 July, 2014 8:50:00 PM >> > > > > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST >> API Wrapper >> > > > > > > > > > > >> > > > > > > > > > > Stian, how should I send the code that I made >> to the >> > > > > > > > > > > Keycloak >> > > > > > repo? >> > > > > > > > > > > >> > > > > > > > > > > Can you tell me what module name to use, and >> where to >> > > > > > > > > > > create >> > > > it? >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, Rodrigo Sasaki < >> > > > > > > > > > rodrigopsasaki at gmail.com >> > >> > > > > > > > > > > wrote: >> > > > > > > > > > > >> > > > > > > > > > > > I would really like to do that :) All I'm >> waiting for is >> > > > an OK >> > > > > > to >> > > > > > > > do >> > > > > > > > > > it, >> > > > > > > > > > > > because it was built inside the company, so I >> need >> > > > approval. >> > > > > > > > > > > > >> > > > > > > > > > > > But I really believe it'll get a lot better >> when it's out >> > > > > > there, >> > > > > > > > and >> > > > > > > > > > you >> > > > > > > > > > > > can all pitch in >> > > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, Stian >> Thorgersen < >> > > > > > stian at redhat.com >> > > > > > > > > >> > > > > > > > > > wrote: >> > > > > > > > > > > > >> > > > > > > > > > > >> Ideal way to contribute it to Keycloak would >> be if you >> > > > fork >> > > > > > the >> > > > > > > > > > Keycloak >> > > > > > > > > > > >> repo, add a module and do a PR ;) >> > > > > > > > > > > >> >> > > > > > > > > > > >> ----- Original Message ----- >> > > > > > > > > > > >> > From: "Rodrigo Sasaki" >> > >> > > > > > > > > > > >> > To: "Juraci Paix?o Kr?hling" >> > >> > > > > > > > > > > >> > Cc: keycloak-user at lists.jboss.org >> >> > > > > > > > > > > >> > Sent: Tuesday, 8 July, 2014 1:50:14 PM >> > > > > > > > > > > >> > Subject: Re: [keycloak-user] Java Keycloak >> REST API >> > > > Wrapper >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > Oh yes, I believe it is already very usable. >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > All I need now is to get my manager to >> agree to make >> > > > this >> > > > > > repo >> > > > > > > > > > public, >> > > > > > > > > > > >> > because there is a policy that all repos >> are private >> > > > > > > > > > > >> > in >> > > > this >> > > > > > > > project >> > > > > > > > > > > >> we're >> > > > > > > > > > > >> > working in, but I don't think we'll have >> problems with >> > > > > > this. I >> > > > > > > > > > pitched >> > > > > > > > > > > >> him >> > > > > > > > > > > >> > the idea of contributing to Keycloak and >> he seemed to >> > > > like >> > > > > > it >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > On Tue, Jul 8, 2014 at 9:32 AM, Juraci >> Paix?o Kr?hling >> > > > > > > > > > > >> > < >> > > > > > > > > > > >> juraci at kroehling.de > juraci at kroehling.de> >> > > > > > > > > > > >> > > wrote: >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > -----BEGIN PGP SIGNED MESSAGE----- >> > > > > > > > > > > >> > Hash: SHA512 >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > Hello Rodrigo, >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > Do you have news about this? I'm working >> on a task >> > > > > > > > > > > >> > that >> > > > > > would >> > > > > > > > > > require >> > > > > > > > > > > >> > me to do something similar, so, I think it >> would best >> > > > if we >> > > > > > can >> > > > > > > > > > > >> > collaborate on this API :-) >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > If/when you have some time, we could have >> a chat via >> > > > > > > > > > > >> > IRC >> > > > > > > > > > (jpkroehling >> > > > > > > > > > > >> > at #keycloak on freenode). >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > - - Juca. >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > On 06/20/2014 10:00 PM, Rodrigo Sasaki >> wrote: >> > > > > > > > > > > >> > > I'm working on a Java-based wrapper for >> the REST >> > > > > > > > > > > >> > > API, >> > > > to >> > > > > > make >> > > > > > > > it >> > > > > > > > > > > >> > > look more OO, abstracting the access to >> servers. >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > > It uses methods such as >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > > User bill = realm.getUser("bburke") >> > > > > > List >> > > > > > > > roles >> > > > > > > > > > > >> > > = >> > > > > > > > > > > >> > > >> bill.getApplicationRoleMappings("customer-portal"); >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > > It's still in it's early stages, but if >> you find it >> > > > > > > > interesting, >> > > > > > > > > > > >> > > I'd be happy to create a repo for other >> Java users >> > > > > > > > > > > >> > > to >> > > > use >> > > > > > it, >> > > > > > > > and >> > > > > > > > > > > >> > > adapt it based on suggestions aswell. >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > -----BEGIN PGP SIGNATURE----- >> > > > > > > > > > > >> > Version: GnuPG v2 >> > > > > > > > > > > >> > Comment: Using GnuPG with Thunderbird - >> > > > > > > > http://www.enigmail.net/ >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > >> > > > > > >> iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d >> > > > > > > > > > > >> > >> > > > > > >> snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA >> > > > > > > > > > > >> > >> > > > > > >> X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z >> > > > > > > > > > > >> > >> > > > > > >> 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 >> > > > > > > > > > > >> > >> > > > > > >> srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp >> > > > > > > > > > > >> > >> > > > > > >> iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= >> > > > > > > > > > > >> > =3O4p >> > > > > > > > > > > >> > -----END PGP SIGNATURE----- >> > > > > > > > > > > >> > >> _______________________________________________ >> > > > > > > > > > > >> > keycloak-user mailing list >> > > > > > > > > > > >> > keycloak-user at lists.jboss.org >> >> > > > > > > > > > > >> > >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > -- >> > > > > > > > > > > >> > Rodrigo Sasaki >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > >> _______________________________________________ >> > > > > > > > > > > >> > keycloak-user mailing list >> > > > > > > > > > > >> > keycloak-user at lists.jboss.org >> >> > > > > > > > > > > >> > >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > > > > > > > > > > >> >> > > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > > -- >> > > > > > > > > > > > Rodrigo Sasaki >> > > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > -- >> > > > > > > > > > > Rodrigo Sasaki >> > > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > -- >> > > > > > > > > Rodrigo Sasaki >> > > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > -- >> > > > > > > Rodrigo Sasaki >> > > > > > > >> > > > > > >> > > > > >> > > > > >> > > > > >> > > > > -- >> > > > > Rodrigo Sasaki >> > > > > >> > > > >> > > >> > > >> > > >> > > -- >> > > Rodrigo Sasaki >> > > >> > >> > _______________________________________________ >> > keycloak-user mailing list >> > keycloak-user at lists.jboss.org > jboss.org> >> > https://lists.jboss.org/mailman/listinfo/keycloak-user >> >> >> >> >> -- >> Rodrigo Sasaki >> > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140717/17893514/attachment-0001.html From stian at redhat.com Fri Jul 18 04:44:06 2014 From: stian at redhat.com (Stian Thorgersen) Date: Fri, 18 Jul 2014 04:44:06 -0400 (EDT) Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: References: <53C562B0.2010302@redhat.com> <53C6D4F1.1000903@redhat.com> Message-ID: <1116450547.12619264.1405673046766.JavaMail.zimbra@redhat.com> We could add support for login_hint query param so you can have the username/email field on the login form pre-filled for the user, so once a user has to authenticate you redirect to login on KC and all they would have to do is enter their password. If you bypass the login forms you'd loose SSO, multi-factor support, required actions, recover password, etc, etc, etc.. As Bill mentioned we provide very flexible login forms that can be templated using either just css or even FreeMarker templates if you need a lot of customization, so you should be able to make the login form integrate well with your website. ----- Original Message ----- > From: "Rodrigo Sasaki" > To: "Bill Burke" > Cc: keycloak-user at lists.jboss.org > Sent: Thursday, 17 July, 2014 6:52:08 PM > Subject: Re: [keycloak-user] Authenticate user without using login page > > You think there could be a way to do this within keycloak itself? > > > On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < rodrigopsasaki at gmail.com > > wrote: > > > > I'll give you an example: > > We have a situation in our website where we only ask for the user's e-mail, > and he can go on with the flow. > > On a determined step of the flow, if we identify that this is an e-mail that > we already have in our user database, we ask him for his password, > authenticate him, and let him go on, if this e-mail is new, we redirect him > to a page where he can register himself, and after that continue on. > > On this specific case and others, we wouldn't like to have to redirect him to > keycloak, because that would interrupt the flow that we designed. > > > On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < bburke at redhat.com > wrote: > > > http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ > userguide/html/direct-access- grants.html > > If you have to do it this way, please let us know why. Maybe we can solve the > issue within keycloak itself. > > > On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: > > > > Just for the sake of conversation, if I did want to handle my own login > page, would there be a way for me to do it? > > > On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki > < rodrigopsasaki at gmail.com > wrote: > > I don't want to miss out on all of that, which is why we're mostly > migrating everything to use keycloak that way. > > It's just that we have cases that are so specific, that it would be > better to authenticate the user in a different manner, create the > user session and everything, without redirecting. > > I'll have a look at that code. Thanks! > > > On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < bburke at redhat.com > > wrote: > > If you want to handle your own login pages, IMO, you are missing > out on > a lot of Keycloak features. Specifically: > > * SSO > * forgot password > * admin forced credential reset/setup > > > Login pages can be styled however you like to look like your > application. > > There is a REST api for obtaining an access token. Here is an > example: > > https://github.com/keycloak/ keycloak/blob/master/examples/ > demo-template/admin-access- app/src/main/java/org/ > keycloak/example/AdminClient. java > > On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: > > Is there a way to authenticate the user without having to > input username > > and password on the login page? > > > > For example: > > > > Say there's a situation in my application where I request the > user for > > his username and password, and I wouldn't like to redirect > that to the > > keycloak login page to authenticate him, would there be a way > for me to > > do that? > > > > -- > > Rodrigo Sasaki > > > > > > ______________________________ _________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > > > https://lists.jboss.org/ mailman/listinfo/keycloak-user > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > ______________________________ _________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > > https://lists.jboss.org/ mailman/listinfo/keycloak-user > > > > > -- > Rodrigo Sasaki > > > > > -- > Rodrigo Sasaki > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > > > -- > Rodrigo Sasaki > > > > -- > Rodrigo Sasaki > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user From rodrigopsasaki at gmail.com Fri Jul 18 12:26:45 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Fri, 18 Jul 2014 13:26:45 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <2008246421.8198022.1405083385278.JavaMail.zimbra@redhat.com> <1494828793.9646510.1405345417189.JavaMail.zimbra@redhat.com> <489963702.11205123.1405517254028.JavaMail.zimbra@redhat.com> <1254963878.11212811.1405517684970.JavaMail.zimbra@redhat.com> <438546910.12158401.1405609875586.JavaMail.zimbra@redhat.com> <53C8385A.8030400@redhat.com> Message-ID: Can you help me with any hint or documentation regarding that BearerTokenFilter implementation? I understand that I have to create it myself, but I don't know what I should create. I tried browsing the web, but with no success.. Perhaps I'm missing the right keyword to find what I need On Thu, Jul 17, 2014 at 6:36 PM, Rodrigo Sasaki wrote: > That's perfect :) thanks for the help > > I'll get started on it as soon as I can > On Jul 17, 2014 5:55 PM, "Bill Burke" wrote: > >> @Path("/admin >> public interface Admin { >> @Path("realms/{realm}") >> Realm realm(@PathParameter("realm") realmName); >> } >> >> public interface Realm { >> @GET >> @Produces("application/json") >> RealmRepresentation get(); >> >> @DELETE >> void delete(); >> >> @PUT >> @Consumes("application/json") >> void update(RealmRepresentation rep); >> >> @Path("users") >> Users users(); >> } >> >> public interface Users { >> ... >> } >> >> FOllow me? >> >> Then its just >> >> ResteasyClient client = new ResteasyClientBuilder().build(); >> ResteasyWebTarget target = client.target("http://localhost:8080/auth"); >> >> String token = ... get a token ... >> >> target.register(new BearerTokenFilter(token)); // you'd have to implement >> this >> >> Admin admin = target.proxy(Admin.class); >> >> admin.realm("master") >> >> That's about as much help I can give you right now. >> >> >> >> >> On 7/17/2014 11:18 AM, Rodrigo Sasaki wrote: >> >>> OK, will do. >>> >>> Is there a way for me to do it like it is there? I'll explain a little >>> better >>> >>> the class *AdminRoot* has the path set to "/admin", and it has a method >>> getRealmsAdmin, with "realms" on the path, and on the >>> *RealmsAdminResource* there's the getRealmAdmin mapped to "{realm}", >>> making the full path for it "/admin/realms/{realm}", even though each >>> one is in a different class. >>> >>> Is there a way for me to do it the same way, I don't know how the Proxy >>> framework would understand that, maybe I would have to set the full path >>> >>> >>> On Thu, Jul 17, 2014 at 12:11 PM, Stian Thorgersen >> > wrote: >>> >>> Rodrigo: just create your own interfaces. If you can try to keep >>> them as consistent with jax-rs classes in services as you can that >>> would be great. >>> >>> ----- Original Message ----- >>> > From: "Stian Thorgersen" >> stian at redhat.com>> >>> > To: "Rodrigo Sasaki" >> >, "Bill Burke" >> > >>> > Cc: keycloak-user at lists.jboss.org >>> >>> > Sent: Wednesday, 16 July, 2014 2:34:44 PM >>> > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper >>> > >>> > Bill: does it make sense for us to share interfaces (with jax-rs >>> annotations) >>> > for services and admin-client? >>> > >>> > ----- Original Message ----- >>> > > From: "Rodrigo Sasaki" >> > >>> > > To: "Stian Thorgersen" >> stian at redhat.com>> >>> > > Cc: "Juraci Paix?o Kr?hling" >> >, >>> > > keycloak-user at lists.jboss.org >>> >>> > > Sent: Wednesday, 16 July, 2014 2:31:35 PM >>> > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper >>> > > >>> > > I'll get on it for sure. >>> > > >>> > > Just one thing, should I create myself the interfaces for the >>> services? Or >>> > > is there a more integrated way to do that? >>> > > >>> > > >>> > > On Wed, Jul 16, 2014 at 10:27 AM, Stian Thorgersen >>> > >>> > > wrote: >>> > > >>> > > > Great work with the admin-client. As I commented on GitHub I >>> added it to >>> > > > 'admin-client' branch, and would like a few changes before >>> merging to >>> > > > master: >>> > > > >>> > > > * Make it use RestEasy client framwork >>> > > > * Tests - I've added a starting point to >>> > > > >>> https://github.com/keycloak/keycloak/blob/admin-client/ >>> testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ >>> AdminClientTest.java >>> > > > * Better error handling - instead of swallowing exceptions it >>> now throws >>> > > > KeycloakException (RuntimeException), but there's HTTP >>> response codes are >>> > > > not checked (see above test that tries to create two users >>> with the same >>> > > > username) >>> > > > >>> > > > If you're happy to do this work that would be awesome! >>> > > > >>> > > > ----- Original Message ----- >>> > > > > From: "Rodrigo Sasaki" >> > >>> > > > > To: "Stian Thorgersen" >> > >>> > > > > Cc: "Juraci Paix?o Kr?hling" >> >, >>> > > > keycloak-user at lists.jboss.org >>> >>> > > > > Sent: Monday, 14 July, 2014 2:44:48 PM >>> > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper >>> > > > > >>> > > > > Glad to hear it :) >>> > > > > >>> > > > > I'll be waiting on more replies and ideas to perhaps make >>> it better. >>> > > > > Thanks! :) >>> > > > > >>> > > > > >>> > > > > On Mon, Jul 14, 2014 at 10:43 AM, Stian Thorgersen >>> > >>> > > > wrote: >>> > > > > >>> > > > > > Great stuff, I'll have a look at it soon. At first glance >>> it looks >>> > > > really >>> > > > > > good! >>> > > > > > >>> > > > > > Thanks :) >>> > > > > > >>> > > > > > ----- Original Message ----- >>> > > > > > > From: "Rodrigo Sasaki" >> > >>> > > > > > > To: "Stian Thorgersen" >> > >>> > > > > > > Cc: "Juraci Paix?o Kr?hling" >> >, >>> > > > > > keycloak-user at lists.jboss.org >>> >>> > > > > > > Sent: Monday, 14 July, 2014 2:40:17 PM >>> > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API >>> Wrapper >>> > > > > > > >>> > > > > > > PR submitted :) >>> > > > > > > >>> > > > > > > >>> > > > > > > On Fri, Jul 11, 2014 at 9:56 AM, Stian Thorgersen >>> > > > > > > > >>> > > > > > wrote: >>> > > > > > > >>> > > > > > > > Please change package names to >>> 'org.keycloak.admin.client' >>> > > > > > > > >>> > > > > > > > ----- Original Message ----- >>> > > > > > > > > From: "Rodrigo Sasaki" >> > >>> > > > > > > > > To: "Stian Thorgersen" >> > >>> > > > > > > > > Cc: "Juraci Paix?o Kr?hling" >> >, >>> > > > > > > > keycloak-user at lists.jboss.org >>> >>> > > > > > > > > Sent: Friday, 11 July, 2014 1:51:41 PM >>> > > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API >>> Wrapper >>> > > > > > > > > >>> > > > > > > > > Just one more question, I created it with my >>> companies' name in >>> > > > the >>> > > > > > > > > package, should I replace it? Or just upload it as >>> is? >>> > > > > > > > > >>> > > > > > > > > It's br.com.icarros.keycloak.api >>> > > > > > > > > >>> > > > > > > > > >>> > > > > > > > > >>> > > > > > > > > >>> > > > > > > > > On Fri, Jul 11, 2014 at 4:13 AM, Stian Thorgersen < >>> > > > stian at redhat.com > >>> > > > > > > > wrote: >>> > > > > > > > > >>> > > > > > > > > > You can create a new module for it in: >>> > > > > > > > > > >>> > > > > > > > > > integration/admin-client >>> > > > > > > > > > >>> > > > > > > > > > ----- Original Message ----- >>> > > > > > > > > > > From: "Rodrigo Sasaki" >>> > >>> > > > > > > > > > > To: "Stian Thorgersen" >> > >>> > > > > > > > > > > Cc: "Juraci Paix?o Kr?hling" >>> >, >>> > > > > > > > > > keycloak-user at lists.jboss.org >>> >>> > > > > > > > > > > Sent: Thursday, 10 July, 2014 8:50:00 PM >>> > > > > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST >>> API Wrapper >>> > > > > > > > > > > >>> > > > > > > > > > > Stian, how should I send the code that I made >>> to the >>> > > > > > > > > > > Keycloak >>> > > > > > repo? >>> > > > > > > > > > > >>> > > > > > > > > > > Can you tell me what module name to use, and >>> where to >>> > > > > > > > > > > create >>> > > > it? >>> > > > > > > > > > > >>> > > > > > > > > > > >>> > > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, Rodrigo Sasaki >>> < >>> > > > > > > > > > rodrigopsasaki at gmail.com >>> > >>> > > > > > > > > > > wrote: >>> > > > > > > > > > > >>> > > > > > > > > > > > I would really like to do that :) All I'm >>> waiting for is >>> > > > an OK >>> > > > > > to >>> > > > > > > > do >>> > > > > > > > > > it, >>> > > > > > > > > > > > because it was built inside the company, so I >>> need >>> > > > approval. >>> > > > > > > > > > > > >>> > > > > > > > > > > > But I really believe it'll get a lot better >>> when it's out >>> > > > > > there, >>> > > > > > > > and >>> > > > > > > > > > you >>> > > > > > > > > > > > can all pitch in >>> > > > > > > > > > > > >>> > > > > > > > > > > > >>> > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, Stian >>> Thorgersen < >>> > > > > > stian at redhat.com >>> > > > > > > > > >>> > > > > > > > > > wrote: >>> > > > > > > > > > > > >>> > > > > > > > > > > >> Ideal way to contribute it to Keycloak would >>> be if you >>> > > > fork >>> > > > > > the >>> > > > > > > > > > Keycloak >>> > > > > > > > > > > >> repo, add a module and do a PR ;) >>> > > > > > > > > > > >> >>> > > > > > > > > > > >> ----- Original Message ----- >>> > > > > > > > > > > >> > From: "Rodrigo Sasaki" >>> > >>> > > > > > > > > > > >> > To: "Juraci Paix?o Kr?hling" >>> > >>> > > > > > > > > > > >> > Cc: keycloak-user at lists.jboss.org >>> >>> > > > > > > > > > > >> > Sent: Tuesday, 8 July, 2014 1:50:14 PM >>> > > > > > > > > > > >> > Subject: Re: [keycloak-user] Java Keycloak >>> REST API >>> > > > Wrapper >>> > > > > > > > > > > >> > >>> > > > > > > > > > > >> > Oh yes, I believe it is already very >>> usable. >>> > > > > > > > > > > >> > >>> > > > > > > > > > > >> > All I need now is to get my manager to >>> agree to make >>> > > > this >>> > > > > > repo >>> > > > > > > > > > public, >>> > > > > > > > > > > >> > because there is a policy that all repos >>> are private >>> > > > > > > > > > > >> > in >>> > > > this >>> > > > > > > > project >>> > > > > > > > > > > >> we're >>> > > > > > > > > > > >> > working in, but I don't think we'll have >>> problems with >>> > > > > > this. I >>> > > > > > > > > > pitched >>> > > > > > > > > > > >> him >>> > > > > > > > > > > >> > the idea of contributing to Keycloak and >>> he seemed to >>> > > > like >>> > > > > > it >>> > > > > > > > > > > >> > >>> > > > > > > > > > > >> > >>> > > > > > > > > > > >> > On Tue, Jul 8, 2014 at 9:32 AM, Juraci >>> Paix?o Kr?hling >>> > > > > > > > > > > >> > < >>> > > > > > > > > > > >> juraci at kroehling.de >> juraci at kroehling.de> >>> > > > > > > > > > > >> > > wrote: >>> > > > > > > > > > > >> > >>> > > > > > > > > > > >> > >>> > > > > > > > > > > >> > -----BEGIN PGP SIGNED MESSAGE----- >>> > > > > > > > > > > >> > Hash: SHA512 >>> > > > > > > > > > > >> > >>> > > > > > > > > > > >> > Hello Rodrigo, >>> > > > > > > > > > > >> > >>> > > > > > > > > > > >> > Do you have news about this? I'm working >>> on a task >>> > > > > > > > > > > >> > that >>> > > > > > would >>> > > > > > > > > > require >>> > > > > > > > > > > >> > me to do something similar, so, I think it >>> would best >>> > > > if we >>> > > > > > can >>> > > > > > > > > > > >> > collaborate on this API :-) >>> > > > > > > > > > > >> > >>> > > > > > > > > > > >> > If/when you have some time, we could have >>> a chat via >>> > > > > > > > > > > >> > IRC >>> > > > > > > > > > (jpkroehling >>> > > > > > > > > > > >> > at #keycloak on freenode). >>> > > > > > > > > > > >> > >>> > > > > > > > > > > >> > - - Juca. >>> > > > > > > > > > > >> > >>> > > > > > > > > > > >> > On 06/20/2014 10:00 PM, Rodrigo Sasaki >>> wrote: >>> > > > > > > > > > > >> > > I'm working on a Java-based wrapper for >>> the REST >>> > > > > > > > > > > >> > > API, >>> > > > to >>> > > > > > make >>> > > > > > > > it >>> > > > > > > > > > > >> > > look more OO, abstracting the access to >>> servers. >>> > > > > > > > > > > >> > > >>> > > > > > > > > > > >> > > It uses methods such as >>> > > > > > > > > > > >> > > >>> > > > > > > > > > > >> > > User bill = realm.getUser("bburke") >>> > > > > > List >>> > > > > > > > roles >>> > > > > > > > > > > >> > > = >>> > > > > > > > > > > >> > > >>> bill.getApplicationRoleMappings("customer-portal"); >>> > > > > > > > > > > >> > > >>> > > > > > > > > > > >> > > It's still in it's early stages, but if >>> you find it >>> > > > > > > > interesting, >>> > > > > > > > > > > >> > > I'd be happy to create a repo for other >>> Java users >>> > > > > > > > > > > >> > > to >>> > > > use >>> > > > > > it, >>> > > > > > > > and >>> > > > > > > > > > > >> > > adapt it based on suggestions aswell. >>> > > > > > > > > > > >> > >>> > > > > > > > > > > >> > -----BEGIN PGP SIGNATURE----- >>> > > > > > > > > > > >> > Version: GnuPG v2 >>> > > > > > > > > > > >> > Comment: Using GnuPG with Thunderbird - >>> > > > > > > > http://www.enigmail.net/ >>> > > > > > > > > > > >> > >>> > > > > > > > > > > >> > >>> > > > > > >>> iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d >>> > > > > > > > > > > >> > >>> > > > > > >>> snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA >>> > > > > > > > > > > >> > >>> > > > > > >>> X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z >>> > > > > > > > > > > >> > >>> > > > > > >>> 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 >>> > > > > > > > > > > >> > >>> > > > > > >>> srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp >>> > > > > > > > > > > >> > >>> > > > > > >>> iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= >>> > > > > > > > > > > >> > =3O4p >>> > > > > > > > > > > >> > -----END PGP SIGNATURE----- >>> > > > > > > > > > > >> > >>> _______________________________________________ >>> > > > > > > > > > > >> > keycloak-user mailing list >>> > > > > > > > > > > >> > keycloak-user at lists.jboss.org >>> >>> > > > > > > > > > > >> > >>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> > > > > > > > > > > >> > >>> > > > > > > > > > > >> > >>> > > > > > > > > > > >> > >>> > > > > > > > > > > >> > -- >>> > > > > > > > > > > >> > Rodrigo Sasaki >>> > > > > > > > > > > >> > >>> > > > > > > > > > > >> > >>> _______________________________________________ >>> > > > > > > > > > > >> > keycloak-user mailing list >>> > > > > > > > > > > >> > keycloak-user at lists.jboss.org >>> >>> > > > > > > > > > > >> > >>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> > > > > > > > > > > >> >>> > > > > > > > > > > > >>> > > > > > > > > > > > >>> > > > > > > > > > > > >>> > > > > > > > > > > > -- >>> > > > > > > > > > > > Rodrigo Sasaki >>> > > > > > > > > > > > >>> > > > > > > > > > > >>> > > > > > > > > > > >>> > > > > > > > > > > >>> > > > > > > > > > > -- >>> > > > > > > > > > > Rodrigo Sasaki >>> > > > > > > > > > > >>> > > > > > > > > > >>> > > > > > > > > >>> > > > > > > > > >>> > > > > > > > > >>> > > > > > > > > -- >>> > > > > > > > > Rodrigo Sasaki >>> > > > > > > > > >>> > > > > > > > >>> > > > > > > >>> > > > > > > >>> > > > > > > >>> > > > > > > -- >>> > > > > > > Rodrigo Sasaki >>> > > > > > > >>> > > > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > -- >>> > > > > Rodrigo Sasaki >>> > > > > >>> > > > >>> > > >>> > > >>> > > >>> > > -- >>> > > Rodrigo Sasaki >>> > > >>> > >>> > _______________________________________________ >>> > keycloak-user mailing list >>> > keycloak-user at lists.jboss.org >> jboss.org> >>> > https://lists.jboss.org/mailman/listinfo/keycloak-user >>> >>> >>> >>> >>> -- >>> Rodrigo Sasaki >>> >> >> -- >> Bill Burke >> JBoss, a division of Red Hat >> http://bill.burkecentral.com >> > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140718/c252f834/attachment-0001.html From rodrigopsasaki at gmail.com Fri Jul 18 12:36:36 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Fri, 18 Jul 2014 13:36:36 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <2008246421.8198022.1405083385278.JavaMail.zimbra@redhat.com> <1494828793.9646510.1405345417189.JavaMail.zimbra@redhat.com> <489963702.11205123.1405517254028.JavaMail.zimbra@redhat.com> <1254963878.11212811.1405517684970.JavaMail.zimbra@redhat.com> <438546910.12158401.1405609875586.JavaMail.zimbra@redhat.com> <53C8385A.8030400@redhat.com> Message-ID: Nevermind, I found it. I just had to implement javax.ws.rs.client.ClientRequestFilter On Fri, Jul 18, 2014 at 1:26 PM, Rodrigo Sasaki wrote: > Can you help me with any hint or documentation regarding that > BearerTokenFilter implementation? > > I understand that I have to create it myself, but I don't know what I > should create. I tried browsing the web, but with no success.. Perhaps I'm > missing the right keyword to find what I need > > > On Thu, Jul 17, 2014 at 6:36 PM, Rodrigo Sasaki > wrote: > >> That's perfect :) thanks for the help >> >> I'll get started on it as soon as I can >> On Jul 17, 2014 5:55 PM, "Bill Burke" wrote: >> >>> @Path("/admin >>> public interface Admin { >>> @Path("realms/{realm}") >>> Realm realm(@PathParameter("realm") realmName); >>> } >>> >>> public interface Realm { >>> @GET >>> @Produces("application/json") >>> RealmRepresentation get(); >>> >>> @DELETE >>> void delete(); >>> >>> @PUT >>> @Consumes("application/json") >>> void update(RealmRepresentation rep); >>> >>> @Path("users") >>> Users users(); >>> } >>> >>> public interface Users { >>> ... >>> } >>> >>> FOllow me? >>> >>> Then its just >>> >>> ResteasyClient client = new ResteasyClientBuilder().build(); >>> ResteasyWebTarget target = client.target("http://localhost:8080/auth"); >>> >>> String token = ... get a token ... >>> >>> target.register(new BearerTokenFilter(token)); // you'd have to >>> implement this >>> >>> Admin admin = target.proxy(Admin.class); >>> >>> admin.realm("master") >>> >>> That's about as much help I can give you right now. >>> >>> >>> >>> >>> On 7/17/2014 11:18 AM, Rodrigo Sasaki wrote: >>> >>>> OK, will do. >>>> >>>> Is there a way for me to do it like it is there? I'll explain a little >>>> better >>>> >>>> the class *AdminRoot* has the path set to "/admin", and it has a method >>>> getRealmsAdmin, with "realms" on the path, and on the >>>> *RealmsAdminResource* there's the getRealmAdmin mapped to "{realm}", >>>> making the full path for it "/admin/realms/{realm}", even though each >>>> one is in a different class. >>>> >>>> Is there a way for me to do it the same way, I don't know how the Proxy >>>> framework would understand that, maybe I would have to set the full path >>>> >>>> >>>> On Thu, Jul 17, 2014 at 12:11 PM, Stian Thorgersen >>> > wrote: >>>> >>>> Rodrigo: just create your own interfaces. If you can try to keep >>>> them as consistent with jax-rs classes in services as you can that >>>> would be great. >>>> >>>> ----- Original Message ----- >>>> > From: "Stian Thorgersen" >>> stian at redhat.com>> >>>> > To: "Rodrigo Sasaki" >>> >, "Bill Burke" >>> > >>>> > Cc: keycloak-user at lists.jboss.org >>>> >>>> > Sent: Wednesday, 16 July, 2014 2:34:44 PM >>>> > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper >>>> > >>>> > Bill: does it make sense for us to share interfaces (with jax-rs >>>> annotations) >>>> > for services and admin-client? >>>> > >>>> > ----- Original Message ----- >>>> > > From: "Rodrigo Sasaki" >>> > >>>> > > To: "Stian Thorgersen" >>> stian at redhat.com>> >>>> > > Cc: "Juraci Paix?o Kr?hling" >>> >, >>>> > > keycloak-user at lists.jboss.org >>>> >>>> > > Sent: Wednesday, 16 July, 2014 2:31:35 PM >>>> > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper >>>> > > >>>> > > I'll get on it for sure. >>>> > > >>>> > > Just one thing, should I create myself the interfaces for the >>>> services? Or >>>> > > is there a more integrated way to do that? >>>> > > >>>> > > >>>> > > On Wed, Jul 16, 2014 at 10:27 AM, Stian Thorgersen >>>> > >>>> > > wrote: >>>> > > >>>> > > > Great work with the admin-client. As I commented on GitHub I >>>> added it to >>>> > > > 'admin-client' branch, and would like a few changes before >>>> merging to >>>> > > > master: >>>> > > > >>>> > > > * Make it use RestEasy client framwork >>>> > > > * Tests - I've added a starting point to >>>> > > > >>>> https://github.com/keycloak/keycloak/blob/admin-client/ >>>> testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ >>>> AdminClientTest.java >>>> > > > * Better error handling - instead of swallowing exceptions it >>>> now throws >>>> > > > KeycloakException (RuntimeException), but there's HTTP >>>> response codes are >>>> > > > not checked (see above test that tries to create two users >>>> with the same >>>> > > > username) >>>> > > > >>>> > > > If you're happy to do this work that would be awesome! >>>> > > > >>>> > > > ----- Original Message ----- >>>> > > > > From: "Rodrigo Sasaki" >>> > >>>> > > > > To: "Stian Thorgersen" >>> > >>>> > > > > Cc: "Juraci Paix?o Kr?hling" >>> >, >>>> > > > keycloak-user at lists.jboss.org >>>> >>>> > > > > Sent: Monday, 14 July, 2014 2:44:48 PM >>>> > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper >>>> > > > > >>>> > > > > Glad to hear it :) >>>> > > > > >>>> > > > > I'll be waiting on more replies and ideas to perhaps make >>>> it better. >>>> > > > > Thanks! :) >>>> > > > > >>>> > > > > >>>> > > > > On Mon, Jul 14, 2014 at 10:43 AM, Stian Thorgersen >>>> > >>>> > > > wrote: >>>> > > > > >>>> > > > > > Great stuff, I'll have a look at it soon. At first glance >>>> it looks >>>> > > > really >>>> > > > > > good! >>>> > > > > > >>>> > > > > > Thanks :) >>>> > > > > > >>>> > > > > > ----- Original Message ----- >>>> > > > > > > From: "Rodrigo Sasaki" >>> > >>>> > > > > > > To: "Stian Thorgersen" >>> > >>>> > > > > > > Cc: "Juraci Paix?o Kr?hling" >>> >, >>>> > > > > > keycloak-user at lists.jboss.org >>>> >>>> > > > > > > Sent: Monday, 14 July, 2014 2:40:17 PM >>>> > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API >>>> Wrapper >>>> > > > > > > >>>> > > > > > > PR submitted :) >>>> > > > > > > >>>> > > > > > > >>>> > > > > > > On Fri, Jul 11, 2014 at 9:56 AM, Stian Thorgersen >>>> > > > > > > > >>>> > > > > > wrote: >>>> > > > > > > >>>> > > > > > > > Please change package names to >>>> 'org.keycloak.admin.client' >>>> > > > > > > > >>>> > > > > > > > ----- Original Message ----- >>>> > > > > > > > > From: "Rodrigo Sasaki" >>> > >>>> > > > > > > > > To: "Stian Thorgersen" >>> > >>>> > > > > > > > > Cc: "Juraci Paix?o Kr?hling" >>> >, >>>> > > > > > > > keycloak-user at lists.jboss.org >>>> >>>> > > > > > > > > Sent: Friday, 11 July, 2014 1:51:41 PM >>>> > > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST API >>>> Wrapper >>>> > > > > > > > > >>>> > > > > > > > > Just one more question, I created it with my >>>> companies' name in >>>> > > > the >>>> > > > > > > > > package, should I replace it? Or just upload it as >>>> is? >>>> > > > > > > > > >>>> > > > > > > > > It's br.com.icarros.keycloak.api >>>> > > > > > > > > >>>> > > > > > > > > >>>> > > > > > > > > >>>> > > > > > > > > >>>> > > > > > > > > On Fri, Jul 11, 2014 at 4:13 AM, Stian Thorgersen < >>>> > > > stian at redhat.com > >>>> > > > > > > > wrote: >>>> > > > > > > > > >>>> > > > > > > > > > You can create a new module for it in: >>>> > > > > > > > > > >>>> > > > > > > > > > integration/admin-client >>>> > > > > > > > > > >>>> > > > > > > > > > ----- Original Message ----- >>>> > > > > > > > > > > From: "Rodrigo Sasaki" >>>> > >>>> > > > > > > > > > > To: "Stian Thorgersen" >>> > >>>> > > > > > > > > > > Cc: "Juraci Paix?o Kr?hling" >>>> >, >>>> > > > > > > > > > keycloak-user at lists.jboss.org >>>> >>>> > > > > > > > > > > Sent: Thursday, 10 July, 2014 8:50:00 PM >>>> > > > > > > > > > > Subject: Re: [keycloak-user] Java Keycloak REST >>>> API Wrapper >>>> > > > > > > > > > > >>>> > > > > > > > > > > Stian, how should I send the code that I made >>>> to the >>>> > > > > > > > > > > Keycloak >>>> > > > > > repo? >>>> > > > > > > > > > > >>>> > > > > > > > > > > Can you tell me what module name to use, and >>>> where to >>>> > > > > > > > > > > create >>>> > > > it? >>>> > > > > > > > > > > >>>> > > > > > > > > > > >>>> > > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, Rodrigo >>>> Sasaki < >>>> > > > > > > > > > rodrigopsasaki at gmail.com >>>> > >>>> > > > > > > > > > > wrote: >>>> > > > > > > > > > > >>>> > > > > > > > > > > > I would really like to do that :) All I'm >>>> waiting for is >>>> > > > an OK >>>> > > > > > to >>>> > > > > > > > do >>>> > > > > > > > > > it, >>>> > > > > > > > > > > > because it was built inside the company, so I >>>> need >>>> > > > approval. >>>> > > > > > > > > > > > >>>> > > > > > > > > > > > But I really believe it'll get a lot better >>>> when it's out >>>> > > > > > there, >>>> > > > > > > > and >>>> > > > > > > > > > you >>>> > > > > > > > > > > > can all pitch in >>>> > > > > > > > > > > > >>>> > > > > > > > > > > > >>>> > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, Stian >>>> Thorgersen < >>>> > > > > > stian at redhat.com >>>> > > > > > > > > >>>> > > > > > > > > > wrote: >>>> > > > > > > > > > > > >>>> > > > > > > > > > > >> Ideal way to contribute it to Keycloak would >>>> be if you >>>> > > > fork >>>> > > > > > the >>>> > > > > > > > > > Keycloak >>>> > > > > > > > > > > >> repo, add a module and do a PR ;) >>>> > > > > > > > > > > >> >>>> > > > > > > > > > > >> ----- Original Message ----- >>>> > > > > > > > > > > >> > From: "Rodrigo Sasaki" >>>> > >>>> > > > > > > > > > > >> > To: "Juraci Paix?o Kr?hling" >>>> > >>>> > > > > > > > > > > >> > Cc: keycloak-user at lists.jboss.org >>>> >>>> > > > > > > > > > > >> > Sent: Tuesday, 8 July, 2014 1:50:14 PM >>>> > > > > > > > > > > >> > Subject: Re: [keycloak-user] Java Keycloak >>>> REST API >>>> > > > Wrapper >>>> > > > > > > > > > > >> > >>>> > > > > > > > > > > >> > Oh yes, I believe it is already very >>>> usable. >>>> > > > > > > > > > > >> > >>>> > > > > > > > > > > >> > All I need now is to get my manager to >>>> agree to make >>>> > > > this >>>> > > > > > repo >>>> > > > > > > > > > public, >>>> > > > > > > > > > > >> > because there is a policy that all repos >>>> are private >>>> > > > > > > > > > > >> > in >>>> > > > this >>>> > > > > > > > project >>>> > > > > > > > > > > >> we're >>>> > > > > > > > > > > >> > working in, but I don't think we'll have >>>> problems with >>>> > > > > > this. I >>>> > > > > > > > > > pitched >>>> > > > > > > > > > > >> him >>>> > > > > > > > > > > >> > the idea of contributing to Keycloak and >>>> he seemed to >>>> > > > like >>>> > > > > > it >>>> > > > > > > > > > > >> > >>>> > > > > > > > > > > >> > >>>> > > > > > > > > > > >> > On Tue, Jul 8, 2014 at 9:32 AM, Juraci >>>> Paix?o Kr?hling >>>> > > > > > > > > > > >> > < >>>> > > > > > > > > > > >> juraci at kroehling.de >>> juraci at kroehling.de> >>>> > > > > > > > > > > >> > > wrote: >>>> > > > > > > > > > > >> > >>>> > > > > > > > > > > >> > >>>> > > > > > > > > > > >> > -----BEGIN PGP SIGNED MESSAGE----- >>>> > > > > > > > > > > >> > Hash: SHA512 >>>> > > > > > > > > > > >> > >>>> > > > > > > > > > > >> > Hello Rodrigo, >>>> > > > > > > > > > > >> > >>>> > > > > > > > > > > >> > Do you have news about this? I'm working >>>> on a task >>>> > > > > > > > > > > >> > that >>>> > > > > > would >>>> > > > > > > > > > require >>>> > > > > > > > > > > >> > me to do something similar, so, I think it >>>> would best >>>> > > > if we >>>> > > > > > can >>>> > > > > > > > > > > >> > collaborate on this API :-) >>>> > > > > > > > > > > >> > >>>> > > > > > > > > > > >> > If/when you have some time, we could have >>>> a chat via >>>> > > > > > > > > > > >> > IRC >>>> > > > > > > > > > (jpkroehling >>>> > > > > > > > > > > >> > at #keycloak on freenode). >>>> > > > > > > > > > > >> > >>>> > > > > > > > > > > >> > - - Juca. >>>> > > > > > > > > > > >> > >>>> > > > > > > > > > > >> > On 06/20/2014 10:00 PM, Rodrigo Sasaki >>>> wrote: >>>> > > > > > > > > > > >> > > I'm working on a Java-based wrapper for >>>> the REST >>>> > > > > > > > > > > >> > > API, >>>> > > > to >>>> > > > > > make >>>> > > > > > > > it >>>> > > > > > > > > > > >> > > look more OO, abstracting the access to >>>> servers. >>>> > > > > > > > > > > >> > > >>>> > > > > > > > > > > >> > > It uses methods such as >>>> > > > > > > > > > > >> > > >>>> > > > > > > > > > > >> > > User bill = realm.getUser("bburke") >>>> > > > > > List >>>> > > > > > > > roles >>>> > > > > > > > > > > >> > > = >>>> > > > > > > > > > > >> > > >>>> bill.getApplicationRoleMappings("customer-portal"); >>>> > > > > > > > > > > >> > > >>>> > > > > > > > > > > >> > > It's still in it's early stages, but if >>>> you find it >>>> > > > > > > > interesting, >>>> > > > > > > > > > > >> > > I'd be happy to create a repo for other >>>> Java users >>>> > > > > > > > > > > >> > > to >>>> > > > use >>>> > > > > > it, >>>> > > > > > > > and >>>> > > > > > > > > > > >> > > adapt it based on suggestions aswell. >>>> > > > > > > > > > > >> > >>>> > > > > > > > > > > >> > -----BEGIN PGP SIGNATURE----- >>>> > > > > > > > > > > >> > Version: GnuPG v2 >>>> > > > > > > > > > > >> > Comment: Using GnuPG with Thunderbird - >>>> > > > > > > > http://www.enigmail.net/ >>>> > > > > > > > > > > >> > >>>> > > > > > > > > > > >> > >>>> > > > > > >>>> iQEcBAEBCgAGBQJTu+ThAAoJEDnJtskdmzLM4PcH/jShu9J6nnV92HqSyqyy4y7d >>>> > > > > > > > > > > >> > >>>> > > > > > >>>> snhFqt4G+aqyhdH4iiOUbV36Zb07fPnO5w7s9vcr79YLGjuAWaODIzU1D1yZxbyA >>>> > > > > > > > > > > >> > >>>> > > > > > >>>> X4e3y5ClCSZMefHGSXoCOs7U+cVuCAUivCXBhe+hIb4pM/2krlhaS+ai3I2Ur43Z >>>> > > > > > > > > > > >> > >>>> > > > > > >>>> 5uzPS+pz983y2i1UGkhJBzqv8MVabNPq3vC+LX2bK9vEmd4Qiz0LdC9jwP23DZY9 >>>> > > > > > > > > > > >> > >>>> > > > > > >>>> srdtReO5uC0/HjtfzrNP+ErY1WpIEFAuHW5abtL7HHwvdZYNgYUIj6f8w8oGGLMp >>>> > > > > > > > > > > >> > >>>> > > > > > >>>> iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk2anqeUu5qcvCaPyMQA8edvgctc4a2jbJc= >>>> > > > > > > > > > > >> > =3O4p >>>> > > > > > > > > > > >> > -----END PGP SIGNATURE----- >>>> > > > > > > > > > > >> > >>>> _______________________________________________ >>>> > > > > > > > > > > >> > keycloak-user mailing list >>>> > > > > > > > > > > >> > keycloak-user at lists.jboss.org >>>> >>>> > > > > > > > > > > >> > >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>> > > > > > > > > > > >> > >>>> > > > > > > > > > > >> > >>>> > > > > > > > > > > >> > >>>> > > > > > > > > > > >> > -- >>>> > > > > > > > > > > >> > Rodrigo Sasaki >>>> > > > > > > > > > > >> > >>>> > > > > > > > > > > >> > >>>> _______________________________________________ >>>> > > > > > > > > > > >> > keycloak-user mailing list >>>> > > > > > > > > > > >> > keycloak-user at lists.jboss.org >>>> >>>> > > > > > > > > > > >> > >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>> > > > > > > > > > > >> >>>> > > > > > > > > > > > >>>> > > > > > > > > > > > >>>> > > > > > > > > > > > >>>> > > > > > > > > > > > -- >>>> > > > > > > > > > > > Rodrigo Sasaki >>>> > > > > > > > > > > > >>>> > > > > > > > > > > >>>> > > > > > > > > > > >>>> > > > > > > > > > > >>>> > > > > > > > > > > -- >>>> > > > > > > > > > > Rodrigo Sasaki >>>> > > > > > > > > > > >>>> > > > > > > > > > >>>> > > > > > > > > >>>> > > > > > > > > >>>> > > > > > > > > >>>> > > > > > > > > -- >>>> > > > > > > > > Rodrigo Sasaki >>>> > > > > > > > > >>>> > > > > > > > >>>> > > > > > > >>>> > > > > > > >>>> > > > > > > >>>> > > > > > > -- >>>> > > > > > > Rodrigo Sasaki >>>> > > > > > > >>>> > > > > > >>>> > > > > >>>> > > > > >>>> > > > > >>>> > > > > -- >>>> > > > > Rodrigo Sasaki >>>> > > > > >>>> > > > >>>> > > >>>> > > >>>> > > >>>> > > -- >>>> > > Rodrigo Sasaki >>>> > > >>>> > >>>> > _______________________________________________ >>>> > keycloak-user mailing list >>>> > keycloak-user at lists.jboss.org >>> jboss.org> >>>> > https://lists.jboss.org/mailman/listinfo/keycloak-user >>>> >>>> >>>> >>>> >>>> -- >>>> Rodrigo Sasaki >>>> >>> >>> -- >>> Bill Burke >>> JBoss, a division of Red Hat >>> http://bill.burkecentral.com >>> >> > > > -- > Rodrigo Sasaki > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140718/c8291f6d/attachment-0001.html From bburke at redhat.com Fri Jul 18 12:37:08 2014 From: bburke at redhat.com (Bill Burke) Date: Fri, 18 Jul 2014 12:37:08 -0400 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <2008246421.8198022.1405083385278.JavaMail.zimbra@redhat.com> <1494828793.9646510.1405345417189.JavaMail.zimbra@redhat.com> <489963702.11205123.1405517254028.JavaMail.zimbra@redhat.com> <1254963878.11212811.1405517684970.JavaMail.zimbra@redhat.com> <438546910.12158401.1405609875586.JavaMail.zimbra@redhat.com> <53C8385A.8030400@redhat.com> Message-ID: <53C94D34.70307@redhat.com> String token = getToken(); final String authHeader = "Bearer " + token; ClientRequestFilter authFilter = new ClientRequestFilter() { @Override public void filter(ClientRequestContext requestContext) throws IOException { requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, authHeader); } }; ResteasyWebTarget target = client.target("http://localhost:8080/auth"); target.register(authFilter); Admin admin = target.proxy(Admin.class); On 7/18/2014 12:26 PM, Rodrigo Sasaki wrote: > Can you help me with any hint or documentation regarding that > BearerTokenFilter implementation? > > I understand that I have to create it myself, but I don't know what I > should create. I tried browsing the web, but with no success.. Perhaps > I'm missing the right keyword to find what I need > > > On Thu, Jul 17, 2014 at 6:36 PM, Rodrigo Sasaki > > wrote: > > That's perfect :) thanks for the help > > I'll get started on it as soon as I can > > On Jul 17, 2014 5:55 PM, "Bill Burke" > wrote: > > @Path("/admin > public interface Admin { > @Path("realms/{realm}") > Realm realm(@PathParameter("realm") realmName); > } > > public interface Realm { > @GET > @Produces("application/json") > RealmRepresentation get(); > > @DELETE > void delete(); > > @PUT > @Consumes("application/json") > void update(RealmRepresentation rep); > > @Path("users") > Users users(); > } > > public interface Users { > ... > } > > FOllow me? > > Then its just > > ResteasyClient client = new ResteasyClientBuilder().build(__); > ResteasyWebTarget target = > client.target("http://__localhost:8080/auth > "); > > String token = ... get a token ... > > target.register(new BearerTokenFilter(token)); // you'd have to > implement this > > Admin admin = target.proxy(Admin.class); > > admin.realm("master") > > That's about as much help I can give you right now. > > > > > On 7/17/2014 11:18 AM, Rodrigo Sasaki wrote: > > OK, will do. > > Is there a way for me to do it like it is there? I'll > explain a little > better > > the class *AdminRoot* has the path set to "/admin", and it > has a method > getRealmsAdmin, with "realms" on the path, and on the > *RealmsAdminResource* there's the getRealmAdmin mapped to > "{realm}", > making the full path for it "/admin/realms/{realm}", even > though each > one is in a different class. > > Is there a way for me to do it the same way, I don't know > how the Proxy > framework would understand that, maybe I would have to set > the full path > > > On Thu, Jul 17, 2014 at 12:11 PM, Stian Thorgersen > > >> wrote: > > Rodrigo: just create your own interfaces. If you can > try to keep > them as consistent with jax-rs classes in services as > you can that > would be great. > > ----- Original Message ----- > > From: "Stian Thorgersen" >> > > To: "Rodrigo Sasaki" > >>, "Bill Burke" > > >> > > Cc: keycloak-user at lists.jboss.org > > > > > Sent: Wednesday, 16 July, 2014 2:34:44 PM > > Subject: Re: [keycloak-user] Java Keycloak REST API > Wrapper > > > > Bill: does it make sense for us to share interfaces > (with jax-rs > annotations) > > for services and admin-client? > > > > ----- Original Message ----- > > > From: "Rodrigo Sasaki" > >> > > > To: "Stian Thorgersen" >> > > > Cc: "Juraci Paix?o Kr?hling" > >>, > > > keycloak-user at lists.jboss.org > > > > > > Sent: Wednesday, 16 July, 2014 2:31:35 PM > > > Subject: Re: [keycloak-user] Java Keycloak REST > API Wrapper > > > > > > I'll get on it for sure. > > > > > > Just one thing, should I create myself the > interfaces for the > services? Or > > > is there a more integrated way to do that? > > > > > > > > > On Wed, Jul 16, 2014 at 10:27 AM, Stian Thorgersen > > >> > > > wrote: > > > > > > > Great work with the admin-client. As I commented > on GitHub I > added it to > > > > 'admin-client' branch, and would like a few > changes before > merging to > > > > master: > > > > > > > > * Make it use RestEasy client framwork > > > > * Tests - I've added a starting point to > > > > > https://github.com/keycloak/__keycloak/blob/admin-client/__testsuite/integration/src/__test/java/org/keycloak/__testsuite/admin/__AdminClientTest.java > > > > > * Better error handling - instead of swallowing > exceptions it > now throws > > > > KeycloakException (RuntimeException), but > there's HTTP > response codes are > > > > not checked (see above test that tries to create > two users > with the same > > > > username) > > > > > > > > If you're happy to do this work that would be > awesome! > > > > > > > > ----- Original Message ----- > > > > > From: "Rodrigo Sasaki" > > >> > > > > > To: "Stian Thorgersen" > >> > > > > > Cc: "Juraci Paix?o Kr?hling" > > >>, > > > > keycloak-user at lists.jboss.org > > > > > > > > Sent: Monday, 14 July, 2014 2:44:48 PM > > > > > Subject: Re: [keycloak-user] Java Keycloak > REST API Wrapper > > > > > > > > > > Glad to hear it :) > > > > > > > > > > I'll be waiting on more replies and ideas to > perhaps make > it better. > > > > > Thanks! :) > > > > > > > > > > > > > > > On Mon, Jul 14, 2014 at 10:43 AM, Stian Thorgersen > > >> > > > > wrote: > > > > > > > > > > > Great stuff, I'll have a look at it soon. At > first glance > it looks > > > > really > > > > > > good! > > > > > > > > > > > > Thanks :) > > > > > > > > > > > > ----- Original Message ----- > > > > > > > From: "Rodrigo Sasaki" > > >> > > > > > > > To: "Stian Thorgersen" > >> > > > > > > > Cc: "Juraci Paix?o Kr?hling" > > >>, > > > > > > keycloak-user at lists.jboss.org > > > > > > > > > > Sent: Monday, 14 July, 2014 2:40:17 PM > > > > > > > Subject: Re: [keycloak-user] Java Keycloak > REST API Wrapper > > > > > > > > > > > > > > PR submitted :) > > > > > > > > > > > > > > > > > > > > > On Fri, Jul 11, 2014 at 9:56 AM, Stian > Thorgersen > > > > > > > >> > > > > > > wrote: > > > > > > > > > > > > > > > Please change package names to > 'org.keycloak.admin.client' > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > > > From: "Rodrigo Sasaki" > > >> > > > > > > > > > To: "Stian Thorgersen" > > >> > > > > > > > > > Cc: "Juraci Paix?o Kr?hling" > > >>, > > > > > > > > keycloak-user at lists.jboss.org > > > > > > > > > > > > Sent: Friday, 11 July, 2014 1:51:41 PM > > > > > > > > > Subject: Re: [keycloak-user] Java > Keycloak REST API > Wrapper > > > > > > > > > > > > > > > > > > Just one more question, I created it > with my > companies' name in > > > > the > > > > > > > > > package, should I replace it? Or just > upload it as is? > > > > > > > > > > > > > > > > > > It's br.com.icarros.keycloak.api > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, Jul 11, 2014 at 4:13 AM, Stian > Thorgersen < > > > > stian at redhat.com > >> > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > You can create a new module for it in: > > > > > > > > > > > > > > > > > > > > integration/admin-client > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > > > > > From: "Rodrigo Sasaki" > > >> > > > > > > > > > > > To: "Stian Thorgersen" > > >> > > > > > > > > > > > Cc: "Juraci Paix?o Kr?hling" > > >>, > > > > > > > > > > keycloak-user at lists.jboss.org > > > > > > > > > > > > > > Sent: Thursday, 10 July, 2014 > 8:50:00 PM > > > > > > > > > > > Subject: Re: [keycloak-user] Java > Keycloak REST > API Wrapper > > > > > > > > > > > > > > > > > > > > > > Stian, how should I send the code > that I made > to the > > > > > > > > > > > Keycloak > > > > > > repo? > > > > > > > > > > > > > > > > > > > > > > Can you tell me what module name > to use, and > where to > > > > > > > > > > > create > > > > it? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, > Rodrigo Sasaki < > > > > > > > > > > rodrigopsasaki at gmail.com > > >> > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > I would really like to do that > :) All I'm > waiting for is > > > > an OK > > > > > > to > > > > > > > > do > > > > > > > > > > it, > > > > > > > > > > > > because it was built inside the > company, so I > need > > > > approval. > > > > > > > > > > > > > > > > > > > > > > > > But I really believe it'll get a > lot better > when it's out > > > > > > there, > > > > > > > > and > > > > > > > > > > you > > > > > > > > > > > > can all pitch in > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, > Stian > Thorgersen < > > > > > > stian at redhat.com > > > > > > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > >> Ideal way to contribute it to > Keycloak would > be if you > > > > fork > > > > > > the > > > > > > > > > > Keycloak > > > > > > > > > > > >> repo, add a module and do a PR ;) > > > > > > > > > > > >> > > > > > > > > > > > >> ----- Original Message ----- > > > > > > > > > > > >> > From: "Rodrigo Sasaki" > > >> > > > > > > > > > > > >> > To: "Juraci Paix?o Kr?hling" > > >> > > > > > > > > > > > >> > Cc: > keycloak-user at lists.jboss.org > > > > > > > > > > > > > > >> > Sent: Tuesday, 8 July, 2014 > 1:50:14 PM > > > > > > > > > > > >> > Subject: Re: [keycloak-user] > Java Keycloak > REST API > > > > Wrapper > > > > > > > > > > > >> > > > > > > > > > > > > >> > Oh yes, I believe it is > already very usable. > > > > > > > > > > > >> > > > > > > > > > > > > >> > All I need now is to get my > manager to > agree to make > > > > this > > > > > > repo > > > > > > > > > > public, > > > > > > > > > > > >> > because there is a policy > that all repos > are private > > > > > > > > > > > >> > in > > > > this > > > > > > > > project > > > > > > > > > > > >> we're > > > > > > > > > > > >> > working in, but I don't think > we'll have > problems with > > > > > > this. I > > > > > > > > > > pitched > > > > > > > > > > > >> him > > > > > > > > > > > >> > the idea of contributing to > Keycloak and > he seemed to > > > > like > > > > > > it > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > On Tue, Jul 8, 2014 at 9:32 > AM, Juraci > Paix?o Kr?hling > > > > > > > > > > > >> > < > > > > > > > > > > > >> juraci at kroehling.de > > > > > > > > > > > > > >> > > wrote: > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > -----BEGIN PGP SIGNED > MESSAGE----- > > > > > > > > > > > >> > Hash: SHA512 > > > > > > > > > > > >> > > > > > > > > > > > > >> > Hello Rodrigo, > > > > > > > > > > > >> > > > > > > > > > > > > >> > Do you have news about this? > I'm working > on a task > > > > > > > > > > > >> > that > > > > > > would > > > > > > > > > > require > > > > > > > > > > > >> > me to do something similar, > so, I think it > would best > > > > if we > > > > > > can > > > > > > > > > > > >> > collaborate on this API :-) > > > > > > > > > > > >> > > > > > > > > > > > > >> > If/when you have some time, > we could have > a chat via > > > > > > > > > > > >> > IRC > > > > > > > > > > (jpkroehling > > > > > > > > > > > >> > at #keycloak on freenode). > > > > > > > > > > > >> > > > > > > > > > > > > >> > - - Juca. > > > > > > > > > > > >> > > > > > > > > > > > > >> > On 06/20/2014 10:00 PM, > Rodrigo Sasaki wrote: > > > > > > > > > > > >> > > I'm working on a Java-based > wrapper for > the REST > > > > > > > > > > > >> > > API, > > > > to > > > > > > make > > > > > > > > it > > > > > > > > > > > >> > > look more OO, abstracting > the access to > servers. > > > > > > > > > > > >> > > > > > > > > > > > > > >> > > It uses methods such as > > > > > > > > > > > >> > > > > > > > > > > > > > >> > > User bill = > realm.getUser("bburke") > > > > > > List > > > > > > > > roles > > > > > > > > > > > >> > > = > > > > > > > > > > > >> > > > bill.__getApplicationRoleMappings("__customer-portal"); > > > > > > > > > > > >> > > > > > > > > > > > > > >> > > It's still in it's early > stages, but if > you find it > > > > > > > > interesting, > > > > > > > > > > > >> > > I'd be happy to create a > repo for other > Java users > > > > > > > > > > > >> > > to > > > > use > > > > > > it, > > > > > > > > and > > > > > > > > > > > >> > > adapt it based on > suggestions aswell. > > > > > > > > > > > >> > > > > > > > > > > > > >> > -----BEGIN PGP SIGNATURE----- > > > > > > > > > > > >> > Version: GnuPG v2 > > > > > > > > > > > >> > Comment: Using GnuPG with > Thunderbird - > > > > > > > > http://www.enigmail.net/ > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > iQEcBAEBCgAGBQJTu+__ThAAoJEDnJtskdmzLM4PcH/__jShu9J6nnV92HqSyqyy4y7d > > > > > > > > > > > >> > > > > > > > > > snhFqt4G+__aqyhdH4iiOUbV36Zb07fPnO5w7s9vc__r79YLGjuAWaODIzU1D1yZxbyA > > > > > > > > > > > >> > > > > > > > > > X4e3y5ClCSZMefHGSXoCOs7U+__cVuCAUivCXBhe+hIb4pM/2krlhaS+__ai3I2Ur43Z > > > > > > > > > > > >> > > > > > > > > > 5uzPS+__pz983y2i1UGkhJBzqv8MVabNPq3vC+__LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > > > > > > > > > > > >> > > > > > > > > > srdtReO5uC0/HjtfzrNP+__ErY1WpIEFAuHW5abtL7HHwvdZYNgYU__Ij6f8w8oGGLMp > > > > > > > > > > > >> > > > > > > > > > iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk__2anqeUu5qcvCaPyMQA8edvgctc4a2j__bJc= > > > > > > > > > > > >> > =3O4p > > > > > > > > > > > >> > -----END PGP SIGNATURE----- > > > > > > > > > > > >> > > _________________________________________________ > > > > > > > > > > > >> > keycloak-user mailing list > > > > > > > > > > > >> > keycloak-user at lists.jboss.org > > > > > > > > > > > > > > >> > > https://lists.jboss.org/__mailman/listinfo/keycloak-user > > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > -- > > > > > > > > > > > >> > Rodrigo Sasaki > > > > > > > > > > > >> > > > > > > > > > > > > >> > > _________________________________________________ > > > > > > > > > > > >> > keycloak-user mailing list > > > > > > > > > > > >> > keycloak-user at lists.jboss.org > > > > > > > > > > > > > > >> > > https://lists.jboss.org/__mailman/listinfo/keycloak-user > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > -- > > > Rodrigo Sasaki > > > > > > > _________________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > > > > > https://lists.jboss.org/__mailman/listinfo/keycloak-user > > > > > > -- > Rodrigo Sasaki > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > > > > > -- > Rodrigo Sasaki -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From spousty at redhat.com Fri Jul 18 14:00:31 2014 From: spousty at redhat.com (Steven Pousty) Date: Fri, 18 Jul 2014 11:00:31 -0700 Subject: [keycloak-user] Question on microservices and keycloak Message-ID: <53C960BF.2010301@redhat.com> Hey all: I was thinking about using Keycloak to provide authentication in an application I am building. I am building this app to evaluate how microservices REALLY work rather than all the hype. I am building a single page app & mobile UI, talking to different REST services, each of which is a separate application. Here is a rough picture of all the services. https://github.com/thesteve0/flatfluffy/blob/master/Services.png Reading the doc I see how I can use Keycloak to authenticate if all my REST endpoints are in the same App Server. Unfortunately, I do not want to make that assumption for my architecture. Can I still use Keycloak? Thanks Steve From bburke at redhat.com Fri Jul 18 14:37:27 2014 From: bburke at redhat.com (Bill Burke) Date: Fri, 18 Jul 2014 14:37:27 -0400 Subject: [keycloak-user] Question on microservices and keycloak In-Reply-To: <53C960BF.2010301@redhat.com> References: <53C960BF.2010301@redhat.com> Message-ID: <53C96967.3050401@redhat.com> On 7/18/2014 2:00 PM, Steven Pousty wrote: > Hey all: > I was thinking about using Keycloak to provide authentication in an > application I am building. I am building this app to evaluate how > microservices REALLY work rather than all the hype. > > I am building a single page app & mobile UI, talking to different REST > services, each of which is a separate application. > Here is a rough picture of all the services. > > https://github.com/thesteve0/flatfluffy/blob/master/Services.png > > > Reading the doc I see how I can use Keycloak to authenticate if all my > REST endpoints are in the same App Server. Unfortunately, I do not want > to make that assumption for my architecture. Can I still use Keycloak? > All of your rest endpoints don't need to be in the same App Server. What gave you that impression? The demo is the way it is for setup simplicity. Each REST service in your architecture would be a "bearer-only" application. Just like in the demo where the "database-service" is a bearer-only application. Users would log in through your "single page app" and get access token they could use to execute the rest services. If the mobile client runs in a browser, then it would have to use CORS. Also something Keycloak supports. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From rodrigopsasaki at gmail.com Tue Jul 22 09:54:49 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Tue, 22 Jul 2014 10:54:49 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: <53C94D34.70307@redhat.com> References: <2008246421.8198022.1405083385278.JavaMail.zimbra@redhat.com> <1494828793.9646510.1405345417189.JavaMail.zimbra@redhat.com> <489963702.11205123.1405517254028.JavaMail.zimbra@redhat.com> <1254963878.11212811.1405517684970.JavaMail.zimbra@redhat.com> <438546910.12158401.1405609875586.JavaMail.zimbra@redhat.com> <53C8385A.8030400@redhat.com> <53C94D34.70307@redhat.com> Message-ID: I tried creating a user using the API, and I got a 400 status code, I went to check everything, and it seems that I can't send "socialLinks", "realmRoles" and "applicationRoles" as null for some reason, I get this exception: org.codehaus.jackson.map.exc.UnrecognizedPropertyException: Unrecognized field "socialLinks" (Class org.keycloak.representations.idm.UserRepresentation), not marked as ignorable But I know those values aren't mandatory. Is there a fix for this? On Fri, Jul 18, 2014 at 1:37 PM, Bill Burke wrote: > String token = getToken(); > final String authHeader = "Bearer " + token; > ClientRequestFilter authFilter = new ClientRequestFilter() { > @Override > public void filter(ClientRequestContext requestContext) throws > IOException { > > requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, authHeader); > > } > }; > > > ResteasyWebTarget target = client.target("http://localhost:8080/auth"); > target.register(authFilter); > Admin admin = target.proxy(Admin.class); > > > > On 7/18/2014 12:26 PM, Rodrigo Sasaki wrote: > >> Can you help me with any hint or documentation regarding that >> BearerTokenFilter implementation? >> >> I understand that I have to create it myself, but I don't know what I >> should create. I tried browsing the web, but with no success.. Perhaps >> I'm missing the right keyword to find what I need >> >> >> On Thu, Jul 17, 2014 at 6:36 PM, Rodrigo Sasaki >> > wrote: >> >> That's perfect :) thanks for the help >> >> I'll get started on it as soon as I can >> >> On Jul 17, 2014 5:55 PM, "Bill Burke" > > wrote: >> >> @Path("/admin >> public interface Admin { >> @Path("realms/{realm}") >> Realm realm(@PathParameter("realm") realmName); >> } >> >> public interface Realm { >> @GET >> @Produces("application/json") >> RealmRepresentation get(); >> >> @DELETE >> void delete(); >> >> @PUT >> @Consumes("application/json") >> void update(RealmRepresentation rep); >> >> @Path("users") >> Users users(); >> } >> >> public interface Users { >> ... >> } >> >> FOllow me? >> >> Then its just >> >> ResteasyClient client = new ResteasyClientBuilder().build(__); >> ResteasyWebTarget target = >> client.target("http://__localhost:8080/auth >> >> "); >> >> String token = ... get a token ... >> >> target.register(new BearerTokenFilter(token)); // you'd have to >> implement this >> >> Admin admin = target.proxy(Admin.class); >> >> admin.realm("master") >> >> That's about as much help I can give you right now. >> >> >> >> >> On 7/17/2014 11:18 AM, Rodrigo Sasaki wrote: >> >> OK, will do. >> >> Is there a way for me to do it like it is there? I'll >> explain a little >> better >> >> the class *AdminRoot* has the path set to "/admin", and it >> has a method >> getRealmsAdmin, with "realms" on the path, and on the >> *RealmsAdminResource* there's the getRealmAdmin mapped to >> "{realm}", >> making the full path for it "/admin/realms/{realm}", even >> though each >> one is in a different class. >> >> Is there a way for me to do it the same way, I don't know >> how the Proxy >> framework would understand that, maybe I would have to set >> the full path >> >> >> On Thu, Jul 17, 2014 at 12:11 PM, Stian Thorgersen >> >> >> wrote: >> >> Rodrigo: just create your own interfaces. If you can >> try to keep >> them as consistent with jax-rs classes in services as >> you can that >> would be great. >> >> ----- Original Message ----- >> > From: "Stian Thorgersen" > > >> >> > To: "Rodrigo Sasaki" > >> > >>, "Bill Burke" >> >> >> >> > Cc: keycloak-user at lists.jboss.org >> >> > >> > >> > Sent: Wednesday, 16 July, 2014 2:34:44 PM >> > Subject: Re: [keycloak-user] Java Keycloak REST API >> Wrapper >> > >> > Bill: does it make sense for us to share interfaces >> (with jax-rs >> annotations) >> > for services and admin-client? >> > >> > ----- Original Message ----- >> > > From: "Rodrigo Sasaki" > >> > >> >> > > To: "Stian Thorgersen" > > >> >> > > Cc: "Juraci Paix?o Kr?hling" > >> > >>>, >> > > keycloak-user at lists.jboss.org >> >> > >> > >> > > Sent: Wednesday, 16 July, 2014 2:31:35 PM >> > > Subject: Re: [keycloak-user] Java Keycloak REST >> API Wrapper >> > > >> > > I'll get on it for sure. >> > > >> > > Just one thing, should I create myself the >> interfaces for the >> services? Or >> > > is there a more integrated way to do that? >> > > >> > > >> > > On Wed, Jul 16, 2014 at 10:27 AM, Stian Thorgersen >> >> >> >> >> > > wrote: >> > > >> > > > Great work with the admin-client. As I commented >> on GitHub I >> added it to >> > > > 'admin-client' branch, and would like a few >> changes before >> merging to >> > > > master: >> > > > >> > > > * Make it use RestEasy client framwork >> > > > * Tests - I've added a starting point to >> > > > >> https://github.com/keycloak/__keycloak/blob/admin-client/__ >> testsuite/integration/src/__test/java/org/keycloak/__testsuite/admin/__ >> AdminClientTest.java >> >> > testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ >> AdminClientTest.java> >> > > > * Better error handling - instead of swallowing >> exceptions it >> now throws >> > > > KeycloakException (RuntimeException), but >> there's HTTP >> response codes are >> > > > not checked (see above test that tries to create >> two users >> with the same >> > > > username) >> > > > >> > > > If you're happy to do this work that would be >> awesome! >> > > > >> > > > ----- Original Message ----- >> > > > > From: "Rodrigo Sasaki" >> >> > >> >> > > > > To: "Stian Thorgersen" > >> >> >> > > > > Cc: "Juraci Paix?o Kr?hling" >> >> > >>>, >> > > > keycloak-user at lists.jboss.org >> >> > >> > >> > > > > Sent: Monday, 14 July, 2014 2:44:48 PM >> > > > > Subject: Re: [keycloak-user] Java Keycloak >> REST API Wrapper >> > > > > >> > > > > Glad to hear it :) >> > > > > >> > > > > I'll be waiting on more replies and ideas to >> perhaps make >> it better. >> > > > > Thanks! :) >> > > > > >> > > > > >> > > > > On Mon, Jul 14, 2014 at 10:43 AM, Stian >> Thorgersen >> >> >> >> >> > > > wrote: >> > > > > >> > > > > > Great stuff, I'll have a look at it soon. At >> first glance >> it looks >> > > > really >> > > > > > good! >> > > > > > >> > > > > > Thanks :) >> > > > > > >> > > > > > ----- Original Message ----- >> > > > > > > From: "Rodrigo Sasaki" >> >> > >> >> > > > > > > To: "Stian Thorgersen" > >> >> >> > > > > > > Cc: "Juraci Paix?o Kr?hling" >> >> > >>>, >> > > > > > keycloak-user at lists.jboss.org >> >> > >> > >> > > > > > > Sent: Monday, 14 July, 2014 2:40:17 PM >> > > > > > > Subject: Re: [keycloak-user] Java Keycloak >> REST API Wrapper >> > > > > > > >> > > > > > > PR submitted :) >> > > > > > > >> > > > > > > >> > > > > > > On Fri, Jul 11, 2014 at 9:56 AM, Stian >> Thorgersen >> > > > > > > > > >> >> >> > > > > > wrote: >> > > > > > > >> > > > > > > > Please change package names to >> 'org.keycloak.admin.client' >> > > > > > > > >> > > > > > > > ----- Original Message ----- >> > > > > > > > > From: "Rodrigo Sasaki" >> >> > >> >> > > > > > > > > To: "Stian Thorgersen" >> >> >> >> > > > > > > > > Cc: "Juraci Paix?o Kr?hling" >> >> > >>>, >> > > > > > > > keycloak-user at lists.jboss.org >> >> > >> > >> > > > > > > > > Sent: Friday, 11 July, 2014 1:51:41 PM >> > > > > > > > > Subject: Re: [keycloak-user] Java >> Keycloak REST API >> Wrapper >> > > > > > > > > >> > > > > > > > > Just one more question, I created it >> with my >> companies' name in >> > > > the >> > > > > > > > > package, should I replace it? Or just >> upload it as is? >> > > > > > > > > >> > > > > > > > > It's br.com.icarros.keycloak.api >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > On Fri, Jul 11, 2014 at 4:13 AM, Stian >> Thorgersen < >> > > > stian at redhat.com >> >> >> >> > > > > > > > wrote: >> > > > > > > > > >> > > > > > > > > > You can create a new module for it in: >> > > > > > > > > > >> > > > > > > > > > integration/admin-client >> > > > > > > > > > >> > > > > > > > > > ----- Original Message ----- >> > > > > > > > > > > From: "Rodrigo Sasaki" >> > >> > >> >> > > > > > > > > > > To: "Stian Thorgersen" >> >> >> >> > > > > > > > > > > Cc: "Juraci Paix?o Kr?hling" >> >> >>, >> > > > > > > > > > keycloak-user at lists.jboss.org >> >> > >> > >> > > > > > > > > > > Sent: Thursday, 10 July, 2014 >> 8:50:00 PM >> > > > > > > > > > > Subject: Re: [keycloak-user] Java >> Keycloak REST >> API Wrapper >> > > > > > > > > > > >> > > > > > > > > > > Stian, how should I send the code >> that I made >> to the >> > > > > > > > > > > Keycloak >> > > > > > repo? >> > > > > > > > > > > >> > > > > > > > > > > Can you tell me what module name >> to use, and >> where to >> > > > > > > > > > > create >> > > > it? >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, >> Rodrigo Sasaki < >> > > > > > > > > > rodrigopsasaki at gmail.com >> >> > >> >> >> > > > > > > > > > > wrote: >> > > > > > > > > > > >> > > > > > > > > > > > I would really like to do that >> :) All I'm >> waiting for is >> > > > an OK >> > > > > > to >> > > > > > > > do >> > > > > > > > > > it, >> > > > > > > > > > > > because it was built inside the >> company, so I >> need >> > > > approval. >> > > > > > > > > > > > >> > > > > > > > > > > > But I really believe it'll get a >> lot better >> when it's out >> > > > > > there, >> > > > > > > > and >> > > > > > > > > > you >> > > > > > > > > > > > can all pitch in >> > > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, >> Stian >> Thorgersen < >> > > > > > stian at redhat.com >> > >> >> > > > > > > > > >> > > > > > > > > > wrote: >> > > > > > > > > > > > >> > > > > > > > > > > >> Ideal way to contribute it to >> Keycloak would >> be if you >> > > > fork >> > > > > > the >> > > > > > > > > > Keycloak >> > > > > > > > > > > >> repo, add a module and do a PR ;) >> > > > > > > > > > > >> >> > > > > > > > > > > >> ----- Original Message ----- >> > > > > > > > > > > >> > From: "Rodrigo Sasaki" >> > >> > >> >> > > > > > > > > > > >> > To: "Juraci Paix?o Kr?hling" >> >> >> >> > > > > > > > > > > >> > Cc: >> keycloak-user at lists.jboss.org >> >> > >> > >> > > > > > > > > > > >> > Sent: Tuesday, 8 July, 2014 >> 1:50:14 PM >> > > > > > > > > > > >> > Subject: Re: [keycloak-user] >> Java Keycloak >> REST API >> > > > Wrapper >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > Oh yes, I believe it is >> already very usable. >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > All I need now is to get my >> manager to >> agree to make >> > > > this >> > > > > > repo >> > > > > > > > > > public, >> > > > > > > > > > > >> > because there is a policy >> that all repos >> are private >> > > > > > > > > > > >> > in >> > > > this >> > > > > > > > project >> > > > > > > > > > > >> we're >> > > > > > > > > > > >> > working in, but I don't think >> we'll have >> problems with >> > > > > > this. I >> > > > > > > > > > pitched >> > > > > > > > > > > >> him >> > > > > > > > > > > >> > the idea of contributing to >> Keycloak and >> he seemed to >> > > > like >> > > > > > it >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > On Tue, Jul 8, 2014 at 9:32 >> AM, Juraci >> Paix?o Kr?hling >> > > > > > > > > > > >> > < >> > > > > > > > > > > >> juraci at kroehling.de >> > >> > >> > > > > > > > > > > >> > > wrote: >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > -----BEGIN PGP SIGNED >> MESSAGE----- >> > > > > > > > > > > >> > Hash: SHA512 >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > Hello Rodrigo, >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > Do you have news about this? >> I'm working >> on a task >> > > > > > > > > > > >> > that >> > > > > > would >> > > > > > > > > > require >> > > > > > > > > > > >> > me to do something similar, >> so, I think it >> would best >> > > > if we >> > > > > > can >> > > > > > > > > > > >> > collaborate on this API :-) >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > If/when you have some time, >> we could have >> a chat via >> > > > > > > > > > > >> > IRC >> > > > > > > > > > (jpkroehling >> > > > > > > > > > > >> > at #keycloak on freenode). >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > - - Juca. >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > On 06/20/2014 10:00 PM, >> Rodrigo Sasaki wrote: >> > > > > > > > > > > >> > > I'm working on a Java-based >> wrapper for >> the REST >> > > > > > > > > > > >> > > API, >> > > > to >> > > > > > make >> > > > > > > > it >> > > > > > > > > > > >> > > look more OO, abstracting >> the access to >> servers. >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > > It uses methods such as >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > > User bill = >> realm.getUser("bburke") >> > > > > > List >> > > > > > > > roles >> > > > > > > > > > > >> > > = >> > > > > > > > > > > >> > > >> bill.__getApplicationRoleMappings("__customer-portal"); >> >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > > It's still in it's early >> stages, but if >> you find it >> > > > > > > > interesting, >> > > > > > > > > > > >> > > I'd be happy to create a >> repo for other >> Java users >> > > > > > > > > > > >> > > to >> > > > use >> > > > > > it, >> > > > > > > > and >> > > > > > > > > > > >> > > adapt it based on >> suggestions aswell. >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > -----BEGIN PGP SIGNATURE----- >> > > > > > > > > > > >> > Version: GnuPG v2 >> > > > > > > > > > > >> > Comment: Using GnuPG with >> Thunderbird - >> > > > > > > > http://www.enigmail.net/ >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > >> > > > > > >> >> iQEcBAEBCgAGBQJTu+__ThAAoJEDnJtskdmzLM4PcH/__ >> jShu9J6nnV92HqSyqyy4y7d >> > > > > > > > > > > >> > >> > > > > > >> >> snhFqt4G+__aqyhdH4iiOUbV36Zb07fPnO5w7s9vc >> __r79YLGjuAWaODIzU1D1yZxbyA >> > > > > > > > > > > >> > >> > > > > > >> >> X4e3y5ClCSZMefHGSXoCOs7U+__cVuCAUivCXBhe+hIb4pM/2krlhaS+_ >> _ai3I2Ur43Z >> > > > > > > > > > > >> > >> > > > > > >> >> 5uzPS+__pz983y2i1UGkhJBzqv8MVabNPq3vC+ >> __LX2bK9vEmd4Qiz0LdC9jwP23DZY9 >> > > > > > > > > > > >> > >> > > > > > >> >> srdtReO5uC0/HjtfzrNP+__ErY1WpIEFAuHW5abtL7HHwvdZYNgYU >> __Ij6f8w8oGGLMp >> > > > > > > > > > > >> > >> > > > > > >> >> iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk__ >> 2anqeUu5qcvCaPyMQA8edvgctc4a2j__bJc= >> > > > > > > > > > > >> > =3O4p >> > > > > > > > > > > >> > -----END PGP SIGNATURE----- >> > > > > > > > > > > >> > >> _________________________________________________ >> >> > > > > > > > > > > >> > keycloak-user mailing list >> > > > > > > > > > > >> > keycloak-user at lists.jboss.org >> >> > > >> > > > > > > > > > > >> > >> https://lists.jboss.org/__mailman/listinfo/keycloak-user >> >> >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > -- >> > > > > > > > > > > >> > Rodrigo Sasaki >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > >> _________________________________________________ >> >> > > > > > > > > > > >> > keycloak-user mailing list >> > > > > > > > > > > >> > keycloak-user at lists.jboss.org >> >> > > >> > > > > > > > > > > >> > >> https://lists.jboss.org/__mailman/listinfo/keycloak-user >> >> >> > > > > > > > > > > >> >> > > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > > -- >> > > > > > > > > > > > Rodrigo Sasaki >> > > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > -- >> > > > > > > > > > > Rodrigo Sasaki >> > > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > -- >> > > > > > > > > Rodrigo Sasaki >> > > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > -- >> > > > > > > Rodrigo Sasaki >> > > > > > > >> > > > > > >> > > > > >> > > > > >> > > > > >> > > > > -- >> > > > > Rodrigo Sasaki >> > > > > >> > > > >> > > >> > > >> > > >> > > -- >> > > Rodrigo Sasaki >> > > >> > >> > _________________________________________________ >> >> > keycloak-user mailing list >> > keycloak-user at lists.jboss.org >> >> > > >> > >> https://lists.jboss.org/__mailman/listinfo/keycloak-user >> >> >> >> >> >> >> -- >> Rodrigo Sasaki >> >> >> -- >> Bill Burke >> JBoss, a division of Red Hat >> http://bill.burkecentral.com >> >> >> >> >> -- >> Rodrigo Sasaki >> > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140722/bbe0a978/attachment-0001.html From stian at redhat.com Tue Jul 22 09:58:47 2014 From: stian at redhat.com (Stian Thorgersen) Date: Tue, 22 Jul 2014 09:58:47 -0400 (EDT) Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <438546910.12158401.1405609875586.JavaMail.zimbra@redhat.com> <53C8385A.8030400@redhat.com> <53C94D34.70307@redhat.com> Message-ID: <1703920550.15129364.1406037527645.JavaMail.zimbra@redhat.com> Try removing socialLinks instead of setting the value to null, or specifying an empty array. ----- Original Message ----- > From: "Rodrigo Sasaki" > To: "Bill Burke" > Cc: "Stian Thorgersen" , keycloak-user at lists.jboss.org > Sent: Tuesday, 22 July, 2014 2:54:49 PM > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > I tried creating a user using the API, and I got a 400 status code, I went > to check everything, and it seems that I can't send "socialLinks", > "realmRoles" and "applicationRoles" as null for some reason, I get this > exception: > > org.codehaus.jackson.map.exc.UnrecognizedPropertyException: Unrecognized > field "socialLinks" > (Class org.keycloak.representations.idm.UserRepresentation), not marked > as ignorable > > But I know those values aren't mandatory. Is there a fix for this? > > > On Fri, Jul 18, 2014 at 1:37 PM, Bill Burke wrote: > > > String token = getToken(); > > final String authHeader = "Bearer " + token; > > ClientRequestFilter authFilter = new ClientRequestFilter() { > > @Override > > public void filter(ClientRequestContext requestContext) throws > > IOException { > > > > requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, authHeader); > > > > } > > }; > > > > > > ResteasyWebTarget target = client.target("http://localhost:8080/auth"); > > target.register(authFilter); > > Admin admin = target.proxy(Admin.class); > > > > > > > > On 7/18/2014 12:26 PM, Rodrigo Sasaki wrote: > > > >> Can you help me with any hint or documentation regarding that > >> BearerTokenFilter implementation? > >> > >> I understand that I have to create it myself, but I don't know what I > >> should create. I tried browsing the web, but with no success.. Perhaps > >> I'm missing the right keyword to find what I need > >> > >> > >> On Thu, Jul 17, 2014 at 6:36 PM, Rodrigo Sasaki > >> > wrote: > >> > >> That's perfect :) thanks for the help > >> > >> I'll get started on it as soon as I can > >> > >> On Jul 17, 2014 5:55 PM, "Bill Burke" >> > wrote: > >> > >> @Path("/admin > >> public interface Admin { > >> @Path("realms/{realm}") > >> Realm realm(@PathParameter("realm") realmName); > >> } > >> > >> public interface Realm { > >> @GET > >> @Produces("application/json") > >> RealmRepresentation get(); > >> > >> @DELETE > >> void delete(); > >> > >> @PUT > >> @Consumes("application/json") > >> void update(RealmRepresentation rep); > >> > >> @Path("users") > >> Users users(); > >> } > >> > >> public interface Users { > >> ... > >> } > >> > >> FOllow me? > >> > >> Then its just > >> > >> ResteasyClient client = new ResteasyClientBuilder().build(__); > >> ResteasyWebTarget target = > >> client.target("http://__localhost:8080/auth > >> > >> "); > >> > >> String token = ... get a token ... > >> > >> target.register(new BearerTokenFilter(token)); // you'd have to > >> implement this > >> > >> Admin admin = target.proxy(Admin.class); > >> > >> admin.realm("master") > >> > >> That's about as much help I can give you right now. > >> > >> > >> > >> > >> On 7/17/2014 11:18 AM, Rodrigo Sasaki wrote: > >> > >> OK, will do. > >> > >> Is there a way for me to do it like it is there? I'll > >> explain a little > >> better > >> > >> the class *AdminRoot* has the path set to "/admin", and it > >> has a method > >> getRealmsAdmin, with "realms" on the path, and on the > >> *RealmsAdminResource* there's the getRealmAdmin mapped to > >> "{realm}", > >> making the full path for it "/admin/realms/{realm}", even > >> though each > >> one is in a different class. > >> > >> Is there a way for me to do it the same way, I don't know > >> how the Proxy > >> framework would understand that, maybe I would have to set > >> the full path > >> > >> > >> On Thu, Jul 17, 2014 at 12:11 PM, Stian Thorgersen > >> > >> >> wrote: > >> > >> Rodrigo: just create your own interfaces. If you can > >> try to keep > >> them as consistent with jax-rs classes in services as > >> you can that > >> would be great. > >> > >> ----- Original Message ----- > >> > From: "Stian Thorgersen" >> >> >> > >> > To: "Rodrigo Sasaki" >> > >> >> >>, "Bill Burke" > >> > >> >> > >> > Cc: keycloak-user at lists.jboss.org > >> > >> >> > >> > > >> > Sent: Wednesday, 16 July, 2014 2:34:44 PM > >> > Subject: Re: [keycloak-user] Java Keycloak REST API > >> Wrapper > >> > > >> > Bill: does it make sense for us to share interfaces > >> (with jax-rs > >> annotations) > >> > for services and admin-client? > >> > > >> > ----- Original Message ----- > >> > > From: "Rodrigo Sasaki" >> > >> >> >> > >> > > To: "Stian Thorgersen" >> >> >> > >> > > Cc: "Juraci Paix?o Kr?hling" >> > >> >> >>>, > >> > > keycloak-user at lists.jboss.org > >> > >> >> > >> > > >> > > Sent: Wednesday, 16 July, 2014 2:31:35 PM > >> > > Subject: Re: [keycloak-user] Java Keycloak REST > >> API Wrapper > >> > > > >> > > I'll get on it for sure. > >> > > > >> > > Just one thing, should I create myself the > >> interfaces for the > >> services? Or > >> > > is there a more integrated way to do that? > >> > > > >> > > > >> > > On Wed, Jul 16, 2014 at 10:27 AM, Stian Thorgersen > >> > >> >> > >> > >> > > wrote: > >> > > > >> > > > Great work with the admin-client. As I commented > >> on GitHub I > >> added it to > >> > > > 'admin-client' branch, and would like a few > >> changes before > >> merging to > >> > > > master: > >> > > > > >> > > > * Make it use RestEasy client framwork > >> > > > * Tests - I've added a starting point to > >> > > > > >> https://github.com/keycloak/__keycloak/blob/admin-client/__ > >> testsuite/integration/src/__test/java/org/keycloak/__testsuite/admin/__ > >> AdminClientTest.java > >> > >> >> testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ > >> AdminClientTest.java> > >> > > > * Better error handling - instead of swallowing > >> exceptions it > >> now throws > >> > > > KeycloakException (RuntimeException), but > >> there's HTTP > >> response codes are > >> > > > not checked (see above test that tries to create > >> two users > >> with the same > >> > > > username) > >> > > > > >> > > > If you're happy to do this work that would be > >> awesome! > >> > > > > >> > > > ----- Original Message ----- > >> > > > > From: "Rodrigo Sasaki" > >> > >> >> >> > >> > > > > To: "Stian Thorgersen" >> > >> >> > >> > > > > Cc: "Juraci Paix?o Kr?hling" > >> > >> >> >>>, > >> > > > keycloak-user at lists.jboss.org > >> > >> >> > >> > > >> > > > > Sent: Monday, 14 July, 2014 2:44:48 PM > >> > > > > Subject: Re: [keycloak-user] Java Keycloak > >> REST API Wrapper > >> > > > > > >> > > > > Glad to hear it :) > >> > > > > > >> > > > > I'll be waiting on more replies and ideas to > >> perhaps make > >> it better. > >> > > > > Thanks! :) > >> > > > > > >> > > > > > >> > > > > On Mon, Jul 14, 2014 at 10:43 AM, Stian > >> Thorgersen > >> > >> >> > >> > >> > > > wrote: > >> > > > > > >> > > > > > Great stuff, I'll have a look at it soon. At > >> first glance > >> it looks > >> > > > really > >> > > > > > good! > >> > > > > > > >> > > > > > Thanks :) > >> > > > > > > >> > > > > > ----- Original Message ----- > >> > > > > > > From: "Rodrigo Sasaki" > >> > >> >> >> > >> > > > > > > To: "Stian Thorgersen" >> > >> >> > >> > > > > > > Cc: "Juraci Paix?o Kr?hling" > >> > >> >> >>>, > >> > > > > > keycloak-user at lists.jboss.org > >> > >> >> > >> > > >> > > > > > > Sent: Monday, 14 July, 2014 2:40:17 PM > >> > > > > > > Subject: Re: [keycloak-user] Java Keycloak > >> REST API Wrapper > >> > > > > > > > >> > > > > > > PR submitted :) > >> > > > > > > > >> > > > > > > > >> > > > > > > On Fri, Jul 11, 2014 at 9:56 AM, Stian > >> Thorgersen > >> > > > > > > >> >> > >> >> > >> > > > > > wrote: > >> > > > > > > > >> > > > > > > > Please change package names to > >> 'org.keycloak.admin.client' > >> > > > > > > > > >> > > > > > > > ----- Original Message ----- > >> > > > > > > > > From: "Rodrigo Sasaki" > >> > >> >> >> > >> > > > > > > > > To: "Stian Thorgersen" > >> > >> >> > >> > > > > > > > > Cc: "Juraci Paix?o Kr?hling" > >> > >> >> >>>, > >> > > > > > > > keycloak-user at lists.jboss.org > >> > >> >> > >> > > >> > > > > > > > > Sent: Friday, 11 July, 2014 1:51:41 PM > >> > > > > > > > > Subject: Re: [keycloak-user] Java > >> Keycloak REST API > >> Wrapper > >> > > > > > > > > > >> > > > > > > > > Just one more question, I created it > >> with my > >> companies' name in > >> > > > the > >> > > > > > > > > package, should I replace it? Or just > >> upload it as is? > >> > > > > > > > > > >> > > > > > > > > It's br.com.icarros.keycloak.api > >> > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > On Fri, Jul 11, 2014 at 4:13 AM, Stian > >> Thorgersen < > >> > > > stian at redhat.com > >> >> > >> > >> > > > > > > > wrote: > >> > > > > > > > > > >> > > > > > > > > > You can create a new module for it in: > >> > > > > > > > > > > >> > > > > > > > > > integration/admin-client > >> > > > > > > > > > > >> > > > > > > > > > ----- Original Message ----- > >> > > > > > > > > > > From: "Rodrigo Sasaki" > >> >> > >> >> >> > >> > > > > > > > > > > To: "Stian Thorgersen" > >> > >> >> > >> > > > > > > > > > > Cc: "Juraci Paix?o Kr?hling" > >> > >> >>, > >> > > > > > > > > > keycloak-user at lists.jboss.org > >> > >> >> > >> > > >> > > > > > > > > > > Sent: Thursday, 10 July, 2014 > >> 8:50:00 PM > >> > > > > > > > > > > Subject: Re: [keycloak-user] Java > >> Keycloak REST > >> API Wrapper > >> > > > > > > > > > > > >> > > > > > > > > > > Stian, how should I send the code > >> that I made > >> to the > >> > > > > > > > > > > Keycloak > >> > > > > > repo? > >> > > > > > > > > > > > >> > > > > > > > > > > Can you tell me what module name > >> to use, and > >> where to > >> > > > > > > > > > > create > >> > > > it? > >> > > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, > >> Rodrigo Sasaki < > >> > > > > > > > > > rodrigopsasaki at gmail.com > >> > >> >> > >> >> > >> > > > > > > > > > > wrote: > >> > > > > > > > > > > > >> > > > > > > > > > > > I would really like to do that > >> :) All I'm > >> waiting for is > >> > > > an OK > >> > > > > > to > >> > > > > > > > do > >> > > > > > > > > > it, > >> > > > > > > > > > > > because it was built inside the > >> company, so I > >> need > >> > > > approval. > >> > > > > > > > > > > > > >> > > > > > > > > > > > But I really believe it'll get a > >> lot better > >> when it's out > >> > > > > > there, > >> > > > > > > > and > >> > > > > > > > > > you > >> > > > > > > > > > > > can all pitch in > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 AM, > >> Stian > >> Thorgersen < > >> > > > > > stian at redhat.com > >> > > >> > >> > > > > > > > > > >> > > > > > > > > > wrote: > >> > > > > > > > > > > > > >> > > > > > > > > > > >> Ideal way to contribute it to > >> Keycloak would > >> be if you > >> > > > fork > >> > > > > > the > >> > > > > > > > > > Keycloak > >> > > > > > > > > > > >> repo, add a module and do a PR ;) > >> > > > > > > > > > > >> > >> > > > > > > > > > > >> ----- Original Message ----- > >> > > > > > > > > > > >> > From: "Rodrigo Sasaki" > >> >> > >> >> >> > >> > > > > > > > > > > >> > To: "Juraci Paix?o Kr?hling" > >> > >> >> > >> > > > > > > > > > > >> > Cc: > >> keycloak-user at lists.jboss.org > >> > >> >> > >> > > >> > > > > > > > > > > >> > Sent: Tuesday, 8 July, 2014 > >> 1:50:14 PM > >> > > > > > > > > > > >> > Subject: Re: [keycloak-user] > >> Java Keycloak > >> REST API > >> > > > Wrapper > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > Oh yes, I believe it is > >> already very usable. > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > All I need now is to get my > >> manager to > >> agree to make > >> > > > this > >> > > > > > repo > >> > > > > > > > > > public, > >> > > > > > > > > > > >> > because there is a policy > >> that all repos > >> are private > >> > > > > > > > > > > >> > in > >> > > > this > >> > > > > > > > project > >> > > > > > > > > > > >> we're > >> > > > > > > > > > > >> > working in, but I don't think > >> we'll have > >> problems with > >> > > > > > this. I > >> > > > > > > > > > pitched > >> > > > > > > > > > > >> him > >> > > > > > > > > > > >> > the idea of contributing to > >> Keycloak and > >> he seemed to > >> > > > like > >> > > > > > it > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > On Tue, Jul 8, 2014 at 9:32 > >> AM, Juraci > >> Paix?o Kr?hling > >> > > > > > > > > > > >> > < > >> > > > > > > > > > > >> juraci at kroehling.de > >> >> > >> > > >> > > > > > > > > > > >> > > wrote: > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > -----BEGIN PGP SIGNED > >> MESSAGE----- > >> > > > > > > > > > > >> > Hash: SHA512 > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > Hello Rodrigo, > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > Do you have news about this? > >> I'm working > >> on a task > >> > > > > > > > > > > >> > that > >> > > > > > would > >> > > > > > > > > > require > >> > > > > > > > > > > >> > me to do something similar, > >> so, I think it > >> would best > >> > > > if we > >> > > > > > can > >> > > > > > > > > > > >> > collaborate on this API :-) > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > If/when you have some time, > >> we could have > >> a chat via > >> > > > > > > > > > > >> > IRC > >> > > > > > > > > > (jpkroehling > >> > > > > > > > > > > >> > at #keycloak on freenode). > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > - - Juca. > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > On 06/20/2014 10:00 PM, > >> Rodrigo Sasaki wrote: > >> > > > > > > > > > > >> > > I'm working on a Java-based > >> wrapper for > >> the REST > >> > > > > > > > > > > >> > > API, > >> > > > to > >> > > > > > make > >> > > > > > > > it > >> > > > > > > > > > > >> > > look more OO, abstracting > >> the access to > >> servers. > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > > It uses methods such as > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > > User bill = > >> realm.getUser("bburke") > >> > > > > > List > >> > > > > > > > roles > >> > > > > > > > > > > >> > > = > >> > > > > > > > > > > >> > > > >> bill.__getApplicationRoleMappings("__customer-portal"); > >> > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > > It's still in it's early > >> stages, but if > >> you find it > >> > > > > > > > interesting, > >> > > > > > > > > > > >> > > I'd be happy to create a > >> repo for other > >> Java users > >> > > > > > > > > > > >> > > to > >> > > > use > >> > > > > > it, > >> > > > > > > > and > >> > > > > > > > > > > >> > > adapt it based on > >> suggestions aswell. > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > -----BEGIN PGP SIGNATURE----- > >> > > > > > > > > > > >> > Version: GnuPG v2 > >> > > > > > > > > > > >> > Comment: Using GnuPG with > >> Thunderbird - > >> > > > > > > > http://www.enigmail.net/ > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > > >> > > > > > > >> > >> iQEcBAEBCgAGBQJTu+__ThAAoJEDnJtskdmzLM4PcH/__ > >> jShu9J6nnV92HqSyqyy4y7d > >> > > > > > > > > > > >> > > >> > > > > > > >> > >> snhFqt4G+__aqyhdH4iiOUbV36Zb07fPnO5w7s9vc > >> __r79YLGjuAWaODIzU1D1yZxbyA > >> > > > > > > > > > > >> > > >> > > > > > > >> > >> X4e3y5ClCSZMefHGSXoCOs7U+__cVuCAUivCXBhe+hIb4pM/2krlhaS+_ > >> _ai3I2Ur43Z > >> > > > > > > > > > > >> > > >> > > > > > > >> > >> 5uzPS+__pz983y2i1UGkhJBzqv8MVabNPq3vC+ > >> __LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > >> > > > > > > > > > > >> > > >> > > > > > > >> > >> srdtReO5uC0/HjtfzrNP+__ErY1WpIEFAuHW5abtL7HHwvdZYNgYU > >> __Ij6f8w8oGGLMp > >> > > > > > > > > > > >> > > >> > > > > > > >> > >> iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk__ > >> 2anqeUu5qcvCaPyMQA8edvgctc4a2j__bJc= > >> > > > > > > > > > > >> > =3O4p > >> > > > > > > > > > > >> > -----END PGP SIGNATURE----- > >> > > > > > > > > > > >> > > >> _________________________________________________ > >> > >> > > > > > > > > > > >> > keycloak-user mailing list > >> > > > > > > > > > > >> > keycloak-user at lists.jboss.org > >> > >> >> > > >> > > > > > > > > > > >> > > >> https://lists.jboss.org/__mailman/listinfo/keycloak-user > >> > >> > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > -- > >> > > > > > > > > > > >> > Rodrigo Sasaki > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> > > >> _________________________________________________ > >> > >> > > > > > > > > > > >> > keycloak-user mailing list > >> > > > > > > > > > > >> > keycloak-user at lists.jboss.org > >> > >> >> > > >> > > > > > > > > > > >> > > >> https://lists.jboss.org/__mailman/listinfo/keycloak-user > >> > >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > -- > >> > > > > > > > > > > > Rodrigo Sasaki > >> > > > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > -- > >> > > > > > > > > > > Rodrigo Sasaki > >> > > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > -- > >> > > > > > > > > Rodrigo Sasaki > >> > > > > > > > > > >> > > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > -- > >> > > > > > > Rodrigo Sasaki > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > > -- > >> > > > > Rodrigo Sasaki > >> > > > > > >> > > > > >> > > > >> > > > >> > > > >> > > -- > >> > > Rodrigo Sasaki > >> > > > >> > > >> > _________________________________________________ > >> > >> > keycloak-user mailing list > >> > keycloak-user at lists.jboss.org > >> > >> >> > > >> > > >> https://lists.jboss.org/__mailman/listinfo/keycloak-user > >> > >> > >> > >> > >> > >> > >> -- > >> Rodrigo Sasaki > >> > >> > >> -- > >> Bill Burke > >> JBoss, a division of Red Hat > >> http://bill.burkecentral.com > >> > >> > >> > >> > >> -- > >> Rodrigo Sasaki > >> > > > > -- > > Bill Burke > > JBoss, a division of Red Hat > > http://bill.burkecentral.com > > > > > > -- > Rodrigo Sasaki > From rodrigopsasaki at gmail.com Tue Jul 22 10:06:48 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Tue, 22 Jul 2014 11:06:48 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: <1703920550.15129364.1406037527645.JavaMail.zimbra@redhat.com> References: <438546910.12158401.1405609875586.JavaMail.zimbra@redhat.com> <53C8385A.8030400@redhat.com> <53C94D34.70307@redhat.com> <1703920550.15129364.1406037527645.JavaMail.zimbra@redhat.com> Message-ID: The thing is that I simply create an instance and assign an username UserRepresentation userRep = new UserRepresentation(); userRep.setUsername("user1"); realm.users().create(userRep); That create is a proxy of the interface, so I don't really know where I could interfere here with code. On Tue, Jul 22, 2014 at 10:58 AM, Stian Thorgersen wrote: > Try removing socialLinks instead of setting the value to null, or > specifying an empty array. > > ----- Original Message ----- > > From: "Rodrigo Sasaki" > > To: "Bill Burke" > > Cc: "Stian Thorgersen" , keycloak-user at lists.jboss.org > > Sent: Tuesday, 22 July, 2014 2:54:49 PM > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > I tried creating a user using the API, and I got a 400 status code, I > went > > to check everything, and it seems that I can't send "socialLinks", > > "realmRoles" and "applicationRoles" as null for some reason, I get this > > exception: > > > > org.codehaus.jackson.map.exc.UnrecognizedPropertyException: Unrecognized > > field "socialLinks" > > (Class org.keycloak.representations.idm.UserRepresentation), not > marked > > as ignorable > > > > But I know those values aren't mandatory. Is there a fix for this? > > > > > > On Fri, Jul 18, 2014 at 1:37 PM, Bill Burke wrote: > > > > > String token = getToken(); > > > final String authHeader = "Bearer " + token; > > > ClientRequestFilter authFilter = new ClientRequestFilter() { > > > @Override > > > public void filter(ClientRequestContext requestContext) throws > > > IOException { > > > > > > requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, authHeader); > > > > > > } > > > }; > > > > > > > > > ResteasyWebTarget target = client.target("http://localhost:8080/auth > "); > > > target.register(authFilter); > > > Admin admin = target.proxy(Admin.class); > > > > > > > > > > > > On 7/18/2014 12:26 PM, Rodrigo Sasaki wrote: > > > > > >> Can you help me with any hint or documentation regarding that > > >> BearerTokenFilter implementation? > > >> > > >> I understand that I have to create it myself, but I don't know what I > > >> should create. I tried browsing the web, but with no success.. Perhaps > > >> I'm missing the right keyword to find what I need > > >> > > >> > > >> On Thu, Jul 17, 2014 at 6:36 PM, Rodrigo Sasaki > > >> > wrote: > > >> > > >> That's perfect :) thanks for the help > > >> > > >> I'll get started on it as soon as I can > > >> > > >> On Jul 17, 2014 5:55 PM, "Bill Burke" > >> > wrote: > > >> > > >> @Path("/admin > > >> public interface Admin { > > >> @Path("realms/{realm}") > > >> Realm realm(@PathParameter("realm") realmName); > > >> } > > >> > > >> public interface Realm { > > >> @GET > > >> @Produces("application/json") > > >> RealmRepresentation get(); > > >> > > >> @DELETE > > >> void delete(); > > >> > > >> @PUT > > >> @Consumes("application/json") > > >> void update(RealmRepresentation rep); > > >> > > >> @Path("users") > > >> Users users(); > > >> } > > >> > > >> public interface Users { > > >> ... > > >> } > > >> > > >> FOllow me? > > >> > > >> Then its just > > >> > > >> ResteasyClient client = new ResteasyClientBuilder().build(__); > > >> ResteasyWebTarget target = > > >> client.target("http://__localhost:8080/auth > > >> > > >> "); > > >> > > >> String token = ... get a token ... > > >> > > >> target.register(new BearerTokenFilter(token)); // you'd have > to > > >> implement this > > >> > > >> Admin admin = target.proxy(Admin.class); > > >> > > >> admin.realm("master") > > >> > > >> That's about as much help I can give you right now. > > >> > > >> > > >> > > >> > > >> On 7/17/2014 11:18 AM, Rodrigo Sasaki wrote: > > >> > > >> OK, will do. > > >> > > >> Is there a way for me to do it like it is there? I'll > > >> explain a little > > >> better > > >> > > >> the class *AdminRoot* has the path set to "/admin", and it > > >> has a method > > >> getRealmsAdmin, with "realms" on the path, and on the > > >> *RealmsAdminResource* there's the getRealmAdmin mapped to > > >> "{realm}", > > >> making the full path for it "/admin/realms/{realm}", even > > >> though each > > >> one is in a different class. > > >> > > >> Is there a way for me to do it the same way, I don't know > > >> how the Proxy > > >> framework would understand that, maybe I would have to set > > >> the full path > > >> > > >> > > >> On Thu, Jul 17, 2014 at 12:11 PM, Stian Thorgersen > > >> > > >> >> > wrote: > > >> > > >> Rodrigo: just create your own interfaces. If you can > > >> try to keep > > >> them as consistent with jax-rs classes in services as > > >> you can that > > >> would be great. > > >> > > >> ----- Original Message ----- > > >> > From: "Stian Thorgersen" > >> > >> >> > > >> > To: "Rodrigo Sasaki" > >> > > >> > >> >>, "Bill Burke" > > >> > > >> >>> > > >> > Cc: keycloak-user at lists.jboss.org > > >> > > >> > >> > > >> > > > >> > Sent: Wednesday, 16 July, 2014 2:34:44 PM > > >> > Subject: Re: [keycloak-user] Java Keycloak REST > API > > >> Wrapper > > >> > > > >> > Bill: does it make sense for us to share > interfaces > > >> (with jax-rs > > >> annotations) > > >> > for services and admin-client? > > >> > > > >> > ----- Original Message ----- > > >> > > From: "Rodrigo Sasaki" < > rodrigopsasaki at gmail.com > > >> > > >> > >> >> > > >> > > To: "Stian Thorgersen" > >> > >> >> > > >> > > Cc: "Juraci Paix?o Kr?hling" < > juraci at kroehling.de > > >> > > >> juraci at kroehling.de > > >> >>>, > > >> > > keycloak-user at lists.jboss.org > > >> > > >> > >> > > >> > > > >> > > Sent: Wednesday, 16 July, 2014 2:31:35 PM > > >> > > Subject: Re: [keycloak-user] Java Keycloak REST > > >> API Wrapper > > >> > > > > >> > > I'll get on it for sure. > > >> > > > > >> > > Just one thing, should I create myself the > > >> interfaces for the > > >> services? Or > > >> > > is there a more integrated way to do that? > > >> > > > > >> > > > > >> > > On Wed, Jul 16, 2014 at 10:27 AM, Stian > Thorgersen > > >> > > >> >> > > >> > > >> > > wrote: > > >> > > > > >> > > > Great work with the admin-client. As I > commented > > >> on GitHub I > > >> added it to > > >> > > > 'admin-client' branch, and would like a few > > >> changes before > > >> merging to > > >> > > > master: > > >> > > > > > >> > > > * Make it use RestEasy client framwork > > >> > > > * Tests - I've added a starting point to > > >> > > > > > >> > https://github.com/keycloak/__keycloak/blob/admin-client/__ > > >> > testsuite/integration/src/__test/java/org/keycloak/__testsuite/admin/__ > > >> AdminClientTest.java > > >> > > >> > >> testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ > > >> AdminClientTest.java> > > >> > > > * Better error handling - instead of > swallowing > > >> exceptions it > > >> now throws > > >> > > > KeycloakException (RuntimeException), but > > >> there's HTTP > > >> response codes are > > >> > > > not checked (see above test that tries to > create > > >> two users > > >> with the same > > >> > > > username) > > >> > > > > > >> > > > If you're happy to do this work that would be > > >> awesome! > > >> > > > > > >> > > > ----- Original Message ----- > > >> > > > > From: "Rodrigo Sasaki" > > >> rodrigopsasaki at gmail.com> > > >> > >> >> > > >> > > > > To: "Stian Thorgersen" > >> > > >> >> > > >> > > > > Cc: "Juraci Paix?o Kr?hling" > > >> > > >> juraci at kroehling.de > > >> >>>, > > >> > > > keycloak-user at lists.jboss.org > > >> > > >> > >> > > >> > > > >> > > > > Sent: Monday, 14 July, 2014 2:44:48 PM > > >> > > > > Subject: Re: [keycloak-user] Java Keycloak > > >> REST API Wrapper > > >> > > > > > > >> > > > > Glad to hear it :) > > >> > > > > > > >> > > > > I'll be waiting on more replies and ideas to > > >> perhaps make > > >> it better. > > >> > > > > Thanks! :) > > >> > > > > > > >> > > > > > > >> > > > > On Mon, Jul 14, 2014 at 10:43 AM, Stian > > >> Thorgersen > > >> > > >> >> > > >> > > >> > > > wrote: > > >> > > > > > > >> > > > > > Great stuff, I'll have a look at it soon. > At > > >> first glance > > >> it looks > > >> > > > really > > >> > > > > > good! > > >> > > > > > > > >> > > > > > Thanks :) > > >> > > > > > > > >> > > > > > ----- Original Message ----- > > >> > > > > > > From: "Rodrigo Sasaki" > > >> rodrigopsasaki at gmail.com> > > >> > >> >> > > >> > > > > > > To: "Stian Thorgersen" < > stian at redhat.com > > >> > > >> >> > > >> > > > > > > Cc: "Juraci Paix?o Kr?hling" > > >> > > >> juraci at kroehling.de > > >> >>>, > > >> > > > > > keycloak-user at lists.jboss.org > > >> > > >> > >> > > >> > > > >> > > > > > > Sent: Monday, 14 July, 2014 2:40:17 PM > > >> > > > > > > Subject: Re: [keycloak-user] Java > Keycloak > > >> REST API Wrapper > > >> > > > > > > > > >> > > > > > > PR submitted :) > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > On Fri, Jul 11, 2014 at 9:56 AM, Stian > > >> Thorgersen > > >> > > > > > > > >> > >> > > >> >> > > >> > > > > > wrote: > > >> > > > > > > > > >> > > > > > > > Please change package names to > > >> 'org.keycloak.admin.client' > > >> > > > > > > > > > >> > > > > > > > ----- Original Message ----- > > >> > > > > > > > > From: "Rodrigo Sasaki" > > >> rodrigopsasaki at gmail.com> > > >> > >> >> > > >> > > > > > > > > To: "Stian Thorgersen" > > >> > > >> >> > > >> > > > > > > > > Cc: "Juraci Paix?o Kr?hling" > > >> > > >> juraci at kroehling.de > > >> >>>, > > >> > > > > > > > keycloak-user at lists.jboss.org > > >> > > >> > >> > > >> > > > >> > > > > > > > > Sent: Friday, 11 July, 2014 1:51:41 > PM > > >> > > > > > > > > Subject: Re: [keycloak-user] Java > > >> Keycloak REST API > > >> Wrapper > > >> > > > > > > > > > > >> > > > > > > > > Just one more question, I created it > > >> with my > > >> companies' name in > > >> > > > the > > >> > > > > > > > > package, should I replace it? Or > just > > >> upload it as is? > > >> > > > > > > > > > > >> > > > > > > > > It's br.com.icarros.keycloak.api > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > On Fri, Jul 11, 2014 at 4:13 AM, > Stian > > >> Thorgersen < > > >> > > > stian at redhat.com > > >> >> > > >> > > >> > > > > > > > wrote: > > >> > > > > > > > > > > >> > > > > > > > > > You can create a new module for > it in: > > >> > > > > > > > > > > > >> > > > > > > > > > integration/admin-client > > >> > > > > > > > > > > > >> > > > > > > > > > ----- Original Message ----- > > >> > > > > > > > > > > From: "Rodrigo Sasaki" > > >> > >> > > >> > >> >> > > >> > > > > > > > > > > To: "Stian Thorgersen" > > >> > > >> >> > > >> > > > > > > > > > > Cc: "Juraci Paix?o Kr?hling" > > >> > > >> >>>, > > >> > > > > > > > > > keycloak-user at lists.jboss.org > > >> > > >> > >> > > >> > > > >> > > > > > > > > > > Sent: Thursday, 10 July, 2014 > > >> 8:50:00 PM > > >> > > > > > > > > > > Subject: Re: [keycloak-user] > Java > > >> Keycloak REST > > >> API Wrapper > > >> > > > > > > > > > > > > >> > > > > > > > > > > Stian, how should I send the > code > > >> that I made > > >> to the > > >> > > > > > > > > > > Keycloak > > >> > > > > > repo? > > >> > > > > > > > > > > > > >> > > > > > > > > > > Can you tell me what module name > > >> to use, and > > >> where to > > >> > > > > > > > > > > create > > >> > > > it? > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 AM, > > >> Rodrigo Sasaki < > > >> > > > > > > > > > rodrigopsasaki at gmail.com > > >> > > >> > >> > > >> >> > > >> > > > > > > > > > > wrote: > > >> > > > > > > > > > > > > >> > > > > > > > > > > > I would really like to do that > > >> :) All I'm > > >> waiting for is > > >> > > > an OK > > >> > > > > > to > > >> > > > > > > > do > > >> > > > > > > > > > it, > > >> > > > > > > > > > > > because it was built inside > the > > >> company, so I > > >> need > > >> > > > approval. > > >> > > > > > > > > > > > > > >> > > > > > > > > > > > But I really believe it'll > get a > > >> lot better > > >> when it's out > > >> > > > > > there, > > >> > > > > > > > and > > >> > > > > > > > > > you > > >> > > > > > > > > > > > can all pitch in > > >> > > > > > > > > > > > > > >> > > > > > > > > > > > > > >> > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 > AM, > > >> Stian > > >> Thorgersen < > > >> > > > > > stian at redhat.com > > > >> > > > >> > > >> > > > > > > > > > > >> > > > > > > > > > wrote: > > >> > > > > > > > > > > > > > >> > > > > > > > > > > >> Ideal way to contribute it to > > >> Keycloak would > > >> be if you > > >> > > > fork > > >> > > > > > the > > >> > > > > > > > > > Keycloak > > >> > > > > > > > > > > >> repo, add a module and do a > PR ;) > > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> ----- Original Message ----- > > >> > > > > > > > > > > >> > From: "Rodrigo Sasaki" > > >> > >> > > >> > >> >> > > >> > > > > > > > > > > >> > To: "Juraci Paix?o > Kr?hling" > > >> > > >> >>> > > >> > > > > > > > > > > >> > Cc: > > >> keycloak-user at lists.jboss.org > > >> > > >> > >> > > >> > > > >> > > > > > > > > > > >> > Sent: Tuesday, 8 July, 2014 > > >> 1:50:14 PM > > >> > > > > > > > > > > >> > Subject: Re: > [keycloak-user] > > >> Java Keycloak > > >> REST API > > >> > > > Wrapper > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > Oh yes, I believe it is > > >> already very usable. > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > All I need now is to get my > > >> manager to > > >> agree to make > > >> > > > this > > >> > > > > > repo > > >> > > > > > > > > > public, > > >> > > > > > > > > > > >> > because there is a policy > > >> that all repos > > >> are private > > >> > > > > > > > > > > >> > in > > >> > > > this > > >> > > > > > > > project > > >> > > > > > > > > > > >> we're > > >> > > > > > > > > > > >> > working in, but I don't > think > > >> we'll have > > >> problems with > > >> > > > > > this. I > > >> > > > > > > > > > pitched > > >> > > > > > > > > > > >> him > > >> > > > > > > > > > > >> > the idea of contributing to > > >> Keycloak and > > >> he seemed to > > >> > > > like > > >> > > > > > it > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > On Tue, Jul 8, 2014 at 9:32 > > >> AM, Juraci > > >> Paix?o Kr?hling > > >> > > > > > > > > > > >> > < > > >> > > > > > > > > > > >> juraci at kroehling.de > > >> > >> > > >> > > > >> > > > > > > > > > > >> > > wrote: > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > -----BEGIN PGP SIGNED > > >> MESSAGE----- > > >> > > > > > > > > > > >> > Hash: SHA512 > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > Hello Rodrigo, > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > Do you have news about > this? > > >> I'm working > > >> on a task > > >> > > > > > > > > > > >> > that > > >> > > > > > would > > >> > > > > > > > > > require > > >> > > > > > > > > > > >> > me to do something similar, > > >> so, I think it > > >> would best > > >> > > > if we > > >> > > > > > can > > >> > > > > > > > > > > >> > collaborate on this API :-) > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > If/when you have some time, > > >> we could have > > >> a chat via > > >> > > > > > > > > > > >> > IRC > > >> > > > > > > > > > (jpkroehling > > >> > > > > > > > > > > >> > at #keycloak on freenode). > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > - - Juca. > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > On 06/20/2014 10:00 PM, > > >> Rodrigo Sasaki wrote: > > >> > > > > > > > > > > >> > > I'm working on a > Java-based > > >> wrapper for > > >> the REST > > >> > > > > > > > > > > >> > > API, > > >> > > > to > > >> > > > > > make > > >> > > > > > > > it > > >> > > > > > > > > > > >> > > look more OO, abstracting > > >> the access to > > >> servers. > > >> > > > > > > > > > > >> > > > > >> > > > > > > > > > > >> > > It uses methods such as > > >> > > > > > > > > > > >> > > > > >> > > > > > > > > > > >> > > User bill = > > >> realm.getUser("bburke") > > >> > > > > > List > > >> > > > > > > > roles > > >> > > > > > > > > > > >> > > = > > >> > > > > > > > > > > >> > > > > >> > bill.__getApplicationRoleMappings("__customer-portal"); > > >> > > >> > > > > > > > > > > >> > > > > >> > > > > > > > > > > >> > > It's still in it's early > > >> stages, but if > > >> you find it > > >> > > > > > > > interesting, > > >> > > > > > > > > > > >> > > I'd be happy to create a > > >> repo for other > > >> Java users > > >> > > > > > > > > > > >> > > to > > >> > > > use > > >> > > > > > it, > > >> > > > > > > > and > > >> > > > > > > > > > > >> > > adapt it based on > > >> suggestions aswell. > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > -----BEGIN PGP > SIGNATURE----- > > >> > > > > > > > > > > >> > Version: GnuPG v2 > > >> > > > > > > > > > > >> > Comment: Using GnuPG with > > >> Thunderbird - > > >> > > > > > > > http://www.enigmail.net/ > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > > > >> > > > > > > > >> > > >> iQEcBAEBCgAGBQJTu+__ThAAoJEDnJtskdmzLM4PcH/__ > > >> jShu9J6nnV92HqSyqyy4y7d > > >> > > > > > > > > > > >> > > > >> > > > > > > > >> > > >> snhFqt4G+__aqyhdH4iiOUbV36Zb07fPnO5w7s9vc > > >> __r79YLGjuAWaODIzU1D1yZxbyA > > >> > > > > > > > > > > >> > > > >> > > > > > > > >> > > >> X4e3y5ClCSZMefHGSXoCOs7U+__cVuCAUivCXBhe+hIb4pM/2krlhaS+_ > > >> _ai3I2Ur43Z > > >> > > > > > > > > > > >> > > > >> > > > > > > > >> > > >> 5uzPS+__pz983y2i1UGkhJBzqv8MVabNPq3vC+ > > >> __LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > > >> > > > > > > > > > > >> > > > >> > > > > > > > >> > > >> srdtReO5uC0/HjtfzrNP+__ErY1WpIEFAuHW5abtL7HHwvdZYNgYU > > >> __Ij6f8w8oGGLMp > > >> > > > > > > > > > > >> > > > >> > > > > > > > >> > > >> iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk__ > > >> 2anqeUu5qcvCaPyMQA8edvgctc4a2j__bJc= > > >> > > > > > > > > > > >> > =3O4p > > >> > > > > > > > > > > >> > -----END PGP SIGNATURE----- > > >> > > > > > > > > > > >> > > > >> _________________________________________________ > > >> > > >> > > > > > > > > > > >> > keycloak-user mailing list > > >> > > > > > > > > > > >> > > keycloak-user at lists.jboss.org > > >> > > >> > >> > > > >> > > > > > > > > > > >> > > > >> https://lists.jboss.org/__mailman/listinfo/keycloak-user > > >> > > >> > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > -- > > >> > > > > > > > > > > >> > Rodrigo Sasaki > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > > > >> _________________________________________________ > > >> > > >> > > > > > > > > > > >> > keycloak-user mailing list > > >> > > > > > > > > > > >> > > keycloak-user at lists.jboss.org > > >> > > >> > >> > > > >> > > > > > > > > > > >> > > > >> https://lists.jboss.org/__mailman/listinfo/keycloak-user > > >> > > >> > > >> > > > > > > > > > > >> > > >> > > > > > > > > > > > > > >> > > > > > > > > > > > > > >> > > > > > > > > > > > > > >> > > > > > > > > > > > -- > > >> > > > > > > > > > > > Rodrigo Sasaki > > >> > > > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > -- > > >> > > > > > > > > > > Rodrigo Sasaki > > >> > > > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > -- > > >> > > > > > > > > Rodrigo Sasaki > > >> > > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > -- > > >> > > > > > > Rodrigo Sasaki > > >> > > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > -- > > >> > > > > Rodrigo Sasaki > > >> > > > > > > >> > > > > > >> > > > > >> > > > > >> > > > > >> > > -- > > >> > > Rodrigo Sasaki > > >> > > > > >> > > > >> > _________________________________________________ > > >> > > >> > keycloak-user mailing list > > >> > keycloak-user at lists.jboss.org > > >> > > >> > >> > > > >> > > > >> https://lists.jboss.org/__mailman/listinfo/keycloak-user > > >> > > >> > > >> > > >> > > >> > > >> > > >> -- > > >> Rodrigo Sasaki > > >> > > >> > > >> -- > > >> Bill Burke > > >> JBoss, a division of Red Hat > > >> http://bill.burkecentral.com > > >> > > >> > > >> > > >> > > >> -- > > >> Rodrigo Sasaki > > >> > > > > > > -- > > > Bill Burke > > > JBoss, a division of Red Hat > > > http://bill.burkecentral.com > > > > > > > > > > > -- > > Rodrigo Sasaki > > > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140722/1cf6cd38/attachment-0001.html From j.kamal at ymail.com Tue Jul 22 12:03:47 2014 From: j.kamal at ymail.com (Kamal Jagadevan) Date: Tue, 22 Jul 2014 09:03:47 -0700 Subject: [keycloak-user] Using H2 database in PROD Message-ID: <1406045027.35147.YahooMailNeo@web120203.mail.ne1.yahoo.com> Hello, ? ?Are there any Strong reasons/recommendation for moving Keycloak backend from H2 database to a different database? I noticed this in the Reference guide "....you might want to use a better relational database for Keycloak like PostgreSQL"... Our application is on-premise solution and wouldn't involve with substantially large number of users. Please advise if we can go with Keycloak & H2 database for production. Best Kamal -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140722/3483087e/attachment.html From stian at redhat.com Wed Jul 23 04:18:30 2014 From: stian at redhat.com (Stian Thorgersen) Date: Wed, 23 Jul 2014 04:18:30 -0400 (EDT) Subject: [keycloak-user] Using H2 database in PROD In-Reply-To: <1406045027.35147.YahooMailNeo@web120203.mail.ne1.yahoo.com> References: <1406045027.35147.YahooMailNeo@web120203.mail.ne1.yahoo.com> Message-ID: <676439029.16120110.1406103510972.JavaMail.zimbra@redhat.com> You may be able to use H2, but it would require testing it with the load that you're expecting. You may also need to do some tuning to make it work properly as at least there used to be issues around concurrency. End of the day MySQL or PostgreSQL are a lot more mature databases so you are much less likely to encounter bugs or concurrency/load issues. ----- Original Message ----- > From: "Kamal Jagadevan" > To: keycloak-user at lists.jboss.org > Sent: Tuesday, 22 July, 2014 5:03:47 PM > Subject: [keycloak-user] Using H2 database in PROD > > Hello, > > Are there any Strong reasons/recommendation for moving Keycloak backend from > H2 database to a different database? > I noticed this in the Reference guide "....you might want to use a better > relational database for Keycloak like PostgreSQL"... > > Our application is on-premise solution and wouldn't involve with > substantially large number of users. > Please advise if we can go with Keycloak & H2 database for production. > > Best > Kamal > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user From rodrigopsasaki at gmail.com Wed Jul 23 09:50:33 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Wed, 23 Jul 2014 10:50:33 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <438546910.12158401.1405609875586.JavaMail.zimbra@redhat.com> <53C8385A.8030400@redhat.com> <53C94D34.70307@redhat.com> <1703920550.15129364.1406037527645.JavaMail.zimbra@redhat.com> Message-ID: The problem was that the version of keycloak we have in production is based on the beta-2, and the UserRepresentation there is different, sorry about this. I submitted a PR with the alterations On Tue, Jul 22, 2014 at 11:06 AM, Rodrigo Sasaki wrote: > The thing is that I simply create an instance and assign an username > > UserRepresentation userRep = new UserRepresentation(); > userRep.setUsername("user1"); > realm.users().create(userRep); > > That create is a proxy of the interface, so I don't really know where I > could interfere here with code. > > > On Tue, Jul 22, 2014 at 10:58 AM, Stian Thorgersen > wrote: > >> Try removing socialLinks instead of setting the value to null, or >> specifying an empty array. >> >> ----- Original Message ----- >> > From: "Rodrigo Sasaki" >> > To: "Bill Burke" >> > Cc: "Stian Thorgersen" , >> keycloak-user at lists.jboss.org >> > Sent: Tuesday, 22 July, 2014 2:54:49 PM >> > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper >> > >> > I tried creating a user using the API, and I got a 400 status code, I >> went >> > to check everything, and it seems that I can't send "socialLinks", >> > "realmRoles" and "applicationRoles" as null for some reason, I get this >> > exception: >> > >> > org.codehaus.jackson.map.exc.UnrecognizedPropertyException: Unrecognized >> > field "socialLinks" >> > (Class org.keycloak.representations.idm.UserRepresentation), not >> marked >> > as ignorable >> > >> > But I know those values aren't mandatory. Is there a fix for this? >> > >> > >> > On Fri, Jul 18, 2014 at 1:37 PM, Bill Burke wrote: >> > >> > > String token = getToken(); >> > > final String authHeader = "Bearer " + token; >> > > ClientRequestFilter authFilter = new ClientRequestFilter() { >> > > @Override >> > > public void filter(ClientRequestContext requestContext) throws >> > > IOException { >> > > >> > > requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, >> authHeader); >> > > >> > > } >> > > }; >> > > >> > > >> > > ResteasyWebTarget target = client.target("http://localhost:8080/auth >> "); >> > > target.register(authFilter); >> > > Admin admin = target.proxy(Admin.class); >> > > >> > > >> > > >> > > On 7/18/2014 12:26 PM, Rodrigo Sasaki wrote: >> > > >> > >> Can you help me with any hint or documentation regarding that >> > >> BearerTokenFilter implementation? >> > >> >> > >> I understand that I have to create it myself, but I don't know what I >> > >> should create. I tried browsing the web, but with no success.. >> Perhaps >> > >> I'm missing the right keyword to find what I need >> > >> >> > >> >> > >> On Thu, Jul 17, 2014 at 6:36 PM, Rodrigo Sasaki >> > >> > wrote: >> > >> >> > >> That's perfect :) thanks for the help >> > >> >> > >> I'll get started on it as soon as I can >> > >> >> > >> On Jul 17, 2014 5:55 PM, "Bill Burke" > > >> > wrote: >> > >> >> > >> @Path("/admin >> > >> public interface Admin { >> > >> @Path("realms/{realm}") >> > >> Realm realm(@PathParameter("realm") realmName); >> > >> } >> > >> >> > >> public interface Realm { >> > >> @GET >> > >> @Produces("application/json") >> > >> RealmRepresentation get(); >> > >> >> > >> @DELETE >> > >> void delete(); >> > >> >> > >> @PUT >> > >> @Consumes("application/json") >> > >> void update(RealmRepresentation rep); >> > >> >> > >> @Path("users") >> > >> Users users(); >> > >> } >> > >> >> > >> public interface Users { >> > >> ... >> > >> } >> > >> >> > >> FOllow me? >> > >> >> > >> Then its just >> > >> >> > >> ResteasyClient client = new >> ResteasyClientBuilder().build(__); >> > >> ResteasyWebTarget target = >> > >> client.target("http://__localhost:8080/auth >> > >> >> > >> "); >> > >> >> > >> String token = ... get a token ... >> > >> >> > >> target.register(new BearerTokenFilter(token)); // you'd have >> to >> > >> implement this >> > >> >> > >> Admin admin = target.proxy(Admin.class); >> > >> >> > >> admin.realm("master") >> > >> >> > >> That's about as much help I can give you right now. >> > >> >> > >> >> > >> >> > >> >> > >> On 7/17/2014 11:18 AM, Rodrigo Sasaki wrote: >> > >> >> > >> OK, will do. >> > >> >> > >> Is there a way for me to do it like it is there? I'll >> > >> explain a little >> > >> better >> > >> >> > >> the class *AdminRoot* has the path set to "/admin", and >> it >> > >> has a method >> > >> getRealmsAdmin, with "realms" on the path, and on the >> > >> *RealmsAdminResource* there's the getRealmAdmin mapped to >> > >> "{realm}", >> > >> making the full path for it "/admin/realms/{realm}", even >> > >> though each >> > >> one is in a different class. >> > >> >> > >> Is there a way for me to do it the same way, I don't know >> > >> how the Proxy >> > >> framework would understand that, maybe I would have to >> set >> > >> the full path >> > >> >> > >> >> > >> On Thu, Jul 17, 2014 at 12:11 PM, Stian Thorgersen >> > >> >> > >> >> >> wrote: >> > >> >> > >> Rodrigo: just create your own interfaces. If you can >> > >> try to keep >> > >> them as consistent with jax-rs classes in services >> as >> > >> you can that >> > >> would be great. >> > >> >> > >> ----- Original Message ----- >> > >> > From: "Stian Thorgersen" > > >> > > >> >> >> > >> > To: "Rodrigo Sasaki" > > >> >> > >> > > >> >>, "Bill Burke" >> > >> >> > >> > >>> >> > >> > Cc: keycloak-user at lists.jboss.org >> > >> >> > >> > > >> >> > >> > >> > >> > Sent: Wednesday, 16 July, 2014 2:34:44 PM >> > >> > Subject: Re: [keycloak-user] Java Keycloak REST >> API >> > >> Wrapper >> > >> > >> > >> > Bill: does it make sense for us to share >> interfaces >> > >> (with jax-rs >> > >> annotations) >> > >> > for services and admin-client? >> > >> > >> > >> > ----- Original Message ----- >> > >> > > From: "Rodrigo Sasaki" < >> rodrigopsasaki at gmail.com >> > >> >> > >> > > >> >> >> > >> > > To: "Stian Thorgersen" > > >> > > >> >> >> > >> > > Cc: "Juraci Paix?o Kr?hling" < >> juraci at kroehling.de >> > >> >> > >> > juraci at kroehling.de >> > >> >>>, >> > >> > > keycloak-user at lists.jboss.org >> > >> >> > >> > > >> >> > >> > >> > >> > > Sent: Wednesday, 16 July, 2014 2:31:35 PM >> > >> > > Subject: Re: [keycloak-user] Java Keycloak REST >> > >> API Wrapper >> > >> > > >> > >> > > I'll get on it for sure. >> > >> > > >> > >> > > Just one thing, should I create myself the >> > >> interfaces for the >> > >> services? Or >> > >> > > is there a more integrated way to do that? >> > >> > > >> > >> > > >> > >> > > On Wed, Jul 16, 2014 at 10:27 AM, Stian >> Thorgersen >> > >> >> > >> >> >> > >> >> > >> > > wrote: >> > >> > > >> > >> > > > Great work with the admin-client. As I >> commented >> > >> on GitHub I >> > >> added it to >> > >> > > > 'admin-client' branch, and would like a few >> > >> changes before >> > >> merging to >> > >> > > > master: >> > >> > > > >> > >> > > > * Make it use RestEasy client framwork >> > >> > > > * Tests - I've added a starting point to >> > >> > > > >> > >> >> https://github.com/keycloak/__keycloak/blob/admin-client/__ >> > >> >> testsuite/integration/src/__test/java/org/keycloak/__testsuite/admin/__ >> > >> AdminClientTest.java >> > >> >> > >> > > >> testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ >> > >> AdminClientTest.java> >> > >> > > > * Better error handling - instead of >> swallowing >> > >> exceptions it >> > >> now throws >> > >> > > > KeycloakException (RuntimeException), but >> > >> there's HTTP >> > >> response codes are >> > >> > > > not checked (see above test that tries to >> create >> > >> two users >> > >> with the same >> > >> > > > username) >> > >> > > > >> > >> > > > If you're happy to do this work that would be >> > >> awesome! >> > >> > > > >> > >> > > > ----- Original Message ----- >> > >> > > > > From: "Rodrigo Sasaki" >> > >> > rodrigopsasaki at gmail.com> >> > >> > > >> >> >> > >> > > > > To: "Stian Thorgersen" > > >> >> > >> > >>> >> > >> > > > > Cc: "Juraci Paix?o Kr?hling" >> > >> >> > >> > juraci at kroehling.de >> > >> >>>, >> > >> > > > keycloak-user at lists.jboss.org >> > >> >> > >> > > >> >> > >> > >> > >> > > > > Sent: Monday, 14 July, 2014 2:44:48 PM >> > >> > > > > Subject: Re: [keycloak-user] Java Keycloak >> > >> REST API Wrapper >> > >> > > > > >> > >> > > > > Glad to hear it :) >> > >> > > > > >> > >> > > > > I'll be waiting on more replies and ideas >> to >> > >> perhaps make >> > >> it better. >> > >> > > > > Thanks! :) >> > >> > > > > >> > >> > > > > >> > >> > > > > On Mon, Jul 14, 2014 at 10:43 AM, Stian >> > >> Thorgersen >> > >> >> > >> >> >> > >> >> > >> > > > wrote: >> > >> > > > > >> > >> > > > > > Great stuff, I'll have a look at it >> soon. At >> > >> first glance >> > >> it looks >> > >> > > > really >> > >> > > > > > good! >> > >> > > > > > >> > >> > > > > > Thanks :) >> > >> > > > > > >> > >> > > > > > ----- Original Message ----- >> > >> > > > > > > From: "Rodrigo Sasaki" >> > >> > rodrigopsasaki at gmail.com> >> > >> > > >> >> >> > >> > > > > > > To: "Stian Thorgersen" < >> stian at redhat.com >> > >> >> > >> > >>> >> > >> > > > > > > Cc: "Juraci Paix?o Kr?hling" >> > >> >> > >> > juraci at kroehling.de >> > >> >>>, >> > >> > > > > > keycloak-user at lists.jboss.org >> > >> >> > >> > > >> >> > >> > >> > >> > > > > > > Sent: Monday, 14 July, 2014 2:40:17 PM >> > >> > > > > > > Subject: Re: [keycloak-user] Java >> Keycloak >> > >> REST API Wrapper >> > >> > > > > > > >> > >> > > > > > > PR submitted :) >> > >> > > > > > > >> > >> > > > > > > >> > >> > > > > > > On Fri, Jul 11, 2014 at 9:56 AM, Stian >> > >> Thorgersen >> > >> > > > > > > > > >> > > >> >> > >> >> >> > >> > > > > > wrote: >> > >> > > > > > > >> > >> > > > > > > > Please change package names to >> > >> 'org.keycloak.admin.client' >> > >> > > > > > > > >> > >> > > > > > > > ----- Original Message ----- >> > >> > > > > > > > > From: "Rodrigo Sasaki" >> > >> > rodrigopsasaki at gmail.com> >> > >> > > >> >> >> > >> > > > > > > > > To: "Stian Thorgersen" >> > >> >> > >> > >>> >> > >> > > > > > > > > Cc: "Juraci Paix?o Kr?hling" >> > >> >> > >> > juraci at kroehling.de >> > >> >>>, >> > >> > > > > > > > keycloak-user at lists.jboss.org >> > >> >> > >> > > >> >> > >> > >> > >> > > > > > > > > Sent: Friday, 11 July, 2014 >> 1:51:41 PM >> > >> > > > > > > > > Subject: Re: [keycloak-user] Java >> > >> Keycloak REST API >> > >> Wrapper >> > >> > > > > > > > > >> > >> > > > > > > > > Just one more question, I created >> it >> > >> with my >> > >> companies' name in >> > >> > > > the >> > >> > > > > > > > > package, should I replace it? Or >> just >> > >> upload it as is? >> > >> > > > > > > > > >> > >> > > > > > > > > It's br.com.icarros.keycloak.api >> > >> > > > > > > > > >> > >> > > > > > > > > >> > >> > > > > > > > > >> > >> > > > > > > > > >> > >> > > > > > > > > On Fri, Jul 11, 2014 at 4:13 AM, >> Stian >> > >> Thorgersen < >> > >> > > > stian at redhat.com >> > >> >> >> > >> >> > >> > > > > > > > wrote: >> > >> > > > > > > > > >> > >> > > > > > > > > > You can create a new module for >> it in: >> > >> > > > > > > > > > >> > >> > > > > > > > > > integration/admin-client >> > >> > > > > > > > > > >> > >> > > > > > > > > > ----- Original Message ----- >> > >> > > > > > > > > > > From: "Rodrigo Sasaki" >> > >> > > >> >> > >> > > >> >> >> > >> > > > > > > > > > > To: "Stian Thorgersen" >> > >> >> > >> > >>> >> > >> > > > > > > > > > > Cc: "Juraci Paix?o Kr?hling" >> > >> >> > >> > >>>, >> > >> > > > > > > > > > keycloak-user at lists.jboss.org >> > >> >> > >> > > >> >> > >> > >> > >> > > > > > > > > > > Sent: Thursday, 10 July, 2014 >> > >> 8:50:00 PM >> > >> > > > > > > > > > > Subject: Re: [keycloak-user] >> Java >> > >> Keycloak REST >> > >> API Wrapper >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > Stian, how should I send the >> code >> > >> that I made >> > >> to the >> > >> > > > > > > > > > > Keycloak >> > >> > > > > > repo? >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > Can you tell me what module >> name >> > >> to use, and >> > >> where to >> > >> > > > > > > > > > > create >> > >> > > > it? >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > On Tue, Jul 8, 2014 at 10:00 >> AM, >> > >> Rodrigo Sasaki < >> > >> > > > > > > > > > rodrigopsasaki at gmail.com >> > >> >> > >> > > >> >> > >> >> >> > >> > > > > > > > > > > wrote: >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > > I would really like to do >> that >> > >> :) All I'm >> > >> waiting for is >> > >> > > > an OK >> > >> > > > > > to >> > >> > > > > > > > do >> > >> > > > > > > > > > it, >> > >> > > > > > > > > > > > because it was built inside >> the >> > >> company, so I >> > >> need >> > >> > > > approval. >> > >> > > > > > > > > > > > >> > >> > > > > > > > > > > > But I really believe it'll >> get a >> > >> lot better >> > >> when it's out >> > >> > > > > > there, >> > >> > > > > > > > and >> > >> > > > > > > > > > you >> > >> > > > > > > > > > > > can all pitch in >> > >> > > > > > > > > > > > >> > >> > > > > > > > > > > > >> > >> > > > > > > > > > > > On Tue, Jul 8, 2014 at 9:55 >> AM, >> > >> Stian >> > >> Thorgersen < >> > >> > > > > > stian at redhat.com > stian at redhat.com> >> > >> > >> > >> >> > >> > > > > > > > > >> > >> > > > > > > > > > wrote: >> > >> > > > > > > > > > > > >> > >> > > > > > > > > > > >> Ideal way to contribute it >> to >> > >> Keycloak would >> > >> be if you >> > >> > > > fork >> > >> > > > > > the >> > >> > > > > > > > > > Keycloak >> > >> > > > > > > > > > > >> repo, add a module and do a >> PR ;) >> > >> > > > > > > > > > > >> >> > >> > > > > > > > > > > >> ----- Original Message ----- >> > >> > > > > > > > > > > >> > From: "Rodrigo Sasaki" >> > >> > > >> >> > >> > > >> >> >> > >> > > > > > > > > > > >> > To: "Juraci Paix?o >> Kr?hling" >> > >> >> > >> > >>> >> > >> > > > > > > > > > > >> > Cc: >> > >> keycloak-user at lists.jboss.org >> > >> >> > >> > > >> >> > >> > >> > >> > > > > > > > > > > >> > Sent: Tuesday, 8 July, >> 2014 >> > >> 1:50:14 PM >> > >> > > > > > > > > > > >> > Subject: Re: >> [keycloak-user] >> > >> Java Keycloak >> > >> REST API >> > >> > > > Wrapper >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > Oh yes, I believe it is >> > >> already very usable. >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > All I need now is to get >> my >> > >> manager to >> > >> agree to make >> > >> > > > this >> > >> > > > > > repo >> > >> > > > > > > > > > public, >> > >> > > > > > > > > > > >> > because there is a policy >> > >> that all repos >> > >> are private >> > >> > > > > > > > > > > >> > in >> > >> > > > this >> > >> > > > > > > > project >> > >> > > > > > > > > > > >> we're >> > >> > > > > > > > > > > >> > working in, but I don't >> think >> > >> we'll have >> > >> problems with >> > >> > > > > > this. I >> > >> > > > > > > > > > pitched >> > >> > > > > > > > > > > >> him >> > >> > > > > > > > > > > >> > the idea of contributing >> to >> > >> Keycloak and >> > >> he seemed to >> > >> > > > like >> > >> > > > > > it >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > On Tue, Jul 8, 2014 at >> 9:32 >> > >> AM, Juraci >> > >> Paix?o Kr?hling >> > >> > > > > > > > > > > >> > < >> > >> > > > > > > > > > > >> juraci at kroehling.de >> > >> > > >> >> > >> > >> > >> > > > > > > > > > > >> > > wrote: >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > -----BEGIN PGP SIGNED >> > >> MESSAGE----- >> > >> > > > > > > > > > > >> > Hash: SHA512 >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > Hello Rodrigo, >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > Do you have news about >> this? >> > >> I'm working >> > >> on a task >> > >> > > > > > > > > > > >> > that >> > >> > > > > > would >> > >> > > > > > > > > > require >> > >> > > > > > > > > > > >> > me to do something >> similar, >> > >> so, I think it >> > >> would best >> > >> > > > if we >> > >> > > > > > can >> > >> > > > > > > > > > > >> > collaborate on this API >> :-) >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > If/when you have some >> time, >> > >> we could have >> > >> a chat via >> > >> > > > > > > > > > > >> > IRC >> > >> > > > > > > > > > (jpkroehling >> > >> > > > > > > > > > > >> > at #keycloak on freenode). >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > - - Juca. >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > On 06/20/2014 10:00 PM, >> > >> Rodrigo Sasaki wrote: >> > >> > > > > > > > > > > >> > > I'm working on a >> Java-based >> > >> wrapper for >> > >> the REST >> > >> > > > > > > > > > > >> > > API, >> > >> > > > to >> > >> > > > > > make >> > >> > > > > > > > it >> > >> > > > > > > > > > > >> > > look more OO, >> abstracting >> > >> the access to >> > >> servers. >> > >> > > > > > > > > > > >> > > >> > >> > > > > > > > > > > >> > > It uses methods such as >> > >> > > > > > > > > > > >> > > >> > >> > > > > > > > > > > >> > > User bill = >> > >> realm.getUser("bburke") >> > >> > > > > > List >> > >> > > > > > > > roles >> > >> > > > > > > > > > > >> > > = >> > >> > > > > > > > > > > >> > > >> > >> >> bill.__getApplicationRoleMappings("__customer-portal"); >> > >> >> > >> > > > > > > > > > > >> > > >> > >> > > > > > > > > > > >> > > It's still in it's early >> > >> stages, but if >> > >> you find it >> > >> > > > > > > > interesting, >> > >> > > > > > > > > > > >> > > I'd be happy to create a >> > >> repo for other >> > >> Java users >> > >> > > > > > > > > > > >> > > to >> > >> > > > use >> > >> > > > > > it, >> > >> > > > > > > > and >> > >> > > > > > > > > > > >> > > adapt it based on >> > >> suggestions aswell. >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > -----BEGIN PGP >> SIGNATURE----- >> > >> > > > > > > > > > > >> > Version: GnuPG v2 >> > >> > > > > > > > > > > >> > Comment: Using GnuPG with >> > >> Thunderbird - >> > >> > > > > > > > http://www.enigmail.net/ >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > >> > >> > > > > > >> > >> >> > >> iQEcBAEBCgAGBQJTu+__ThAAoJEDnJtskdmzLM4PcH/__ >> > >> jShu9J6nnV92HqSyqyy4y7d >> > >> > > > > > > > > > > >> > >> > >> > > > > > >> > >> >> > >> snhFqt4G+__aqyhdH4iiOUbV36Zb07fPnO5w7s9vc >> > >> __r79YLGjuAWaODIzU1D1yZxbyA >> > >> > > > > > > > > > > >> > >> > >> > > > > > >> > >> >> > >> X4e3y5ClCSZMefHGSXoCOs7U+__cVuCAUivCXBhe+hIb4pM/2krlhaS+_ >> > >> _ai3I2Ur43Z >> > >> > > > > > > > > > > >> > >> > >> > > > > > >> > >> >> > >> 5uzPS+__pz983y2i1UGkhJBzqv8MVabNPq3vC+ >> > >> __LX2bK9vEmd4Qiz0LdC9jwP23DZY9 >> > >> > > > > > > > > > > >> > >> > >> > > > > > >> > >> >> > >> srdtReO5uC0/HjtfzrNP+__ErY1WpIEFAuHW5abtL7HHwvdZYNgYU >> > >> __Ij6f8w8oGGLMp >> > >> > > > > > > > > > > >> > >> > >> > > > > > >> > >> >> > >> iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk__ >> > >> 2anqeUu5qcvCaPyMQA8edvgctc4a2j__bJc= >> > >> > > > > > > > > > > >> > =3O4p >> > >> > > > > > > > > > > >> > -----END PGP >> SIGNATURE----- >> > >> > > > > > > > > > > >> > >> > >> _________________________________________________ >> > >> >> > >> > > > > > > > > > > >> > keycloak-user mailing list >> > >> > > > > > > > > > > >> > >> keycloak-user at lists.jboss.org >> > >> >> > >> > > >> > >> > >> > > > > > > > > > > >> > >> > >> https://lists.jboss.org/__mailman/listinfo/keycloak-user >> > >> >> > >> >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > -- >> > >> > > > > > > > > > > >> > Rodrigo Sasaki >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > >> > >> _________________________________________________ >> > >> >> > >> > > > > > > > > > > >> > keycloak-user mailing list >> > >> > > > > > > > > > > >> > >> keycloak-user at lists.jboss.org >> > >> >> > >> > > >> > >> > >> > > > > > > > > > > >> > >> > >> https://lists.jboss.org/__mailman/listinfo/keycloak-user >> > >> >> > >> >> > >> > > > > > > > > > > >> >> > >> > > > > > > > > > > > >> > >> > > > > > > > > > > > >> > >> > > > > > > > > > > > >> > >> > > > > > > > > > > > -- >> > >> > > > > > > > > > > > Rodrigo Sasaki >> > >> > > > > > > > > > > > >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > -- >> > >> > > > > > > > > > > Rodrigo Sasaki >> > >> > > > > > > > > > > >> > >> > > > > > > > > > >> > >> > > > > > > > > >> > >> > > > > > > > > >> > >> > > > > > > > > >> > >> > > > > > > > > -- >> > >> > > > > > > > > Rodrigo Sasaki >> > >> > > > > > > > > >> > >> > > > > > > > >> > >> > > > > > > >> > >> > > > > > > >> > >> > > > > > > >> > >> > > > > > > -- >> > >> > > > > > > Rodrigo Sasaki >> > >> > > > > > > >> > >> > > > > > >> > >> > > > > >> > >> > > > > >> > >> > > > > >> > >> > > > > -- >> > >> > > > > Rodrigo Sasaki >> > >> > > > > >> > >> > > > >> > >> > > >> > >> > > >> > >> > > >> > >> > > -- >> > >> > > Rodrigo Sasaki >> > >> > > >> > >> > >> > >> > _________________________________________________ >> > >> >> > >> > keycloak-user mailing list >> > >> > keycloak-user at lists.jboss.org >> > >> >> > >> > > >> > >> > >> > >> > >> https://lists.jboss.org/__mailman/listinfo/keycloak-user >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> -- >> > >> Rodrigo Sasaki >> > >> >> > >> >> > >> -- >> > >> Bill Burke >> > >> JBoss, a division of Red Hat >> > >> http://bill.burkecentral.com >> > >> >> > >> >> > >> >> > >> >> > >> -- >> > >> Rodrigo Sasaki >> > >> >> > > >> > > -- >> > > Bill Burke >> > > JBoss, a division of Red Hat >> > > http://bill.burkecentral.com >> > > >> > >> > >> > >> > -- >> > Rodrigo Sasaki >> > >> > > > > -- > Rodrigo Sasaki > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140723/185e43f3/attachment-0001.html From bburke at redhat.com Wed Jul 23 10:09:21 2014 From: bburke at redhat.com (Bill Burke) Date: Wed, 23 Jul 2014 10:09:21 -0400 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <438546910.12158401.1405609875586.JavaMail.zimbra@redhat.com> <53C8385A.8030400@redhat.com> <53C94D34.70307@redhat.com> <1703920550.15129364.1406037527645.JavaMail.zimbra@redhat.com> Message-ID: <53CFC211.2020806@redhat.com> You are using us in production? I don't know if I should be happy or scared :) How is it going? Are we holding up? On 7/23/2014 9:50 AM, Rodrigo Sasaki wrote: > The problem was that the version of keycloak we have in production is > based on the beta-2, and the UserRepresentation there is different, > sorry about this. > > I submitted a PR with the alterations > > > On Tue, Jul 22, 2014 at 11:06 AM, Rodrigo Sasaki > > wrote: > > The thing is that I simply create an instance and assign an username > > UserRepresentation userRep = new UserRepresentation(); > userRep.setUsername("user1"); > realm.users().create(userRep); > > That create is a proxy of the interface, so I don't really know > where I could interfere here with code. > > > On Tue, Jul 22, 2014 at 10:58 AM, Stian Thorgersen > wrote: > > Try removing socialLinks instead of setting the value to null, > or specifying an empty array. > > ----- Original Message ----- > > From: "Rodrigo Sasaki" > > > To: "Bill Burke" > > > Cc: "Stian Thorgersen" >, keycloak-user at lists.jboss.org > > > Sent: Tuesday, 22 July, 2014 2:54:49 PM > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > I tried creating a user using the API, and I got a 400 status > code, I went > > to check everything, and it seems that I can't send > "socialLinks", > > "realmRoles" and "applicationRoles" as null for some reason, > I get this > > exception: > > > > org.codehaus.jackson.map.exc.UnrecognizedPropertyException: > Unrecognized > > field "socialLinks" > > (Class > org.keycloak.representations.idm.UserRepresentation), not marked > > as ignorable > > > > But I know those values aren't mandatory. Is there a fix for > this? > > > > > > On Fri, Jul 18, 2014 at 1:37 PM, Bill Burke > > wrote: > > > > > String token = getToken(); > > > final String authHeader = "Bearer " + token; > > > ClientRequestFilter authFilter = new ClientRequestFilter() { > > > @Override > > > public void filter(ClientRequestContext requestContext) > throws > > > IOException { > > > > > > requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, > authHeader); > > > > > > } > > > }; > > > > > > > > > ResteasyWebTarget target = > client.target("http://localhost:8080/auth"); > > > target.register(authFilter); > > > Admin admin = target.proxy(Admin.class); > > > > > > > > > > > > On 7/18/2014 12:26 PM, Rodrigo Sasaki wrote: > > > > > >> Can you help me with any hint or documentation regarding that > > >> BearerTokenFilter implementation? > > >> > > >> I understand that I have to create it myself, but I don't > know what I > > >> should create. I tried browsing the web, but with no > success.. Perhaps > > >> I'm missing the right keyword to find what I need > > >> > > >> > > >> On Thu, Jul 17, 2014 at 6:36 PM, Rodrigo Sasaki > > >> > >> wrote: > > >> > > >> That's perfect :) thanks for the help > > >> > > >> I'll get started on it as soon as I can > > >> > > >> On Jul 17, 2014 5:55 PM, "Bill Burke" > > > >> >> > wrote: > > >> > > >> @Path("/admin > > >> public interface Admin { > > >> @Path("realms/{realm}") > > >> Realm realm(@PathParameter("realm") realmName); > > >> } > > >> > > >> public interface Realm { > > >> @GET > > >> @Produces("application/json") > > >> RealmRepresentation get(); > > >> > > >> @DELETE > > >> void delete(); > > >> > > >> @PUT > > >> @Consumes("application/json") > > >> void update(RealmRepresentation rep); > > >> > > >> @Path("users") > > >> Users users(); > > >> } > > >> > > >> public interface Users { > > >> ... > > >> } > > >> > > >> FOllow me? > > >> > > >> Then its just > > >> > > >> ResteasyClient client = new > ResteasyClientBuilder().build(__); > > >> ResteasyWebTarget target = > > >> client.target("http://__localhost:8080/auth > > >> > > >> "); > > >> > > >> String token = ... get a token ... > > >> > > >> target.register(new BearerTokenFilter(token)); // > you'd have to > > >> implement this > > >> > > >> Admin admin = target.proxy(Admin.class); > > >> > > >> admin.realm("master") > > >> > > >> That's about as much help I can give you right now. > > >> > > >> > > >> > > >> > > >> On 7/17/2014 11:18 AM, Rodrigo Sasaki wrote: > > >> > > >> OK, will do. > > >> > > >> Is there a way for me to do it like it is > there? I'll > > >> explain a little > > >> better > > >> > > >> the class *AdminRoot* has the path set to > "/admin", and it > > >> has a method > > >> getRealmsAdmin, with "realms" on the path, and > on the > > >> *RealmsAdminResource* there's the > getRealmAdmin mapped to > > >> "{realm}", > > >> making the full path for it > "/admin/realms/{realm}", even > > >> though each > > >> one is in a different class. > > >> > > >> Is there a way for me to do it the same way, I > don't know > > >> how the Proxy > > >> framework would understand that, maybe I would > have to set > > >> the full path > > >> > > >> > > >> On Thu, Jul 17, 2014 at 12:11 PM, Stian Thorgersen > > >> > > > > >> >>> wrote: > > >> > > >> Rodrigo: just create your own interfaces. > If you can > > >> try to keep > > >> them as consistent with jax-rs classes in > services as > > >> you can that > > >> would be great. > > >> > > >> ----- Original Message ----- > > >> > From: "Stian Thorgersen" > > > >> > > > >> >>> > > >> > To: "Rodrigo Sasaki" > > > >> > > > >> __com > > >> >>>, "Bill Burke" > > >> > > > > >> >>> > > >> > Cc: keycloak-user at lists.jboss.org > > > >> > > > >> __jboss.org > > >> > > >> >> > > >> > Sent: Wednesday, 16 July, 2014 2:34:44 PM > > >> > Subject: Re: [keycloak-user] Java > Keycloak REST API > > >> Wrapper > > >> > > > >> > Bill: does it make sense for us to > share interfaces > > >> (with jax-rs > > >> annotations) > > >> > for services and admin-client? > > >> > > > >> > ----- Original Message ----- > > >> > > From: "Rodrigo Sasaki" > > > >> > > > >> __com > > >> >>> > > >> > > To: "Stian Thorgersen" > > > >> > > > >> >>> > > >> > > Cc: "Juraci Paix?o Kr?hling" > > > >> > > > >> > > >> >>>, > > >> > > keycloak-user at lists.jboss.org > > > >> > > > >> __jboss.org > > >> > > >> >> > > >> > > Sent: Wednesday, 16 July, 2014 > 2:31:35 PM > > >> > > Subject: Re: [keycloak-user] Java > Keycloak REST > > >> API Wrapper > > >> > > > > >> > > I'll get on it for sure. > > >> > > > > >> > > Just one thing, should I create > myself the > > >> interfaces for the > > >> services? Or > > >> > > is there a more integrated way to do > that? > > >> > > > > >> > > > > >> > > On Wed, Jul 16, 2014 at 10:27 AM, > Stian Thorgersen > > >> > > > >> >>> > > >> > > >> > > wrote: > > >> > > > > >> > > > Great work with the admin-client. > As I commented > > >> on GitHub I > > >> added it to > > >> > > > 'admin-client' branch, and would > like a few > > >> changes before > > >> merging to > > >> > > > master: > > >> > > > > > >> > > > * Make it use RestEasy client framwork > > >> > > > * Tests - I've added a starting > point to > > >> > > > > > >> https://github.com/keycloak/__keycloak/blob/admin-client/__ > > >> > testsuite/integration/src/__test/java/org/keycloak/__testsuite/admin/__ > > >> AdminClientTest.java > > >> > > >> > > >> > testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ > > >> AdminClientTest.java> > > >> > > > * Better error handling - instead > of swallowing > > >> exceptions it > > >> now throws > > >> > > > KeycloakException > (RuntimeException), but > > >> there's HTTP > > >> response codes are > > >> > > > not checked (see above test that > tries to create > > >> two users > > >> with the same > > >> > > > username) > > >> > > > > > >> > > > If you're happy to do this work > that would be > > >> awesome! > > >> > > > > > >> > > > ----- Original Message ----- > > >> > > > > From: "Rodrigo Sasaki" > > >> > > > > >> __com > > >> >>> > > >> > > > > To: "Stian Thorgersen" > > > >> > > > >> >>> > > >> > > > > Cc: "Juraci Paix?o Kr?hling" > > >> > > > >> > > >> >>>, > > >> > > > keycloak-user at lists.jboss.org > > > >> > > > >> __jboss.org > > >> > > >> >> > > >> > > > > Sent: Monday, 14 July, 2014 > 2:44:48 PM > > >> > > > > Subject: Re: [keycloak-user] > Java Keycloak > > >> REST API Wrapper > > >> > > > > > > >> > > > > Glad to hear it :) > > >> > > > > > > >> > > > > I'll be waiting on more replies > and ideas to > > >> perhaps make > > >> it better. > > >> > > > > Thanks! :) > > >> > > > > > > >> > > > > > > >> > > > > On Mon, Jul 14, 2014 at 10:43 > AM, Stian > > >> Thorgersen > > >> > > > >> >>> > > >> > > >> > > > wrote: > > >> > > > > > > >> > > > > > Great stuff, I'll have a look > at it soon. At > > >> first glance > > >> it looks > > >> > > > really > > >> > > > > > good! > > >> > > > > > > > >> > > > > > Thanks :) > > >> > > > > > > > >> > > > > > ----- Original Message ----- > > >> > > > > > > From: "Rodrigo Sasaki" > > >> > > > > >> __com > > >> >>> > > >> > > > > > > To: "Stian Thorgersen" > > > >> > > > >> >>> > > >> > > > > > > Cc: "Juraci Paix?o Kr?hling" > > >> > > > >> > > >> >>>, > > >> > > > > > keycloak-user at lists.jboss.org > > > >> > > > >> __jboss.org > > >> > > >> >> > > >> > > > > > > Sent: Monday, 14 July, 2014 > 2:40:17 PM > > >> > > > > > > Subject: Re: [keycloak-user] > Java Keycloak > > >> REST API Wrapper > > >> > > > > > > > > >> > > > > > > PR submitted :) > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > On Fri, Jul 11, 2014 at 9:56 > AM, Stian > > >> Thorgersen > > >> > > > > > > > > >> > > > >> > > >> >>> > > >> > > > > > wrote: > > >> > > > > > > > > >> > > > > > > > Please change package names to > > >> 'org.keycloak.admin.client' > > >> > > > > > > > > > >> > > > > > > > ----- Original Message ----- > > >> > > > > > > > > From: "Rodrigo Sasaki" > > >> > > > > >> __com > > >> >>> > > >> > > > > > > > > To: "Stian Thorgersen" > > >> > > > > >> >>> > > >> > > > > > > > > Cc: "Juraci Paix?o Kr?hling" > > >> > > > >> > > >> >>>, > > >> > > > > > > > > keycloak-user at lists.jboss.org > > >> > > > >> __jboss.org > > >> > > >> >> > > >> > > > > > > > > Sent: Friday, 11 July, > 2014 1:51:41 PM > > >> > > > > > > > > Subject: Re: > [keycloak-user] Java > > >> Keycloak REST API > > >> Wrapper > > >> > > > > > > > > > > >> > > > > > > > > Just one more question, > I created it > > >> with my > > >> companies' name in > > >> > > > the > > >> > > > > > > > > package, should I > replace it? Or just > > >> upload it as is? > > >> > > > > > > > > > > >> > > > > > > > > It's > br.com.icarros.keycloak.api > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > On Fri, Jul 11, 2014 at > 4:13 AM, Stian > > >> Thorgersen < > > >> > > > stian at redhat.com > > > > >> >>> > > >> > > >> > > > > > > > wrote: > > >> > > > > > > > > > > >> > > > > > > > > > You can create a new > module for it in: > > >> > > > > > > > > > > > >> > > > > > > > > > integration/admin-client > > >> > > > > > > > > > > > >> > > > > > > > > > ----- Original Message > ----- > > >> > > > > > > > > > > From: "Rodrigo Sasaki" > > >> > > >> > > > >> __com > > >> >>> > > >> > > > > > > > > > > To: "Stian Thorgersen" > > >> > > > > >> >>> > > >> > > > > > > > > > > Cc: "Juraci Paix?o > Kr?hling" > > >> > > > >> >>>, > > >> > > > > > > > > > > keycloak-user at lists.jboss.org > > >> > > > >> __jboss.org > > >> > > >> >> > > >> > > > > > > > > > > Sent: Thursday, 10 > July, 2014 > > >> 8:50:00 PM > > >> > > > > > > > > > > Subject: Re: > [keycloak-user] Java > > >> Keycloak REST > > >> API Wrapper > > >> > > > > > > > > > > > > >> > > > > > > > > > > Stian, how should I > send the code > > >> that I made > > >> to the > > >> > > > > > > > > > > Keycloak > > >> > > > > > repo? > > >> > > > > > > > > > > > > >> > > > > > > > > > > Can you tell me what > module name > > >> to use, and > > >> where to > > >> > > > > > > > > > > create > > >> > > > it? > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > On Tue, Jul 8, 2014 > at 10:00 AM, > > >> Rodrigo Sasaki < > > >> > > > > > > > > > > rodrigopsasaki at gmail.com > > >> > > > >> __com > > >> > > >> >>> > > >> > > > > > > > > > > wrote: > > >> > > > > > > > > > > > > >> > > > > > > > > > > > I would really > like to do that > > >> :) All I'm > > >> waiting for is > > >> > > > an OK > > >> > > > > > to > > >> > > > > > > > do > > >> > > > > > > > > > it, > > >> > > > > > > > > > > > because it was > built inside the > > >> company, so I > > >> need > > >> > > > approval. > > >> > > > > > > > > > > > > > >> > > > > > > > > > > > But I really > believe it'll get a > > >> lot better > > >> when it's out > > >> > > > > > there, > > >> > > > > > > > and > > >> > > > > > > > > > you > > >> > > > > > > > > > > > can all pitch in > > >> > > > > > > > > > > > > > >> > > > > > > > > > > > > > >> > > > > > > > > > > > On Tue, Jul 8, > 2014 at 9:55 AM, > > >> Stian > > >> Thorgersen < > > >> > > > > > stian at redhat.com > > > > >> >> > > >> > > >> > > > > > > > > > > >> > > > > > > > > > wrote: > > >> > > > > > > > > > > > > > >> > > > > > > > > > > >> Ideal way to > contribute it to > > >> Keycloak would > > >> be if you > > >> > > > fork > > >> > > > > > the > > >> > > > > > > > > > Keycloak > > >> > > > > > > > > > > >> repo, add a > module and do a PR ;) > > >> > > > > > > > > > > >> > > >> > > > > > > > > > > >> ----- Original > Message ----- > > >> > > > > > > > > > > >> > From: "Rodrigo > Sasaki" > > >> > > >> > > > >> __com > > >> >>> > > >> > > > > > > > > > > >> > To: "Juraci > Paix?o Kr?hling" > > >> > > > >> >>> > > >> > > > > > > > > > > >> > Cc: > > >> keycloak-user at lists.jboss.org > > > >> > > > >> __jboss.org > > >> > > >> >> > > >> > > > > > > > > > > >> > Sent: Tuesday, > 8 July, 2014 > > >> 1:50:14 PM > > >> > > > > > > > > > > >> > Subject: Re: > [keycloak-user] > > >> Java Keycloak > > >> REST API > > >> > > > Wrapper > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > Oh yes, I > believe it is > > >> already very usable. > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > All I need now > is to get my > > >> manager to > > >> agree to make > > >> > > > this > > >> > > > > > repo > > >> > > > > > > > > > public, > > >> > > > > > > > > > > >> > because there > is a policy > > >> that all repos > > >> are private > > >> > > > > > > > > > > >> > in > > >> > > > this > > >> > > > > > > > project > > >> > > > > > > > > > > >> we're > > >> > > > > > > > > > > >> > working in, but > I don't think > > >> we'll have > > >> problems with > > >> > > > > > this. I > > >> > > > > > > > > > pitched > > >> > > > > > > > > > > >> him > > >> > > > > > > > > > > >> > the idea of > contributing to > > >> Keycloak and > > >> he seemed to > > >> > > > like > > >> > > > > > it > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > On Tue, Jul 8, > 2014 at 9:32 > > >> AM, Juraci > > >> Paix?o Kr?hling > > >> > > > > > > > > > > >> > < > > >> > > > > > > > > > > >> > juraci at kroehling.de > > >> > > > >> > > >> >> > > >> > > > > > > > > > > >> > > wrote: > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > -----BEGIN PGP > SIGNED > > >> MESSAGE----- > > >> > > > > > > > > > > >> > Hash: SHA512 > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > Hello Rodrigo, > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > Do you have > news about this? > > >> I'm working > > >> on a task > > >> > > > > > > > > > > >> > that > > >> > > > > > would > > >> > > > > > > > > > require > > >> > > > > > > > > > > >> > me to do > something similar, > > >> so, I think it > > >> would best > > >> > > > if we > > >> > > > > > can > > >> > > > > > > > > > > >> > collaborate on > this API :-) > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > If/when you > have some time, > > >> we could have > > >> a chat via > > >> > > > > > > > > > > >> > IRC > > >> > > > > > > > > > (jpkroehling > > >> > > > > > > > > > > >> > at #keycloak on > freenode). > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > - - Juca. > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > On 06/20/2014 > 10:00 PM, > > >> Rodrigo Sasaki wrote: > > >> > > > > > > > > > > >> > > I'm working > on a Java-based > > >> wrapper for > > >> the REST > > >> > > > > > > > > > > >> > > API, > > >> > > > to > > >> > > > > > make > > >> > > > > > > > it > > >> > > > > > > > > > > >> > > look more OO, > abstracting > > >> the access to > > >> servers. > > >> > > > > > > > > > > >> > > > > >> > > > > > > > > > > >> > > It uses > methods such as > > >> > > > > > > > > > > >> > > > > >> > > > > > > > > > > >> > > User bill = > > >> realm.getUser("bburke") > > >> > > > > > List > > >> > > > > > > > roles > > >> > > > > > > > > > > >> > > = > > >> > > > > > > > > > > >> > > > > >> > bill.__getApplicationRoleMappings("__customer-portal"); > > >> > > >> > > > > > > > > > > >> > > > > >> > > > > > > > > > > >> > > It's still in > it's early > > >> stages, but if > > >> you find it > > >> > > > > > > > interesting, > > >> > > > > > > > > > > >> > > I'd be happy > to create a > > >> repo for other > > >> Java users > > >> > > > > > > > > > > >> > > to > > >> > > > use > > >> > > > > > it, > > >> > > > > > > > and > > >> > > > > > > > > > > >> > > adapt it based on > > >> suggestions aswell. > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > -----BEGIN PGP > SIGNATURE----- > > >> > > > > > > > > > > >> > Version: GnuPG v2 > > >> > > > > > > > > > > >> > Comment: Using > GnuPG with > > >> Thunderbird - > > >> > > > > > > > http://www.enigmail.net/ > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > > > >> > > > > > > > >> > > >> iQEcBAEBCgAGBQJTu+__ThAAoJEDnJtskdmzLM4PcH/__ > > >> jShu9J6nnV92HqSyqyy4y7d > > >> > > > > > > > > > > >> > > > >> > > > > > > > >> > > >> snhFqt4G+__aqyhdH4iiOUbV36Zb07fPnO5w7s9vc > > >> __r79YLGjuAWaODIzU1D1yZxbyA > > >> > > > > > > > > > > >> > > > >> > > > > > > > >> > > >> > X4e3y5ClCSZMefHGSXoCOs7U+__cVuCAUivCXBhe+hIb4pM/2krlhaS+_ > > >> _ai3I2Ur43Z > > >> > > > > > > > > > > >> > > > >> > > > > > > > >> > > >> 5uzPS+__pz983y2i1UGkhJBzqv8MVabNPq3vC+ > > >> __LX2bK9vEmd4Qiz0LdC9jwP23DZY9 > > >> > > > > > > > > > > >> > > > >> > > > > > > > >> > > >> > srdtReO5uC0/HjtfzrNP+__ErY1WpIEFAuHW5abtL7HHwvdZYNgYU > > >> __Ij6f8w8oGGLMp > > >> > > > > > > > > > > >> > > > >> > > > > > > > >> > > >> iaHvbFMPFmuqNisDqbOWf6OtG7E3Nk__ > > >> 2anqeUu5qcvCaPyMQA8edvgctc4a2j__bJc= > > >> > > > > > > > > > > >> > =3O4p > > >> > > > > > > > > > > >> > -----END PGP > SIGNATURE----- > > >> > > > > > > > > > > >> > > > >> > _________________________________________________ > > >> > > >> > > > > > > > > > > >> > keycloak-user > mailing list > > >> > > > > > > > > > > >> > > keycloak-user at lists.jboss.org > > >> > > > >> __jboss.org > > >> >> > > >> > > > > > > > > > > >> > > > >> https://lists.jboss.org/__mailman/listinfo/keycloak-user > > >> > > >> > > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > -- > > >> > > > > > > > > > > >> > Rodrigo Sasaki > > >> > > > > > > > > > > >> > > > >> > > > > > > > > > > >> > > > >> > _________________________________________________ > > >> > > >> > > > > > > > > > > >> > keycloak-user > mailing list > > >> > > > > > > > > > > >> > > keycloak-user at lists.jboss.org > > >> > > > >> __jboss.org > > >> >> > > >> > > > > > > > > > > >> > > > >> https://lists.jboss.org/__mailman/listinfo/keycloak-user > > >> > > >> > > > >> > > > > > > > > > > >> > > >> > > > > > > > > > > > > > >> > > > > > > > > > > > > > >> > > > > > > > > > > > > > >> > > > > > > > > > > > -- > > >> > > > > > > > > > > > Rodrigo Sasaki > > >> > > > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > -- > > >> > > > > > > > > > > Rodrigo Sasaki > > >> > > > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > -- > > >> > > > > > > > > Rodrigo Sasaki > > >> > > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > -- > > >> > > > > > > Rodrigo Sasaki > > >> > > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > -- > > >> > > > > Rodrigo Sasaki > > >> > > > > > > >> > > > > > >> > > > > >> > > > > >> > > > > >> > > -- > > >> > > Rodrigo Sasaki > > >> > > > > >> > > > >> > > _________________________________________________ > > >> > > >> > keycloak-user mailing list > > >> > keycloak-user at lists.jboss.org > > > >> > > > >> __jboss.org > > >> >> > > >> > > > >> https://lists.jboss.org/__mailman/listinfo/keycloak-user > > >> > > >> > > > >> > > >> > > >> > > >> > > >> -- > > >> Rodrigo Sasaki > > >> > > >> > > >> -- > > >> Bill Burke > > >> JBoss, a division of Red Hat > > >> http://bill.burkecentral.com > > >> > > >> > > >> > > >> > > >> -- > > >> Rodrigo Sasaki > > >> > > > > > > -- > > > Bill Burke > > > JBoss, a division of Red Hat > > > http://bill.burkecentral.com > > > > > > > > > > > -- > > Rodrigo Sasaki > > > > > > > -- > Rodrigo Sasaki > > > > > -- > Rodrigo Sasaki -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From rodrigopsasaki at gmail.com Wed Jul 23 12:04:59 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Wed, 23 Jul 2014 13:04:59 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: <53CFC211.2020806@redhat.com> References: <438546910.12158401.1405609875586.JavaMail.zimbra@redhat.com> <53C8385A.8030400@redhat.com> <53C94D34.70307@redhat.com> <1703920550.15129364.1406037527645.JavaMail.zimbra@redhat.com> <53CFC211.2020806@redhat.com> Message-ID: So far it's good :) But it's not fully in production. We changed a small portion of the application, that only internal administrative employees have access to, and so far it's holding up very well But we can't really put it completely in production until we figure out those login issues from the other thread On Wed, Jul 23, 2014 at 11:09 AM, Bill Burke wrote: > You are using us in production? I don't know if I should be happy or > scared :) How is it going? Are we holding up? > > On 7/23/2014 9:50 AM, Rodrigo Sasaki wrote: > >> The problem was that the version of keycloak we have in production is >> based on the beta-2, and the UserRepresentation there is different, >> sorry about this. >> >> I submitted a PR with the alterations >> >> >> On Tue, Jul 22, 2014 at 11:06 AM, Rodrigo Sasaki >> > wrote: >> >> The thing is that I simply create an instance and assign an username >> >> UserRepresentation userRep = new UserRepresentation(); >> userRep.setUsername("user1"); >> realm.users().create(userRep); >> >> That create is a proxy of the interface, so I don't really know >> where I could interfere here with code. >> >> >> On Tue, Jul 22, 2014 at 10:58 AM, Stian Thorgersen > > wrote: >> >> Try removing socialLinks instead of setting the value to null, >> or specifying an empty array. >> >> ----- Original Message ----- >> > From: "Rodrigo Sasaki" > > >> > To: "Bill Burke" > >> >> > Cc: "Stian Thorgersen" > >, keycloak-user at lists.jboss.org >> >> > Sent: Tuesday, 22 July, 2014 2:54:49 PM >> > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper >> > >> > I tried creating a user using the API, and I got a 400 status >> code, I went >> > to check everything, and it seems that I can't send >> "socialLinks", >> > "realmRoles" and "applicationRoles" as null for some reason, >> I get this >> > exception: >> > >> > org.codehaus.jackson.map.exc.UnrecognizedPropertyException: >> Unrecognized >> > field "socialLinks" >> > (Class >> org.keycloak.representations.idm.UserRepresentation), not marked >> > as ignorable >> > >> > But I know those values aren't mandatory. Is there a fix for >> this? >> > >> > >> > On Fri, Jul 18, 2014 at 1:37 PM, Bill Burke >> > wrote: >> > >> > > String token = getToken(); >> > > final String authHeader = "Bearer " + token; >> > > ClientRequestFilter authFilter = new ClientRequestFilter() { >> > > @Override >> > > public void filter(ClientRequestContext requestContext) >> throws >> > > IOException { >> > > >> > > requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, >> authHeader); >> > > >> > > } >> > > }; >> > > >> > > >> > > ResteasyWebTarget target = >> client.target("http://localhost:8080/auth"); >> > > target.register(authFilter); >> > > Admin admin = target.proxy(Admin.class); >> > > >> > > >> > > >> > > On 7/18/2014 12:26 PM, Rodrigo Sasaki wrote: >> > > >> > >> Can you help me with any hint or documentation regarding >> that >> > >> BearerTokenFilter implementation? >> > >> >> > >> I understand that I have to create it myself, but I don't >> know what I >> > >> should create. I tried browsing the web, but with no >> success.. Perhaps >> > >> I'm missing the right keyword to find what I need >> > >> >> > >> >> > >> On Thu, Jul 17, 2014 at 6:36 PM, Rodrigo Sasaki >> > >> > >> > >> wrote: >> > >> >> > >> That's perfect :) thanks for the help >> > >> >> > >> I'll get started on it as soon as I can >> > >> >> > >> On Jul 17, 2014 5:55 PM, "Bill Burke" >> >> > >> >> >> wrote: >> > >> >> > >> @Path("/admin >> > >> public interface Admin { >> > >> @Path("realms/{realm}") >> > >> Realm realm(@PathParameter("realm") realmName); >> > >> } >> > >> >> > >> public interface Realm { >> > >> @GET >> > >> @Produces("application/json") >> > >> RealmRepresentation get(); >> > >> >> > >> @DELETE >> > >> void delete(); >> > >> >> > >> @PUT >> > >> @Consumes("application/json") >> > >> void update(RealmRepresentation rep); >> > >> >> > >> @Path("users") >> > >> Users users(); >> > >> } >> > >> >> > >> public interface Users { >> > >> ... >> > >> } >> > >> >> > >> FOllow me? >> > >> >> > >> Then its just >> > >> >> > >> ResteasyClient client = new >> ResteasyClientBuilder().build(__); >> > >> ResteasyWebTarget target = >> > >> client.target("http://__localhost:8080/auth >> > >> >> > >> "); >> > >> >> > >> String token = ... get a token ... >> > >> >> > >> target.register(new BearerTokenFilter(token)); // >> you'd have to >> > >> implement this >> > >> >> > >> Admin admin = target.proxy(Admin.class); >> > >> >> > >> admin.realm("master") >> > >> >> > >> That's about as much help I can give you right now. >> > >> >> > >> >> > >> >> > >> >> > >> On 7/17/2014 11:18 AM, Rodrigo Sasaki wrote: >> > >> >> > >> OK, will do. >> > >> >> > >> Is there a way for me to do it like it is >> there? I'll >> > >> explain a little >> > >> better >> > >> >> > >> the class *AdminRoot* has the path set to >> "/admin", and it >> > >> has a method >> > >> getRealmsAdmin, with "realms" on the path, and >> on the >> > >> *RealmsAdminResource* there's the >> getRealmAdmin mapped to >> > >> "{realm}", >> > >> making the full path for it >> "/admin/realms/{realm}", even >> > >> though each >> > >> one is in a different class. >> > >> >> > >> Is there a way for me to do it the same way, I >> don't know >> > >> how the Proxy >> > >> framework would understand that, maybe I would >> have to set >> > >> the full path >> > >> >> > >> >> > >> On Thu, Jul 17, 2014 at 12:11 PM, Stian >> Thorgersen >> > >> >> > >> > >> > > >>> wrote: >> > >> >> > >> Rodrigo: just create your own interfaces. >> If you can >> > >> try to keep >> > >> them as consistent with jax-rs classes in >> services as >> > >> you can that >> > >> would be great. >> > >> >> > >> ----- Original Message ----- >> > >> > From: "Stian Thorgersen" >> >> > >> > > > >> > >> > >>> >> > >> > To: "Rodrigo Sasaki" >> >> > >> > > >> > >> > __com >> > >> > >>>, "Bill Burke" >> > >> >> > >> > >> > > >>> >> > >> > Cc: keycloak-user at lists.jboss.org >> >> > >> > > >> > >> > __jboss.org >> > >> >> > >> > >> >> > >> > Sent: Wednesday, 16 July, 2014 2:34:44 >> PM >> > >> > Subject: Re: [keycloak-user] Java >> Keycloak REST API >> > >> Wrapper >> > >> > >> > >> > Bill: does it make sense for us to >> share interfaces >> > >> (with jax-rs >> > >> annotations) >> > >> > for services and admin-client? >> > >> > >> > >> > ----- Original Message ----- >> > >> > > From: "Rodrigo Sasaki" >> >> > >> > > >> > >> > __com >> > >> > >>> >> > >> > > To: "Stian Thorgersen" >> >> > >> > > > >> > >> > >>> >> > >> > > Cc: "Juraci Paix?o Kr?hling" >> >> > >> > > >> > >> > > >> > >> >>>, >> > >> > > keycloak-user at lists.jboss.org >> >> > >> > > >> > >> > __jboss.org >> > >> >> > >> > >> >> > >> > > Sent: Wednesday, 16 July, 2014 >> 2:31:35 PM >> > >> > > Subject: Re: [keycloak-user] Java >> Keycloak REST >> > >> API Wrapper >> > >> > > >> > >> > > I'll get on it for sure. >> > >> > > >> > >> > > Just one thing, should I create >> myself the >> > >> interfaces for the >> > >> services? Or >> > >> > > is there a more integrated way to do >> that? >> > >> > > >> > >> > > >> > >> > > On Wed, Jul 16, 2014 at 10:27 AM, >> Stian Thorgersen >> > >> > > > >> > >> > > >>> >> > >> >> > >> > > wrote: >> > >> > > >> > >> > > > Great work with the admin-client. >> As I commented >> > >> on GitHub I >> > >> added it to >> > >> > > > 'admin-client' branch, and would >> like a few >> > >> changes before >> > >> merging to >> > >> > > > master: >> > >> > > > >> > >> > > > * Make it use RestEasy client >> framwork >> > >> > > > * Tests - I've added a starting >> point to >> > >> > > > >> > >> https://github.com/keycloak/__keycloak/blob/admin-client/__ >> > >> >> testsuite/integration/src/__test/java/org/keycloak/__ >> testsuite/admin/__ >> > >> AdminClientTest.java >> > >> >> > >> >> > > >> >> testsuite/integration/src/test/java/org/keycloak/testsuite/admin/ >> > >> AdminClientTest.java> >> > >> > > > * Better error handling - instead >> of swallowing >> > >> exceptions it >> > >> now throws >> > >> > > > KeycloakException >> (RuntimeException), but >> > >> there's HTTP >> > >> response codes are >> > >> > > > not checked (see above test that >> tries to create >> > >> two users >> > >> with the same >> > >> > > > username) >> > >> > > > >> > >> > > > If you're happy to do this work >> that would be >> > >> awesome! >> > >> > > > >> > >> > > > ----- Original Message ----- >> > >> > > > > From: "Rodrigo Sasaki" >> > >> > >> > >> >> > >> > __com >> > >> > >>> >> > >> > > > > To: "Stian Thorgersen" >> >> > >> > > >> > >> > > >>> >> > >> > > > > Cc: "Juraci Paix?o Kr?hling" >> > >> > > > >> > >> > > >> > >> >>>, >> > >> > > > keycloak-user at lists.jboss.org >> >> > >> > > >> > >> > __jboss.org >> > >> >> > >> > >> >> > >> > > > > Sent: Monday, 14 July, 2014 >> 2:44:48 PM >> > >> > > > > Subject: Re: [keycloak-user] >> Java Keycloak >> > >> REST API Wrapper >> > >> > > > > >> > >> > > > > Glad to hear it :) >> > >> > > > > >> > >> > > > > I'll be waiting on more replies >> and ideas to >> > >> perhaps make >> > >> it better. >> > >> > > > > Thanks! :) >> > >> > > > > >> > >> > > > > >> > >> > > > > On Mon, Jul 14, 2014 at 10:43 >> AM, Stian >> > >> Thorgersen >> > >> > > > >> > >> > > >>> >> > >> >> > >> > > > wrote: >> > >> > > > > >> > >> > > > > > Great stuff, I'll have a look >> at it soon. At >> > >> first glance >> > >> it looks >> > >> > > > really >> > >> > > > > > good! >> > >> > > > > > >> > >> > > > > > Thanks :) >> > >> > > > > > >> > >> > > > > > ----- Original Message ----- >> > >> > > > > > > From: "Rodrigo Sasaki" >> > >> > >> > >> >> > >> > __com >> > >> > >>> >> > >> > > > > > > To: "Stian Thorgersen" >> >> > >> > > >> > >> > > >>> >> > >> > > > > > > Cc: "Juraci Paix?o Kr?hling" >> > >> > > > >> > >> > > >> > >> >>>, >> > >> > > > > > keycloak-user at lists.jboss.org >> >> > >> > > >> > >> > __jboss.org >> > >> >> > >> > >> >> > >> > > > > > > Sent: Monday, 14 July, 2014 >> 2:40:17 PM >> > >> > > > > > > Subject: Re: [keycloak-user] >> Java Keycloak >> > >> REST API Wrapper >> > >> > > > > > > >> > >> > > > > > > PR submitted :) >> > >> > > > > > > >> > >> > > > > > > >> > >> > > > > > > On Fri, Jul 11, 2014 at 9:56 >> AM, Stian >> > >> Thorgersen >> > >> > > > > > > > >> > >> > > > >> > >> >> > >> > >>> >> > >> > > > > > wrote: >> > >> > > > > > > >> > >> > > > > > > > Please change package names >> to >> > >> 'org.keycloak.admin.client' >> > >> > > > > > > > >> > >> > > > > > > > ----- Original Message ----- >> > >> > > > > > > > > From: "Rodrigo Sasaki" >> > >> > >> > >> >> > >> > __com >> > >> > >>> >> > >> > > > > > > > > To: "Stian Thorgersen" >> > >> >> > >> > >> > > >>> >> > >> > > > > > > > > Cc: "Juraci Paix?o >> Kr?hling" >> > >> > > > >> > >> > > >> > >> >>>, >> > >> > > > > > > > >> keycloak-user at lists.jboss.org > jboss.org> >> > >> > > >> > >> > __jboss.org >> > >> >> > >> > >> >> > >> > > > > > > > > Sent: Friday, 11 July, >> 2014 1:51:41 PM >> > >> > > > > > > > > Subject: Re: >> [keycloak-user] Java >> > >> Keycloak REST API >> > >> Wrapper >> > >> > > > > > > > > >> > >> > > > > > > > > Just one more question, >> I created it >> > >> with my >> > >> companies' name in >> > >> > > > the >> > >> > > > > > > > > package, should I >> replace it? Or just >> > >> upload it as is? >> > >> > > > > > > > > >> > >> > > > > > > > > It's >> br.com.icarros.keycloak.api >> > >> > > > > > > > > >> > >> > > > > > > > > >> > >> > > > > > > > > >> > >> > > > > > > > > >> > >> > > > > > > > > On Fri, Jul 11, 2014 at >> 4:13 AM, Stian >> > >> Thorgersen < >> > >> > > > stian at redhat.com >> > > >> > >> > > >>> >> > >> >> > >> > > > > > > > wrote: >> > >> > > > > > > > > >> > >> > > > > > > > > > You can create a new >> module for it in: >> > >> > > > > > > > > > >> > >> > > > > > > > > > integration/admin-client >> > >> > > > > > > > > > >> > >> > > > > > > > > > ----- Original Message >> ----- >> > >> > > > > > > > > > > From: "Rodrigo Sasaki" >> > >> > >> > >> > > >> > >> > __com >> > >> > >>> >> > >> > > > > > > > > > > To: "Stian Thorgersen" >> > >> >> > >> > >> > > >>> >> > >> > > > > > > > > > > Cc: "Juraci Paix?o >> Kr?hling" >> > >> > > > >> > >> > > >>>, >> > >> > > > > > > > > > >> keycloak-user at lists.jboss.org > jboss.org> >> > >> > > >> > >> > __jboss.org >> > >> >> > >> > >> >> > >> > > > > > > > > > > Sent: Thursday, 10 >> July, 2014 >> > >> 8:50:00 PM >> > >> > > > > > > > > > > Subject: Re: >> [keycloak-user] Java >> > >> Keycloak REST >> > >> API Wrapper >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > Stian, how should I >> send the code >> > >> that I made >> > >> to the >> > >> > > > > > > > > > > Keycloak >> > >> > > > > > repo? >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > Can you tell me what >> module name >> > >> to use, and >> > >> where to >> > >> > > > > > > > > > > create >> > >> > > > it? >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > On Tue, Jul 8, 2014 >> at 10:00 AM, >> > >> Rodrigo Sasaki < >> > >> > > > > > > > > > >> rodrigopsasaki at gmail.com >> > >> > > >> > >> > __com >> > >> >> > >> > >>> >> > >> > > > > > > > > > > wrote: >> > >> > > > > > > > > > > >> > >> > > > > > > > > > > > I would really >> like to do that >> > >> :) All I'm >> > >> waiting for is >> > >> > > > an OK >> > >> > > > > > to >> > >> > > > > > > > do >> > >> > > > > > > > > > it, >> > >> > > > > > > > > > > > because it was >> built inside the >> > >> company, so I >> > >> need >> > >> > > > approval. >> > >> > > > > > > > > > > > >> > >> > > > > > > > > > > > But I really >> believe it'll get a >> > >> lot better >> > >> when it's out >> > >> > > > > > there, >> > >> > > > > > > > and >> > >> > > > > > > > > > you >> > >> > > > > > > > > > > > can all pitch in >> > >> > > > > > > > > > > > >> > >> > > > > > > > > > > > >> > >> > > > > > > > > > > > On Tue, Jul 8, >> 2014 at 9:55 AM, >> > >> Stian >> > >> Thorgersen < >> > >> > > > > > stian at redhat.com >> > > >> > >> > > >> >> > >> >> > >> > > > > > > > > >> > >> > > > > > > > > > wrote: >> > >> > > > > > > > > > > > >> > >> > > > > > > > > > > >> Ideal way to >> contribute it to >> > >> Keycloak would >> > >> be if you >> > >> > > > fork >> > >> > > > > > the >> > >> > > > > > > > > > Keycloak >> > >> > > > > > > > > > > >> repo, add a >> module and do a PR ;) >> > >> > > > > > > > > > > >> >> > >> > > > > > > > > > > >> ----- Original >> Message ----- >> > >> > > > > > > > > > > >> > From: "Rodrigo >> Sasaki" >> > >> > >> > >> > > >> > >> > __com >> > >> > >>> >> > >> > > > > > > > > > > >> > To: "Juraci >> Paix?o Kr?hling" >> > >> > > > >> > >> > > >>> >> > >> > > > > > > > > > > >> > Cc: >> > >> keycloak-user at lists.jboss.org >> >> > >> > > >> > >> > __jboss.org >> > >> >> > >> > >> >> > >> > > > > > > > > > > >> > Sent: Tuesday, >> 8 July, 2014 >> > >> 1:50:14 PM >> > >> > > > > > > > > > > >> > Subject: Re: >> [keycloak-user] >> > >> Java Keycloak >> > >> REST API >> > >> > > > Wrapper >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > Oh yes, I >> believe it is >> > >> already very usable. >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > All I need now >> is to get my >> > >> manager to >> > >> agree to make >> > >> > > > this >> > >> > > > > > repo >> > >> > > > > > > > > > public, >> > >> > > > > > > > > > > >> > because there >> is a policy >> > >> that all repos >> > >> are private >> > >> > > > > > > > > > > >> > in >> > >> > > > this >> > >> > > > > > > > project >> > >> > > > > > > > > > > >> we're >> > >> > > > > > > > > > > >> > working in, but >> I don't think >> > >> we'll have >> > >> problems with >> > >> > > > > > this. I >> > >> > > > > > > > > > pitched >> > >> > > > > > > > > > > >> him >> > >> > > > > > > > > > > >> > the idea of >> contributing to >> > >> Keycloak and >> > >> he seemed to >> > >> > > > like >> > >> > > > > > it >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > On Tue, Jul 8, >> 2014 at 9:32 >> > >> AM, Juraci >> > >> Paix?o Kr?hling >> > >> > > > > > > > > > > >> > < >> > >> > > > > > > > > > > >> >> juraci at kroehling.de >> > >> > > > >> > >> >> > >> > >> >> > >> > > > > > > > > > > >> > > wrote: >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > -----BEGIN PGP >> SIGNED >> > >> MESSAGE----- >> > >> > > > > > > > > > > >> > Hash: SHA512 >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > Hello Rodrigo, >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > Do you have >> news about this? >> > >> I'm working >> > >> on a task >> > >> > > > > > > > > > > >> > that >> > >> > > > > > would >> > >> > > > > > > > > > require >> > >> > > > > > > > > > > >> > me to do >> something similar, >> > >> so, I think it >> > >> would best >> > >> > > > if we >> > >> > > > > > can >> > >> > > > > > > > > > > >> > collaborate on >> this API :-) >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > If/when you >> have some time, >> > >> we could have >> > >> a chat via >> > >> > > > > > > > > > > >> > IRC >> > >> > > > > > > > > > (jpkroehling >> > >> > > > > > > > > > > >> > at #keycloak on >> freenode). >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > - - Juca. >> > >> > > > > > > > > > > >> > >> > >> > > > > > > > > > > >> > On 06/20/2014 >> 10:00 PM, >> > >> Rodrigo Sasaki wrote: >> > >> > > > > > > > > > > >> > > I'm working >> on a Java-based >> > >> wrapper for >> > >> the REST >> > >> > > > > > > > > > > >> > > API, >> > >> > > > to >> > >> > > > > > make >> > >> > > > > > > > it >> > >> > > > > > > > > > > >> > > look more OO, >> abstracting >> > >> the access to >> > >> servers. >> > >> > > > > > > > > > > >> > > >> > >> > > > > > > > > > > >> > > It uses >> methods such as >> > >> > > > > > > > > > > >> > > >> > >> > > > > > > > > > > >> > > User bill = > > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140723/62f0dfe6/attachment-0001.html From christinalau28 at icloud.com Thu Jul 24 10:07:16 2014 From: christinalau28 at icloud.com (Christina Lau) Date: Thu, 24 Jul 2014 10:07:16 -0400 Subject: [keycloak-user] Export a realm? Message-ID: Is there a way to export a realm that I created manually, similar to the examples/testrealm.json file? I can?t find that function in the admin console. Thanks? Christina From bburke at redhat.com Thu Jul 24 10:17:15 2014 From: bburke at redhat.com (Bill Burke) Date: Thu, 24 Jul 2014 10:17:15 -0400 Subject: [keycloak-user] Export a realm? In-Reply-To: References: Message-ID: <53D1156B.9010608@redhat.com> http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/export-import.html I believe there is some improvements to this come Beta 4. On 7/24/2014 10:07 AM, Christina Lau wrote: > Is there a way to export a realm that I created manually, similar to the examples/testrealm.json file? I can?t find that function in the admin console. Thanks? > > Christina > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From rodrigopsasaki at gmail.com Thu Jul 24 13:13:17 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Thu, 24 Jul 2014 14:13:17 -0300 Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: <1116450547.12619264.1405673046766.JavaMail.zimbra@redhat.com> References: <53C562B0.2010302@redhat.com> <53C6D4F1.1000903@redhat.com> <1116450547.12619264.1405673046766.JavaMail.zimbra@redhat.com> Message-ID: Sorry to keep insisting on this, but since it's being a huge showstopper so far, I just have to ask. If I don't mind trading off SSO and all the other benefits that the Keycloak login page provides me, would there be a way for me to do what I want? On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen wrote: > We could add support for login_hint query param so you can have the > username/email field on the login form pre-filled for the user, so once a > user has to authenticate you redirect to login on KC and all they would > have to do is enter their password. > > If you bypass the login forms you'd loose SSO, multi-factor support, > required actions, recover password, etc, etc, etc.. > > As Bill mentioned we provide very flexible login forms that can be > templated using either just css or even FreeMarker templates if you need a > lot of customization, so you should be able to make the login form > integrate well with your website. > > ----- Original Message ----- > > From: "Rodrigo Sasaki" > > To: "Bill Burke" > > Cc: keycloak-user at lists.jboss.org > > Sent: Thursday, 17 July, 2014 6:52:08 PM > > Subject: Re: [keycloak-user] Authenticate user without using login page > > > > You think there could be a way to do this within keycloak itself? > > > > > > On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < > rodrigopsasaki at gmail.com > > > wrote: > > > > > > > > I'll give you an example: > > > > We have a situation in our website where we only ask for the user's > e-mail, > > and he can go on with the flow. > > > > On a determined step of the flow, if we identify that this is an e-mail > that > > we already have in our user database, we ask him for his password, > > authenticate him, and let him go on, if this e-mail is new, we redirect > him > > to a page where he can register himself, and after that continue on. > > > > On this specific case and others, we wouldn't like to have to redirect > him to > > keycloak, because that would interrupt the flow that we designed. > > > > > > On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < bburke at redhat.com > wrote: > > > > > > http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ > > userguide/html/direct-access- grants.html > > > > If you have to do it this way, please let us know why. Maybe we can > solve the > > issue within keycloak itself. > > > > > > On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: > > > > > > > > Just for the sake of conversation, if I did want to handle my own login > > page, would there be a way for me to do it? > > > > > > On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki > > < rodrigopsasaki at gmail.com > wrote: > > > > I don't want to miss out on all of that, which is why we're mostly > > migrating everything to use keycloak that way. > > > > It's just that we have cases that are so specific, that it would be > > better to authenticate the user in a different manner, create the > > user session and everything, without redirecting. > > > > I'll have a look at that code. Thanks! > > > > > > On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < bburke at redhat.com > > > wrote: > > > > If you want to handle your own login pages, IMO, you are missing > > out on > > a lot of Keycloak features. Specifically: > > > > * SSO > > * forgot password > > * admin forced credential reset/setup > > > > > > Login pages can be styled however you like to look like your > > application. > > > > There is a REST api for obtaining an access token. Here is an > > example: > > > > https://github.com/keycloak/ keycloak/blob/master/examples/ > > demo-template/admin-access- app/src/main/java/org/ > > keycloak/example/AdminClient. java > > > > On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: > > > Is there a way to authenticate the user without having to > > input username > > > and password on the login page? > > > > > > For example: > > > > > > Say there's a situation in my application where I request the > > user for > > > his username and password, and I wouldn't like to redirect > > that to the > > > keycloak login page to authenticate him, would there be a way > > for me to > > > do that? > > > > > > -- > > > Rodrigo Sasaki > > > > > > > > > ______________________________ _________________ > > > keycloak-user mailing list > > > keycloak-user at lists.jboss.org > > > > > > > https://lists.jboss.org/ mailman/listinfo/keycloak-user > > > > > > > -- > > Bill Burke > > JBoss, a division of Red Hat > > http://bill.burkecentral.com > > ______________________________ _________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > > > https://lists.jboss.org/ mailman/listinfo/keycloak-user > > > > > > > > > > -- > > Rodrigo Sasaki > > > > > > > > > > -- > > Rodrigo Sasaki > > > > -- > > Bill Burke > > JBoss, a division of Red Hat > > http://bill.burkecentral.com > > > > > > > > -- > > Rodrigo Sasaki > > > > > > > > -- > > Rodrigo Sasaki > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140724/68428992/attachment.html From christinalau28 at icloud.com Thu Jul 24 15:49:09 2014 From: christinalau28 at icloud.com (Christina Lau) Date: Thu, 24 Jul 2014 15:49:09 -0400 Subject: [keycloak-user] Can't get sample to work on EC2 RHEL Message-ID: Hi, I installed keycloak on a EC2 RHEL VM. I can login to the admin console. I then build and deploy the pre-configured-demo examples and imported the demo realm. However, I am unable to invoke the customer-portal. I have tried to change the application URL already in the admin console. Any idea what I may be missing? I get 404 not found error here: http://54.84.240.18:8080/customer-portal/customers/view.jsp You can login as admin/password to take a look too? http://54.84.240.18:8080/auth/ From stian at redhat.com Fri Jul 25 05:08:14 2014 From: stian at redhat.com (Stian Thorgersen) Date: Fri, 25 Jul 2014 05:08:14 -0400 (EDT) Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: References: <53C6D4F1.1000903@redhat.com> <1116450547.12619264.1405673046766.JavaMail.zimbra@redhat.com> Message-ID: <159610302.17896027.1406279294564.JavaMail.zimbra@redhat.com> Yes, you can use the direct grant to retrieve a token. I'd like to know why redirecting to the login form, when styled to match your website, and using login_hint to pre-fill username/email doesn't work. Maybe there's something we can do so that you can still use the "proper" flow? ----- Original Message ----- > From: "Rodrigo Sasaki" > To: "Stian Thorgersen" > Cc: "Bill Burke" , keycloak-user at lists.jboss.org > Sent: Thursday, 24 July, 2014 6:13:17 PM > Subject: Re: [keycloak-user] Authenticate user without using login page > > Sorry to keep insisting on this, but since it's being a huge showstopper so > far, I just have to ask. > > If I don't mind trading off SSO and all the other benefits that the > Keycloak login page provides me, would there be a way for me to do what I > want? > > > On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen wrote: > > > We could add support for login_hint query param so you can have the > > username/email field on the login form pre-filled for the user, so once a > > user has to authenticate you redirect to login on KC and all they would > > have to do is enter their password. > > > > If you bypass the login forms you'd loose SSO, multi-factor support, > > required actions, recover password, etc, etc, etc.. > > > > As Bill mentioned we provide very flexible login forms that can be > > templated using either just css or even FreeMarker templates if you need a > > lot of customization, so you should be able to make the login form > > integrate well with your website. > > > > ----- Original Message ----- > > > From: "Rodrigo Sasaki" > > > To: "Bill Burke" > > > Cc: keycloak-user at lists.jboss.org > > > Sent: Thursday, 17 July, 2014 6:52:08 PM > > > Subject: Re: [keycloak-user] Authenticate user without using login page > > > > > > You think there could be a way to do this within keycloak itself? > > > > > > > > > On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < > > rodrigopsasaki at gmail.com > > > > wrote: > > > > > > > > > > > > I'll give you an example: > > > > > > We have a situation in our website where we only ask for the user's > > e-mail, > > > and he can go on with the flow. > > > > > > On a determined step of the flow, if we identify that this is an e-mail > > that > > > we already have in our user database, we ask him for his password, > > > authenticate him, and let him go on, if this e-mail is new, we redirect > > him > > > to a page where he can register himself, and after that continue on. > > > > > > On this specific case and others, we wouldn't like to have to redirect > > him to > > > keycloak, because that would interrupt the flow that we designed. > > > > > > > > > On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < bburke at redhat.com > wrote: > > > > > > > > > http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ > > > userguide/html/direct-access- grants.html > > > > > > If you have to do it this way, please let us know why. Maybe we can > > solve the > > > issue within keycloak itself. > > > > > > > > > On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: > > > > > > > > > > > > Just for the sake of conversation, if I did want to handle my own login > > > page, would there be a way for me to do it? > > > > > > > > > On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki > > > < rodrigopsasaki at gmail.com > wrote: > > > > > > I don't want to miss out on all of that, which is why we're mostly > > > migrating everything to use keycloak that way. > > > > > > It's just that we have cases that are so specific, that it would be > > > better to authenticate the user in a different manner, create the > > > user session and everything, without redirecting. > > > > > > I'll have a look at that code. Thanks! > > > > > > > > > On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < bburke at redhat.com > > > > wrote: > > > > > > If you want to handle your own login pages, IMO, you are missing > > > out on > > > a lot of Keycloak features. Specifically: > > > > > > * SSO > > > * forgot password > > > * admin forced credential reset/setup > > > > > > > > > Login pages can be styled however you like to look like your > > > application. > > > > > > There is a REST api for obtaining an access token. Here is an > > > example: > > > > > > https://github.com/keycloak/ keycloak/blob/master/examples/ > > > demo-template/admin-access- app/src/main/java/org/ > > > keycloak/example/AdminClient. java > > > > > > On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: > > > > Is there a way to authenticate the user without having to > > > input username > > > > and password on the login page? > > > > > > > > For example: > > > > > > > > Say there's a situation in my application where I request the > > > user for > > > > his username and password, and I wouldn't like to redirect > > > that to the > > > > keycloak login page to authenticate him, would there be a way > > > for me to > > > > do that? > > > > > > > > -- > > > > Rodrigo Sasaki > > > > > > > > > > > > ______________________________ _________________ > > > > keycloak-user mailing list > > > > keycloak-user at lists.jboss.org > > > > > > > > > > https://lists.jboss.org/ mailman/listinfo/keycloak-user > > > > > > > > > > -- > > > Bill Burke > > > JBoss, a division of Red Hat > > > http://bill.burkecentral.com > > > ______________________________ _________________ > > > keycloak-user mailing list > > > keycloak-user at lists.jboss.org > > > > > > https://lists.jboss.org/ mailman/listinfo/keycloak-user > > > > > > > > > > > > > > > -- > > > Rodrigo Sasaki > > > > > > > > > > > > > > > -- > > > Rodrigo Sasaki > > > > > > -- > > > Bill Burke > > > JBoss, a division of Red Hat > > > http://bill.burkecentral.com > > > > > > > > > > > > -- > > > Rodrigo Sasaki > > > > > > > > > > > > -- > > > Rodrigo Sasaki > > > > > > _______________________________________________ > > > keycloak-user mailing list > > > keycloak-user at lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > -- > Rodrigo Sasaki > From stian at redhat.com Fri Jul 25 05:12:47 2014 From: stian at redhat.com (Stian Thorgersen) Date: Fri, 25 Jul 2014 05:12:47 -0400 (EDT) Subject: [keycloak-user] Can't get sample to work on EC2 RHEL In-Reply-To: References: Message-ID: <273653807.17908169.1406279567935.JavaMail.zimbra@redhat.com> Looks like customer-portal hasn't deployed properly. The 404 doesn't come from WildFly. Have you looked at the server.log is there anything interesting there? ----- Original Message ----- > From: "Christina Lau" > To: keycloak-user at lists.jboss.org > Sent: Thursday, 24 July, 2014 8:49:09 PM > Subject: [keycloak-user] Can't get sample to work on EC2 RHEL > > Hi, I installed keycloak on a EC2 RHEL VM. I can login to the admin console. > I then build and deploy the pre-configured-demo examples and imported the > demo realm. However, I am unable to invoke the customer-portal. I have tried > to change the application URL already in the admin console. Any idea what I > may be missing? I get 404 not found error here: > > http://54.84.240.18:8080/customer-portal/customers/view.jsp > > You can login as admin/password to take a look too? > > http://54.84.240.18:8080/auth/ > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > From bburke at redhat.com Fri Jul 25 08:48:45 2014 From: bburke at redhat.com (Bill Burke) Date: Fri, 25 Jul 2014 08:48:45 -0400 Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: <159610302.17896027.1406279294564.JavaMail.zimbra@redhat.com> References: <53C6D4F1.1000903@redhat.com> <1116450547.12619264.1405673046766.JavaMail.zimbra@redhat.com> <159610302.17896027.1406279294564.JavaMail.zimbra@redhat.com> Message-ID: <53D2522D.70103@redhat.com> It is because their first login screen is just something asking for an email. If the email doesn't exist as a user, they want a redirect to the register page. On 7/25/2014 5:08 AM, Stian Thorgersen wrote: > Yes, you can use the direct grant to retrieve a token. > > I'd like to know why redirecting to the login form, when styled to match your website, and using login_hint to pre-fill username/email doesn't work. Maybe there's something we can do so that you can still use the "proper" flow? > > ----- Original Message ----- >> From: "Rodrigo Sasaki" >> To: "Stian Thorgersen" >> Cc: "Bill Burke" , keycloak-user at lists.jboss.org >> Sent: Thursday, 24 July, 2014 6:13:17 PM >> Subject: Re: [keycloak-user] Authenticate user without using login page >> >> Sorry to keep insisting on this, but since it's being a huge showstopper so >> far, I just have to ask. >> >> If I don't mind trading off SSO and all the other benefits that the >> Keycloak login page provides me, would there be a way for me to do what I >> want? >> >> >> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen wrote: >> >>> We could add support for login_hint query param so you can have the >>> username/email field on the login form pre-filled for the user, so once a >>> user has to authenticate you redirect to login on KC and all they would >>> have to do is enter their password. >>> >>> If you bypass the login forms you'd loose SSO, multi-factor support, >>> required actions, recover password, etc, etc, etc.. >>> >>> As Bill mentioned we provide very flexible login forms that can be >>> templated using either just css or even FreeMarker templates if you need a >>> lot of customization, so you should be able to make the login form >>> integrate well with your website. >>> >>> ----- Original Message ----- >>>> From: "Rodrigo Sasaki" >>>> To: "Bill Burke" >>>> Cc: keycloak-user at lists.jboss.org >>>> Sent: Thursday, 17 July, 2014 6:52:08 PM >>>> Subject: Re: [keycloak-user] Authenticate user without using login page >>>> >>>> You think there could be a way to do this within keycloak itself? >>>> >>>> >>>> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < >>> rodrigopsasaki at gmail.com > >>>> wrote: >>>> >>>> >>>> >>>> I'll give you an example: >>>> >>>> We have a situation in our website where we only ask for the user's >>> e-mail, >>>> and he can go on with the flow. >>>> >>>> On a determined step of the flow, if we identify that this is an e-mail >>> that >>>> we already have in our user database, we ask him for his password, >>>> authenticate him, and let him go on, if this e-mail is new, we redirect >>> him >>>> to a page where he can register himself, and after that continue on. >>>> >>>> On this specific case and others, we wouldn't like to have to redirect >>> him to >>>> keycloak, because that would interrupt the flow that we designed. >>>> >>>> >>>> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < bburke at redhat.com > wrote: >>>> >>>> >>>> http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ >>>> userguide/html/direct-access- grants.html >>>> >>>> If you have to do it this way, please let us know why. Maybe we can >>> solve the >>>> issue within keycloak itself. >>>> >>>> >>>> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: >>>> >>>> >>>> >>>> Just for the sake of conversation, if I did want to handle my own login >>>> page, would there be a way for me to do it? >>>> >>>> >>>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki >>>> < rodrigopsasaki at gmail.com > wrote: >>>> >>>> I don't want to miss out on all of that, which is why we're mostly >>>> migrating everything to use keycloak that way. >>>> >>>> It's just that we have cases that are so specific, that it would be >>>> better to authenticate the user in a different manner, create the >>>> user session and everything, without redirecting. >>>> >>>> I'll have a look at that code. Thanks! >>>> >>>> >>>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < bburke at redhat.com >>>> > wrote: >>>> >>>> If you want to handle your own login pages, IMO, you are missing >>>> out on >>>> a lot of Keycloak features. Specifically: >>>> >>>> * SSO >>>> * forgot password >>>> * admin forced credential reset/setup >>>> >>>> >>>> Login pages can be styled however you like to look like your >>>> application. >>>> >>>> There is a REST api for obtaining an access token. Here is an >>>> example: >>>> >>>> https://github.com/keycloak/ keycloak/blob/master/examples/ >>>> demo-template/admin-access- app/src/main/java/org/ >>>> keycloak/example/AdminClient. java >>>> >>>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: >>>>> Is there a way to authenticate the user without having to >>>> input username >>>>> and password on the login page? >>>>> >>>>> For example: >>>>> >>>>> Say there's a situation in my application where I request the >>>> user for >>>>> his username and password, and I wouldn't like to redirect >>>> that to the >>>>> keycloak login page to authenticate him, would there be a way >>>> for me to >>>>> do that? >>>>> >>>>> -- >>>>> Rodrigo Sasaki >>>>> >>>>> >>>>> ______________________________ _________________ >>>>> keycloak-user mailing list >>>>> keycloak-user at lists.jboss.org >>>> >>>> >>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user >>>>> >>>> >>>> -- >>>> Bill Burke >>>> JBoss, a division of Red Hat >>>> http://bill.burkecentral.com >>>> ______________________________ _________________ >>>> keycloak-user mailing list >>>> keycloak-user at lists.jboss.org >>>> >>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user >>>> >>>> >>>> >>>> >>>> -- >>>> Rodrigo Sasaki >>>> >>>> >>>> >>>> >>>> -- >>>> Rodrigo Sasaki >>>> >>>> -- >>>> Bill Burke >>>> JBoss, a division of Red Hat >>>> http://bill.burkecentral.com >>>> >>>> >>>> >>>> -- >>>> Rodrigo Sasaki >>>> >>>> >>>> >>>> -- >>>> Rodrigo Sasaki >>>> >>>> _______________________________________________ >>>> keycloak-user mailing list >>>> keycloak-user at lists.jboss.org >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> >> >> >> >> -- >> Rodrigo Sasaki >> -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From stian at redhat.com Fri Jul 25 08:56:00 2014 From: stian at redhat.com (Stian Thorgersen) Date: Fri, 25 Jul 2014 08:56:00 -0400 (EDT) Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: <53D2522D.70103@redhat.com> References: <53C6D4F1.1000903@redhat.com> <1116450547.12619264.1405673046766.JavaMail.zimbra@redhat.com> <159610302.17896027.1406279294564.JavaMail.zimbra@redhat.com> <53D2522D.70103@redhat.com> Message-ID: <1290685740.18033745.1406292960847.JavaMail.zimbra@redhat.com> Yes, but I'm wondering why the following won't work: 1. Ask for users email (in your app, not KC) 2. Once you get to the flow where a user has to login: a) If user doesn't exist in KC (you can use admin endpoints to check this) redirect to registration page on KC with email already entered b) If user does exist in KC redirect to login page again with email already entered 3. Redirect back to app ----- Original Message ----- > From: "Bill Burke" > To: "Stian Thorgersen" , "Rodrigo Sasaki" > Cc: keycloak-user at lists.jboss.org > Sent: Friday, 25 July, 2014 1:48:45 PM > Subject: Re: [keycloak-user] Authenticate user without using login page > > It is because their first login screen is just something asking for an > email. If the email doesn't exist as a user, they want a redirect to > the register page. > > On 7/25/2014 5:08 AM, Stian Thorgersen wrote: > > Yes, you can use the direct grant to retrieve a token. > > > > I'd like to know why redirecting to the login form, when styled to match > > your website, and using login_hint to pre-fill username/email doesn't > > work. Maybe there's something we can do so that you can still use the > > "proper" flow? > > > > ----- Original Message ----- > >> From: "Rodrigo Sasaki" > >> To: "Stian Thorgersen" > >> Cc: "Bill Burke" , keycloak-user at lists.jboss.org > >> Sent: Thursday, 24 July, 2014 6:13:17 PM > >> Subject: Re: [keycloak-user] Authenticate user without using login page > >> > >> Sorry to keep insisting on this, but since it's being a huge showstopper > >> so > >> far, I just have to ask. > >> > >> If I don't mind trading off SSO and all the other benefits that the > >> Keycloak login page provides me, would there be a way for me to do what I > >> want? > >> > >> > >> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen > >> wrote: > >> > >>> We could add support for login_hint query param so you can have the > >>> username/email field on the login form pre-filled for the user, so once a > >>> user has to authenticate you redirect to login on KC and all they would > >>> have to do is enter their password. > >>> > >>> If you bypass the login forms you'd loose SSO, multi-factor support, > >>> required actions, recover password, etc, etc, etc.. > >>> > >>> As Bill mentioned we provide very flexible login forms that can be > >>> templated using either just css or even FreeMarker templates if you need > >>> a > >>> lot of customization, so you should be able to make the login form > >>> integrate well with your website. > >>> > >>> ----- Original Message ----- > >>>> From: "Rodrigo Sasaki" > >>>> To: "Bill Burke" > >>>> Cc: keycloak-user at lists.jboss.org > >>>> Sent: Thursday, 17 July, 2014 6:52:08 PM > >>>> Subject: Re: [keycloak-user] Authenticate user without using login page > >>>> > >>>> You think there could be a way to do this within keycloak itself? > >>>> > >>>> > >>>> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < > >>> rodrigopsasaki at gmail.com > > >>>> wrote: > >>>> > >>>> > >>>> > >>>> I'll give you an example: > >>>> > >>>> We have a situation in our website where we only ask for the user's > >>> e-mail, > >>>> and he can go on with the flow. > >>>> > >>>> On a determined step of the flow, if we identify that this is an e-mail > >>> that > >>>> we already have in our user database, we ask him for his password, > >>>> authenticate him, and let him go on, if this e-mail is new, we redirect > >>> him > >>>> to a page where he can register himself, and after that continue on. > >>>> > >>>> On this specific case and others, we wouldn't like to have to redirect > >>> him to > >>>> keycloak, because that would interrupt the flow that we designed. > >>>> > >>>> > >>>> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < bburke at redhat.com > wrote: > >>>> > >>>> > >>>> http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ > >>>> userguide/html/direct-access- grants.html > >>>> > >>>> If you have to do it this way, please let us know why. Maybe we can > >>> solve the > >>>> issue within keycloak itself. > >>>> > >>>> > >>>> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: > >>>> > >>>> > >>>> > >>>> Just for the sake of conversation, if I did want to handle my own login > >>>> page, would there be a way for me to do it? > >>>> > >>>> > >>>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki > >>>> < rodrigopsasaki at gmail.com > wrote: > >>>> > >>>> I don't want to miss out on all of that, which is why we're mostly > >>>> migrating everything to use keycloak that way. > >>>> > >>>> It's just that we have cases that are so specific, that it would be > >>>> better to authenticate the user in a different manner, create the > >>>> user session and everything, without redirecting. > >>>> > >>>> I'll have a look at that code. Thanks! > >>>> > >>>> > >>>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < bburke at redhat.com > >>>> > wrote: > >>>> > >>>> If you want to handle your own login pages, IMO, you are missing > >>>> out on > >>>> a lot of Keycloak features. Specifically: > >>>> > >>>> * SSO > >>>> * forgot password > >>>> * admin forced credential reset/setup > >>>> > >>>> > >>>> Login pages can be styled however you like to look like your > >>>> application. > >>>> > >>>> There is a REST api for obtaining an access token. Here is an > >>>> example: > >>>> > >>>> https://github.com/keycloak/ keycloak/blob/master/examples/ > >>>> demo-template/admin-access- app/src/main/java/org/ > >>>> keycloak/example/AdminClient. java > >>>> > >>>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: > >>>>> Is there a way to authenticate the user without having to > >>>> input username > >>>>> and password on the login page? > >>>>> > >>>>> For example: > >>>>> > >>>>> Say there's a situation in my application where I request the > >>>> user for > >>>>> his username and password, and I wouldn't like to redirect > >>>> that to the > >>>>> keycloak login page to authenticate him, would there be a way > >>>> for me to > >>>>> do that? > >>>>> > >>>>> -- > >>>>> Rodrigo Sasaki > >>>>> > >>>>> > >>>>> ______________________________ _________________ > >>>>> keycloak-user mailing list > >>>>> keycloak-user at lists.jboss.org > >>>> > >>>> > >>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > >>>>> > >>>> > >>>> -- > >>>> Bill Burke > >>>> JBoss, a division of Red Hat > >>>> http://bill.burkecentral.com > >>>> ______________________________ _________________ > >>>> keycloak-user mailing list > >>>> keycloak-user at lists.jboss.org > >>>> > >>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > >>>> > >>>> > >>>> > >>>> > >>>> -- > >>>> Rodrigo Sasaki > >>>> > >>>> > >>>> > >>>> > >>>> -- > >>>> Rodrigo Sasaki > >>>> > >>>> -- > >>>> Bill Burke > >>>> JBoss, a division of Red Hat > >>>> http://bill.burkecentral.com > >>>> > >>>> > >>>> > >>>> -- > >>>> Rodrigo Sasaki > >>>> > >>>> > >>>> > >>>> -- > >>>> Rodrigo Sasaki > >>>> > >>>> _______________________________________________ > >>>> keycloak-user mailing list > >>>> keycloak-user at lists.jboss.org > >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user > >>> > >> > >> > >> > >> -- > >> Rodrigo Sasaki > >> > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > From bburke at redhat.com Fri Jul 25 09:08:21 2014 From: bburke at redhat.com (Bill Burke) Date: Fri, 25 Jul 2014 09:08:21 -0400 Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: <1290685740.18033745.1406292960847.JavaMail.zimbra@redhat.com> References: <53C6D4F1.1000903@redhat.com> <1116450547.12619264.1405673046766.JavaMail.zimbra@redhat.com> <159610302.17896027.1406279294564.JavaMail.zimbra@redhat.com> <53D2522D.70103@redhat.com> <1290685740.18033745.1406292960847.JavaMail.zimbra@redhat.com> Message-ID: <53D256C5.2080804@redhat.com> Another workaround would to be just have the regular keycloak login page and add a "registration" link to teh template that points back to their application. I just think it would be simpler for them than doing what you suggest. On 7/25/2014 8:56 AM, Stian Thorgersen wrote: > Yes, but I'm wondering why the following won't work: > > 1. Ask for users email (in your app, not KC) > 2. Once you get to the flow where a user has to login: > a) If user doesn't exist in KC (you can use admin endpoints to check this) redirect to registration page on KC with email already entered > b) If user does exist in KC redirect to login page again with email already entered > 3. Redirect back to app > > ----- Original Message ----- >> From: "Bill Burke" >> To: "Stian Thorgersen" , "Rodrigo Sasaki" >> Cc: keycloak-user at lists.jboss.org >> Sent: Friday, 25 July, 2014 1:48:45 PM >> Subject: Re: [keycloak-user] Authenticate user without using login page >> >> It is because their first login screen is just something asking for an >> email. If the email doesn't exist as a user, they want a redirect to >> the register page. >> >> On 7/25/2014 5:08 AM, Stian Thorgersen wrote: >>> Yes, you can use the direct grant to retrieve a token. >>> >>> I'd like to know why redirecting to the login form, when styled to match >>> your website, and using login_hint to pre-fill username/email doesn't >>> work. Maybe there's something we can do so that you can still use the >>> "proper" flow? >>> >>> ----- Original Message ----- >>>> From: "Rodrigo Sasaki" >>>> To: "Stian Thorgersen" >>>> Cc: "Bill Burke" , keycloak-user at lists.jboss.org >>>> Sent: Thursday, 24 July, 2014 6:13:17 PM >>>> Subject: Re: [keycloak-user] Authenticate user without using login page >>>> >>>> Sorry to keep insisting on this, but since it's being a huge showstopper >>>> so >>>> far, I just have to ask. >>>> >>>> If I don't mind trading off SSO and all the other benefits that the >>>> Keycloak login page provides me, would there be a way for me to do what I >>>> want? >>>> >>>> >>>> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen >>>> wrote: >>>> >>>>> We could add support for login_hint query param so you can have the >>>>> username/email field on the login form pre-filled for the user, so once a >>>>> user has to authenticate you redirect to login on KC and all they would >>>>> have to do is enter their password. >>>>> >>>>> If you bypass the login forms you'd loose SSO, multi-factor support, >>>>> required actions, recover password, etc, etc, etc.. >>>>> >>>>> As Bill mentioned we provide very flexible login forms that can be >>>>> templated using either just css or even FreeMarker templates if you need >>>>> a >>>>> lot of customization, so you should be able to make the login form >>>>> integrate well with your website. >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Rodrigo Sasaki" >>>>>> To: "Bill Burke" >>>>>> Cc: keycloak-user at lists.jboss.org >>>>>> Sent: Thursday, 17 July, 2014 6:52:08 PM >>>>>> Subject: Re: [keycloak-user] Authenticate user without using login page >>>>>> >>>>>> You think there could be a way to do this within keycloak itself? >>>>>> >>>>>> >>>>>> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < >>>>> rodrigopsasaki at gmail.com > >>>>>> wrote: >>>>>> >>>>>> >>>>>> >>>>>> I'll give you an example: >>>>>> >>>>>> We have a situation in our website where we only ask for the user's >>>>> e-mail, >>>>>> and he can go on with the flow. >>>>>> >>>>>> On a determined step of the flow, if we identify that this is an e-mail >>>>> that >>>>>> we already have in our user database, we ask him for his password, >>>>>> authenticate him, and let him go on, if this e-mail is new, we redirect >>>>> him >>>>>> to a page where he can register himself, and after that continue on. >>>>>> >>>>>> On this specific case and others, we wouldn't like to have to redirect >>>>> him to >>>>>> keycloak, because that would interrupt the flow that we designed. >>>>>> >>>>>> >>>>>> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < bburke at redhat.com > wrote: >>>>>> >>>>>> >>>>>> http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ >>>>>> userguide/html/direct-access- grants.html >>>>>> >>>>>> If you have to do it this way, please let us know why. Maybe we can >>>>> solve the >>>>>> issue within keycloak itself. >>>>>> >>>>>> >>>>>> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: >>>>>> >>>>>> >>>>>> >>>>>> Just for the sake of conversation, if I did want to handle my own login >>>>>> page, would there be a way for me to do it? >>>>>> >>>>>> >>>>>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki >>>>>> < rodrigopsasaki at gmail.com > wrote: >>>>>> >>>>>> I don't want to miss out on all of that, which is why we're mostly >>>>>> migrating everything to use keycloak that way. >>>>>> >>>>>> It's just that we have cases that are so specific, that it would be >>>>>> better to authenticate the user in a different manner, create the >>>>>> user session and everything, without redirecting. >>>>>> >>>>>> I'll have a look at that code. Thanks! >>>>>> >>>>>> >>>>>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < bburke at redhat.com >>>>>> > wrote: >>>>>> >>>>>> If you want to handle your own login pages, IMO, you are missing >>>>>> out on >>>>>> a lot of Keycloak features. Specifically: >>>>>> >>>>>> * SSO >>>>>> * forgot password >>>>>> * admin forced credential reset/setup >>>>>> >>>>>> >>>>>> Login pages can be styled however you like to look like your >>>>>> application. >>>>>> >>>>>> There is a REST api for obtaining an access token. Here is an >>>>>> example: >>>>>> >>>>>> https://github.com/keycloak/ keycloak/blob/master/examples/ >>>>>> demo-template/admin-access- app/src/main/java/org/ >>>>>> keycloak/example/AdminClient. java >>>>>> >>>>>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: >>>>>>> Is there a way to authenticate the user without having to >>>>>> input username >>>>>>> and password on the login page? >>>>>>> >>>>>>> For example: >>>>>>> >>>>>>> Say there's a situation in my application where I request the >>>>>> user for >>>>>>> his username and password, and I wouldn't like to redirect >>>>>> that to the >>>>>>> keycloak login page to authenticate him, would there be a way >>>>>> for me to >>>>>>> do that? >>>>>>> >>>>>>> -- >>>>>>> Rodrigo Sasaki >>>>>>> >>>>>>> >>>>>>> ______________________________ _________________ >>>>>>> keycloak-user mailing list >>>>>>> keycloak-user at lists.jboss.org >>>>>> >>>>>> >>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user >>>>>>> >>>>>> >>>>>> -- >>>>>> Bill Burke >>>>>> JBoss, a division of Red Hat >>>>>> http://bill.burkecentral.com >>>>>> ______________________________ _________________ >>>>>> keycloak-user mailing list >>>>>> keycloak-user at lists.jboss.org >>>>>> >>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Rodrigo Sasaki >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Rodrigo Sasaki >>>>>> >>>>>> -- >>>>>> Bill Burke >>>>>> JBoss, a division of Red Hat >>>>>> http://bill.burkecentral.com >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Rodrigo Sasaki >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Rodrigo Sasaki >>>>>> >>>>>> _______________________________________________ >>>>>> keycloak-user mailing list >>>>>> keycloak-user at lists.jboss.org >>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>> >>>> >>>> >>>> >>>> -- >>>> Rodrigo Sasaki >>>> >> >> -- >> Bill Burke >> JBoss, a division of Red Hat >> http://bill.burkecentral.com >> -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From rodrigopsasaki at gmail.com Fri Jul 25 09:08:43 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Fri, 25 Jul 2014 10:08:43 -0300 Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: <1290685740.18033745.1406292960847.JavaMail.zimbra@redhat.com> References: <53C6D4F1.1000903@redhat.com> <1116450547.12619264.1405673046766.JavaMail.zimbra@redhat.com> <159610302.17896027.1406279294564.JavaMail.zimbra@redhat.com> <53D2522D.70103@redhat.com> <1290685740.18033745.1406292960847.JavaMail.zimbra@redhat.com> Message-ID: Actually, the main problem is one of the flows where the password request appears in a popup, there's no redirect at all, and one of the things that were agreed upon when decided to change the authentication provider, was that nothing would be altered in the user experience. So I really have to try and make keycloak "fit in" in these particular scenarios, they are not used as much as the ones where we'll use the keycloak login page with our own style, but I do have to make them work. When you say I could use direct grant to get a token, would that count as the same as an user logging in? It's not really clear to me right now On Fri, Jul 25, 2014 at 9:56 AM, Stian Thorgersen wrote: > Yes, but I'm wondering why the following won't work: > > 1. Ask for users email (in your app, not KC) > 2. Once you get to the flow where a user has to login: > a) If user doesn't exist in KC (you can use admin endpoints to check > this) redirect to registration page on KC with email already entered > b) If user does exist in KC redirect to login page again with email > already entered > 3. Redirect back to app > > ----- Original Message ----- > > From: "Bill Burke" > > To: "Stian Thorgersen" , "Rodrigo Sasaki" < > rodrigopsasaki at gmail.com> > > Cc: keycloak-user at lists.jboss.org > > Sent: Friday, 25 July, 2014 1:48:45 PM > > Subject: Re: [keycloak-user] Authenticate user without using login page > > > > It is because their first login screen is just something asking for an > > email. If the email doesn't exist as a user, they want a redirect to > > the register page. > > > > On 7/25/2014 5:08 AM, Stian Thorgersen wrote: > > > Yes, you can use the direct grant to retrieve a token. > > > > > > I'd like to know why redirecting to the login form, when styled to > match > > > your website, and using login_hint to pre-fill username/email doesn't > > > work. Maybe there's something we can do so that you can still use the > > > "proper" flow? > > > > > > ----- Original Message ----- > > >> From: "Rodrigo Sasaki" > > >> To: "Stian Thorgersen" > > >> Cc: "Bill Burke" , keycloak-user at lists.jboss.org > > >> Sent: Thursday, 24 July, 2014 6:13:17 PM > > >> Subject: Re: [keycloak-user] Authenticate user without using login > page > > >> > > >> Sorry to keep insisting on this, but since it's being a huge > showstopper > > >> so > > >> far, I just have to ask. > > >> > > >> If I don't mind trading off SSO and all the other benefits that the > > >> Keycloak login page provides me, would there be a way for me to do > what I > > >> want? > > >> > > >> > > >> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen > > >> wrote: > > >> > > >>> We could add support for login_hint query param so you can have the > > >>> username/email field on the login form pre-filled for the user, so > once a > > >>> user has to authenticate you redirect to login on KC and all they > would > > >>> have to do is enter their password. > > >>> > > >>> If you bypass the login forms you'd loose SSO, multi-factor support, > > >>> required actions, recover password, etc, etc, etc.. > > >>> > > >>> As Bill mentioned we provide very flexible login forms that can be > > >>> templated using either just css or even FreeMarker templates if you > need > > >>> a > > >>> lot of customization, so you should be able to make the login form > > >>> integrate well with your website. > > >>> > > >>> ----- Original Message ----- > > >>>> From: "Rodrigo Sasaki" > > >>>> To: "Bill Burke" > > >>>> Cc: keycloak-user at lists.jboss.org > > >>>> Sent: Thursday, 17 July, 2014 6:52:08 PM > > >>>> Subject: Re: [keycloak-user] Authenticate user without using login > page > > >>>> > > >>>> You think there could be a way to do this within keycloak itself? > > >>>> > > >>>> > > >>>> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < > > >>> rodrigopsasaki at gmail.com > > > >>>> wrote: > > >>>> > > >>>> > > >>>> > > >>>> I'll give you an example: > > >>>> > > >>>> We have a situation in our website where we only ask for the user's > > >>> e-mail, > > >>>> and he can go on with the flow. > > >>>> > > >>>> On a determined step of the flow, if we identify that this is an > e-mail > > >>> that > > >>>> we already have in our user database, we ask him for his password, > > >>>> authenticate him, and let him go on, if this e-mail is new, we > redirect > > >>> him > > >>>> to a page where he can register himself, and after that continue on. > > >>>> > > >>>> On this specific case and others, we wouldn't like to have to > redirect > > >>> him to > > >>>> keycloak, because that would interrupt the flow that we designed. > > >>>> > > >>>> > > >>>> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < bburke at redhat.com > > wrote: > > >>>> > > >>>> > > >>>> http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ > > >>>> userguide/html/direct-access- grants.html > > >>>> > > >>>> If you have to do it this way, please let us know why. Maybe we can > > >>> solve the > > >>>> issue within keycloak itself. > > >>>> > > >>>> > > >>>> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: > > >>>> > > >>>> > > >>>> > > >>>> Just for the sake of conversation, if I did want to handle my own > login > > >>>> page, would there be a way for me to do it? > > >>>> > > >>>> > > >>>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki > > >>>> < rodrigopsasaki at gmail.com > > wrote: > > >>>> > > >>>> I don't want to miss out on all of that, which is why we're mostly > > >>>> migrating everything to use keycloak that way. > > >>>> > > >>>> It's just that we have cases that are so specific, that it would be > > >>>> better to authenticate the user in a different manner, create the > > >>>> user session and everything, without redirecting. > > >>>> > > >>>> I'll have a look at that code. Thanks! > > >>>> > > >>>> > > >>>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < bburke at redhat.com > > >>>> > wrote: > > >>>> > > >>>> If you want to handle your own login pages, IMO, you are missing > > >>>> out on > > >>>> a lot of Keycloak features. Specifically: > > >>>> > > >>>> * SSO > > >>>> * forgot password > > >>>> * admin forced credential reset/setup > > >>>> > > >>>> > > >>>> Login pages can be styled however you like to look like your > > >>>> application. > > >>>> > > >>>> There is a REST api for obtaining an access token. Here is an > > >>>> example: > > >>>> > > >>>> https://github.com/keycloak/ keycloak/blob/master/examples/ > > >>>> demo-template/admin-access- app/src/main/java/org/ > > >>>> keycloak/example/AdminClient. java > > >>>> > > >>>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: > > >>>>> Is there a way to authenticate the user without having to > > >>>> input username > > >>>>> and password on the login page? > > >>>>> > > >>>>> For example: > > >>>>> > > >>>>> Say there's a situation in my application where I request the > > >>>> user for > > >>>>> his username and password, and I wouldn't like to redirect > > >>>> that to the > > >>>>> keycloak login page to authenticate him, would there be a way > > >>>> for me to > > >>>>> do that? > > >>>>> > > >>>>> -- > > >>>>> Rodrigo Sasaki > > >>>>> > > >>>>> > > >>>>> ______________________________ _________________ > > >>>>> keycloak-user mailing list > > >>>>> keycloak-user at lists.jboss.org > > >>>> > > >>>> > > >>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > > >>>>> > > >>>> > > >>>> -- > > >>>> Bill Burke > > >>>> JBoss, a division of Red Hat > > >>>> http://bill.burkecentral.com > > >>>> ______________________________ _________________ > > >>>> keycloak-user mailing list > > >>>> keycloak-user at lists.jboss.org jboss.org > > > >>>> > > >>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> -- > > >>>> Rodrigo Sasaki > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> -- > > >>>> Rodrigo Sasaki > > >>>> > > >>>> -- > > >>>> Bill Burke > > >>>> JBoss, a division of Red Hat > > >>>> http://bill.burkecentral.com > > >>>> > > >>>> > > >>>> > > >>>> -- > > >>>> Rodrigo Sasaki > > >>>> > > >>>> > > >>>> > > >>>> -- > > >>>> Rodrigo Sasaki > > >>>> > > >>>> _______________________________________________ > > >>>> keycloak-user mailing list > > >>>> keycloak-user at lists.jboss.org > > >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user > > >>> > > >> > > >> > > >> > > >> -- > > >> Rodrigo Sasaki > > >> > > > > -- > > Bill Burke > > JBoss, a division of Red Hat > > http://bill.burkecentral.com > > > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140725/3d21b734/attachment.html From bburke at redhat.com Fri Jul 25 09:17:51 2014 From: bburke at redhat.com (Bill Burke) Date: Fri, 25 Jul 2014 09:17:51 -0400 Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: References: <53C6D4F1.1000903@redhat.com> <1116450547.12619264.1405673046766.JavaMail.zimbra@redhat.com> <159610302.17896027.1406279294564.JavaMail.zimbra@redhat.com> <53D2522D.70103@redhat.com> <1290685740.18033745.1406292960847.JavaMail.zimbra@redhat.com> Message-ID: <53D258FF.80803@redhat.com> With your flows, I just don't see how you can use Keycloak's SSO features. You have to be able to redirect the browser to the Keycloak Server, otherwise the SSO cookie can't be checked to see if the user is already logged in. You can't do social login without redirects either. On 7/25/2014 9:08 AM, Rodrigo Sasaki wrote: > Actually, the main problem is one of the flows where the password > request appears in a popup, there's no redirect at all, and one of the > things that were agreed upon when decided to change the authentication > provider, was that nothing would be altered in the user experience. > > So I really have to try and make keycloak "fit in" in these particular > scenarios, they are not used as much as the ones where we'll use the > keycloak login page with our own style, but I do have to make them work. > > When you say I could use direct grant to get a token, would that count > as the same as an user logging in? It's not really clear to me right now > > > On Fri, Jul 25, 2014 at 9:56 AM, Stian Thorgersen > wrote: > > Yes, but I'm wondering why the following won't work: > > 1. Ask for users email (in your app, not KC) > 2. Once you get to the flow where a user has to login: > a) If user doesn't exist in KC (you can use admin endpoints to > check this) redirect to registration page on KC with email already > entered > b) If user does exist in KC redirect to login page again with > email already entered > 3. Redirect back to app > > ----- Original Message ----- > > From: "Bill Burke" > > > To: "Stian Thorgersen" >, "Rodrigo Sasaki" > > > > Cc: keycloak-user at lists.jboss.org > > > Sent: Friday, 25 July, 2014 1:48:45 PM > > Subject: Re: [keycloak-user] Authenticate user without using > login page > > > > It is because their first login screen is just something asking > for an > > email. If the email doesn't exist as a user, they want a redirect to > > the register page. > > > > On 7/25/2014 5:08 AM, Stian Thorgersen wrote: > > > Yes, you can use the direct grant to retrieve a token. > > > > > > I'd like to know why redirecting to the login form, when styled > to match > > > your website, and using login_hint to pre-fill username/email > doesn't > > > work. Maybe there's something we can do so that you can still > use the > > > "proper" flow? > > > > > > ----- Original Message ----- > > >> From: "Rodrigo Sasaki" > > > >> To: "Stian Thorgersen" > > > >> Cc: "Bill Burke" >, keycloak-user at lists.jboss.org > > > >> Sent: Thursday, 24 July, 2014 6:13:17 PM > > >> Subject: Re: [keycloak-user] Authenticate user without using > login page > > >> > > >> Sorry to keep insisting on this, but since it's being a huge > showstopper > > >> so > > >> far, I just have to ask. > > >> > > >> If I don't mind trading off SSO and all the other benefits > that the > > >> Keycloak login page provides me, would there be a way for me > to do what I > > >> want? > > >> > > >> > > >> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen > > > > >> wrote: > > >> > > >>> We could add support for login_hint query param so you can > have the > > >>> username/email field on the login form pre-filled for the > user, so once a > > >>> user has to authenticate you redirect to login on KC and all > they would > > >>> have to do is enter their password. > > >>> > > >>> If you bypass the login forms you'd loose SSO, multi-factor > support, > > >>> required actions, recover password, etc, etc, etc.. > > >>> > > >>> As Bill mentioned we provide very flexible login forms that > can be > > >>> templated using either just css or even FreeMarker templates > if you need > > >>> a > > >>> lot of customization, so you should be able to make the login > form > > >>> integrate well with your website. > > >>> > > >>> ----- Original Message ----- > > >>>> From: "Rodrigo Sasaki" > > > >>>> To: "Bill Burke" > > > >>>> Cc: keycloak-user at lists.jboss.org > > > >>>> Sent: Thursday, 17 July, 2014 6:52:08 PM > > >>>> Subject: Re: [keycloak-user] Authenticate user without using > login page > > >>>> > > >>>> You think there could be a way to do this within keycloak > itself? > > >>>> > > >>>> > > >>>> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < > > >>> rodrigopsasaki at gmail.com > > > >>>> wrote: > > >>>> > > >>>> > > >>>> > > >>>> I'll give you an example: > > >>>> > > >>>> We have a situation in our website where we only ask for the > user's > > >>> e-mail, > > >>>> and he can go on with the flow. > > >>>> > > >>>> On a determined step of the flow, if we identify that this > is an e-mail > > >>> that > > >>>> we already have in our user database, we ask him for his > password, > > >>>> authenticate him, and let him go on, if this e-mail is new, > we redirect > > >>> him > > >>>> to a page where he can register himself, and after that > continue on. > > >>>> > > >>>> On this specific case and others, we wouldn't like to have > to redirect > > >>> him to > > >>>> keycloak, because that would interrupt the flow that we > designed. > > >>>> > > >>>> > > >>>> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < > bburke at redhat.com > wrote: > > >>>> > > >>>> > > >>>> http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ > > >>>> userguide/html/direct-access- grants.html > > >>>> > > >>>> If you have to do it this way, please let us know why. Maybe > we can > > >>> solve the > > >>>> issue within keycloak itself. > > >>>> > > >>>> > > >>>> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: > > >>>> > > >>>> > > >>>> > > >>>> Just for the sake of conversation, if I did want to handle > my own login > > >>>> page, would there be a way for me to do it? > > >>>> > > >>>> > > >>>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki > > >>>> < rodrigopsasaki at gmail.com > > wrote: > > >>>> > > >>>> I don't want to miss out on all of that, which is why we're > mostly > > >>>> migrating everything to use keycloak that way. > > >>>> > > >>>> It's just that we have cases that are so specific, that it > would be > > >>>> better to authenticate the user in a different manner, > create the > > >>>> user session and everything, without redirecting. > > >>>> > > >>>> I'll have a look at that code. Thanks! > > >>>> > > >>>> > > >>>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < > bburke at redhat.com > > >>>> >> wrote: > > >>>> > > >>>> If you want to handle your own login pages, IMO, you are missing > > >>>> out on > > >>>> a lot of Keycloak features. Specifically: > > >>>> > > >>>> * SSO > > >>>> * forgot password > > >>>> * admin forced credential reset/setup > > >>>> > > >>>> > > >>>> Login pages can be styled however you like to look like your > > >>>> application. > > >>>> > > >>>> There is a REST api for obtaining an access token. Here is an > > >>>> example: > > >>>> > > >>>> https://github.com/keycloak/ keycloak/blob/master/examples/ > > >>>> demo-template/admin-access- app/src/main/java/org/ > > >>>> keycloak/example/AdminClient. java > > >>>> > > >>>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: > > >>>>> Is there a way to authenticate the user without having to > > >>>> input username > > >>>>> and password on the login page? > > >>>>> > > >>>>> For example: > > >>>>> > > >>>>> Say there's a situation in my application where I request the > > >>>> user for > > >>>>> his username and password, and I wouldn't like to redirect > > >>>> that to the > > >>>>> keycloak login page to authenticate him, would there be a way > > >>>> for me to > > >>>>> do that? > > >>>>> > > >>>>> -- > > >>>>> Rodrigo Sasaki > > >>>>> > > >>>>> > > >>>>> ______________________________ _________________ > > >>>>> keycloak-user mailing list > > >>>>> keycloak-user at lists.jboss.org > > > >>>> > > > >>>> > > >>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > > >>>>> > > >>>> > > >>>> -- > > >>>> Bill Burke > > >>>> JBoss, a division of Red Hat > > >>>> http://bill.burkecentral.com > > >>>> ______________________________ _________________ > > >>>> keycloak-user mailing list > > >>>> keycloak-user at lists.jboss.org > jboss.org > > > >>>> > > >>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> -- > > >>>> Rodrigo Sasaki > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> -- > > >>>> Rodrigo Sasaki > > >>>> > > >>>> -- > > >>>> Bill Burke > > >>>> JBoss, a division of Red Hat > > >>>> http://bill.burkecentral.com > > >>>> > > >>>> > > >>>> > > >>>> -- > > >>>> Rodrigo Sasaki > > >>>> > > >>>> > > >>>> > > >>>> -- > > >>>> Rodrigo Sasaki > > >>>> > > >>>> _______________________________________________ > > >>>> keycloak-user mailing list > > >>>> keycloak-user at lists.jboss.org > > > >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user > > >>> > > >> > > >> > > >> > > >> -- > > >> Rodrigo Sasaki > > >> > > > > -- > > Bill Burke > > JBoss, a division of Red Hat > > http://bill.burkecentral.com > > > > > > > -- > Rodrigo Sasaki -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From stian at redhat.com Fri Jul 25 09:21:08 2014 From: stian at redhat.com (Stian Thorgersen) Date: Fri, 25 Jul 2014 09:21:08 -0400 (EDT) Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: References: <1116450547.12619264.1405673046766.JavaMail.zimbra@redhat.com> <159610302.17896027.1406279294564.JavaMail.zimbra@redhat.com> <53D2522D.70103@redhat.com> <1290685740.18033745.1406292960847.JavaMail.zimbra@redhat.com> Message-ID: <1238071501.18052800.1406294468909.JavaMail.zimbra@redhat.com> What about using an iframe in the popup to include the login form from Keycloak? You can send a HTTP POST to /auth-server//tokens/grants/access with client id/secret and username/password and get a token back. With keycloak.js you can give it this token, not sure how/if this flow works with the server-side (Undertow) adapter. ----- Original Message ----- > From: "Rodrigo Sasaki" > To: "Stian Thorgersen" > Cc: "Bill Burke" , keycloak-user at lists.jboss.org > Sent: Friday, 25 July, 2014 2:08:43 PM > Subject: Re: [keycloak-user] Authenticate user without using login page > > Actually, the main problem is one of the flows where the password request > appears in a popup, there's no redirect at all, and one of the things that > were agreed upon when decided to change the authentication provider, was > that nothing would be altered in the user experience. > > So I really have to try and make keycloak "fit in" in these particular > scenarios, they are not used as much as the ones where we'll use the > keycloak login page with our own style, but I do have to make them work. > > When you say I could use direct grant to get a token, would that count as > the same as an user logging in? It's not really clear to me right now > > > On Fri, Jul 25, 2014 at 9:56 AM, Stian Thorgersen wrote: > > > Yes, but I'm wondering why the following won't work: > > > > 1. Ask for users email (in your app, not KC) > > 2. Once you get to the flow where a user has to login: > > a) If user doesn't exist in KC (you can use admin endpoints to check > > this) redirect to registration page on KC with email already entered > > b) If user does exist in KC redirect to login page again with email > > already entered > > 3. Redirect back to app > > > > ----- Original Message ----- > > > From: "Bill Burke" > > > To: "Stian Thorgersen" , "Rodrigo Sasaki" < > > rodrigopsasaki at gmail.com> > > > Cc: keycloak-user at lists.jboss.org > > > Sent: Friday, 25 July, 2014 1:48:45 PM > > > Subject: Re: [keycloak-user] Authenticate user without using login page > > > > > > It is because their first login screen is just something asking for an > > > email. If the email doesn't exist as a user, they want a redirect to > > > the register page. > > > > > > On 7/25/2014 5:08 AM, Stian Thorgersen wrote: > > > > Yes, you can use the direct grant to retrieve a token. > > > > > > > > I'd like to know why redirecting to the login form, when styled to > > match > > > > your website, and using login_hint to pre-fill username/email doesn't > > > > work. Maybe there's something we can do so that you can still use the > > > > "proper" flow? > > > > > > > > ----- Original Message ----- > > > >> From: "Rodrigo Sasaki" > > > >> To: "Stian Thorgersen" > > > >> Cc: "Bill Burke" , keycloak-user at lists.jboss.org > > > >> Sent: Thursday, 24 July, 2014 6:13:17 PM > > > >> Subject: Re: [keycloak-user] Authenticate user without using login > > page > > > >> > > > >> Sorry to keep insisting on this, but since it's being a huge > > showstopper > > > >> so > > > >> far, I just have to ask. > > > >> > > > >> If I don't mind trading off SSO and all the other benefits that the > > > >> Keycloak login page provides me, would there be a way for me to do > > what I > > > >> want? > > > >> > > > >> > > > >> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen > > > >> wrote: > > > >> > > > >>> We could add support for login_hint query param so you can have the > > > >>> username/email field on the login form pre-filled for the user, so > > once a > > > >>> user has to authenticate you redirect to login on KC and all they > > would > > > >>> have to do is enter their password. > > > >>> > > > >>> If you bypass the login forms you'd loose SSO, multi-factor support, > > > >>> required actions, recover password, etc, etc, etc.. > > > >>> > > > >>> As Bill mentioned we provide very flexible login forms that can be > > > >>> templated using either just css or even FreeMarker templates if you > > need > > > >>> a > > > >>> lot of customization, so you should be able to make the login form > > > >>> integrate well with your website. > > > >>> > > > >>> ----- Original Message ----- > > > >>>> From: "Rodrigo Sasaki" > > > >>>> To: "Bill Burke" > > > >>>> Cc: keycloak-user at lists.jboss.org > > > >>>> Sent: Thursday, 17 July, 2014 6:52:08 PM > > > >>>> Subject: Re: [keycloak-user] Authenticate user without using login > > page > > > >>>> > > > >>>> You think there could be a way to do this within keycloak itself? > > > >>>> > > > >>>> > > > >>>> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < > > > >>> rodrigopsasaki at gmail.com > > > > >>>> wrote: > > > >>>> > > > >>>> > > > >>>> > > > >>>> I'll give you an example: > > > >>>> > > > >>>> We have a situation in our website where we only ask for the user's > > > >>> e-mail, > > > >>>> and he can go on with the flow. > > > >>>> > > > >>>> On a determined step of the flow, if we identify that this is an > > e-mail > > > >>> that > > > >>>> we already have in our user database, we ask him for his password, > > > >>>> authenticate him, and let him go on, if this e-mail is new, we > > redirect > > > >>> him > > > >>>> to a page where he can register himself, and after that continue on. > > > >>>> > > > >>>> On this specific case and others, we wouldn't like to have to > > redirect > > > >>> him to > > > >>>> keycloak, because that would interrupt the flow that we designed. > > > >>>> > > > >>>> > > > >>>> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < bburke at redhat.com > > > wrote: > > > >>>> > > > >>>> > > > >>>> http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ > > > >>>> userguide/html/direct-access- grants.html > > > >>>> > > > >>>> If you have to do it this way, please let us know why. Maybe we can > > > >>> solve the > > > >>>> issue within keycloak itself. > > > >>>> > > > >>>> > > > >>>> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: > > > >>>> > > > >>>> > > > >>>> > > > >>>> Just for the sake of conversation, if I did want to handle my own > > login > > > >>>> page, would there be a way for me to do it? > > > >>>> > > > >>>> > > > >>>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki > > > >>>> < rodrigopsasaki at gmail.com > > > wrote: > > > >>>> > > > >>>> I don't want to miss out on all of that, which is why we're mostly > > > >>>> migrating everything to use keycloak that way. > > > >>>> > > > >>>> It's just that we have cases that are so specific, that it would be > > > >>>> better to authenticate the user in a different manner, create the > > > >>>> user session and everything, without redirecting. > > > >>>> > > > >>>> I'll have a look at that code. Thanks! > > > >>>> > > > >>>> > > > >>>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < bburke at redhat.com > > > >>>> > wrote: > > > >>>> > > > >>>> If you want to handle your own login pages, IMO, you are missing > > > >>>> out on > > > >>>> a lot of Keycloak features. Specifically: > > > >>>> > > > >>>> * SSO > > > >>>> * forgot password > > > >>>> * admin forced credential reset/setup > > > >>>> > > > >>>> > > > >>>> Login pages can be styled however you like to look like your > > > >>>> application. > > > >>>> > > > >>>> There is a REST api for obtaining an access token. Here is an > > > >>>> example: > > > >>>> > > > >>>> https://github.com/keycloak/ keycloak/blob/master/examples/ > > > >>>> demo-template/admin-access- app/src/main/java/org/ > > > >>>> keycloak/example/AdminClient. java > > > >>>> > > > >>>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: > > > >>>>> Is there a way to authenticate the user without having to > > > >>>> input username > > > >>>>> and password on the login page? > > > >>>>> > > > >>>>> For example: > > > >>>>> > > > >>>>> Say there's a situation in my application where I request the > > > >>>> user for > > > >>>>> his username and password, and I wouldn't like to redirect > > > >>>> that to the > > > >>>>> keycloak login page to authenticate him, would there be a way > > > >>>> for me to > > > >>>>> do that? > > > >>>>> > > > >>>>> -- > > > >>>>> Rodrigo Sasaki > > > >>>>> > > > >>>>> > > > >>>>> ______________________________ _________________ > > > >>>>> keycloak-user mailing list > > > >>>>> keycloak-user at lists.jboss.org > > > >>>> > > > >>>> > > > >>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > > > >>>>> > > > >>>> > > > >>>> -- > > > >>>> Bill Burke > > > >>>> JBoss, a division of Red Hat > > > >>>> http://bill.burkecentral.com > > > >>>> ______________________________ _________________ > > > >>>> keycloak-user mailing list > > > >>>> keycloak-user at lists.jboss.org > jboss.org > > > > >>>> > > > >>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > > > >>>> > > > >>>> > > > >>>> > > > >>>> > > > >>>> -- > > > >>>> Rodrigo Sasaki > > > >>>> > > > >>>> > > > >>>> > > > >>>> > > > >>>> -- > > > >>>> Rodrigo Sasaki > > > >>>> > > > >>>> -- > > > >>>> Bill Burke > > > >>>> JBoss, a division of Red Hat > > > >>>> http://bill.burkecentral.com > > > >>>> > > > >>>> > > > >>>> > > > >>>> -- > > > >>>> Rodrigo Sasaki > > > >>>> > > > >>>> > > > >>>> > > > >>>> -- > > > >>>> Rodrigo Sasaki > > > >>>> > > > >>>> _______________________________________________ > > > >>>> keycloak-user mailing list > > > >>>> keycloak-user at lists.jboss.org > > > >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user > > > >>> > > > >> > > > >> > > > >> > > > >> -- > > > >> Rodrigo Sasaki > > > >> > > > > > > -- > > > Bill Burke > > > JBoss, a division of Red Hat > > > http://bill.burkecentral.com > > > > > > > > > -- > Rodrigo Sasaki > From bburke at redhat.com Fri Jul 25 09:23:14 2014 From: bburke at redhat.com (Bill Burke) Date: Fri, 25 Jul 2014 09:23:14 -0400 Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: <1238071501.18052800.1406294468909.JavaMail.zimbra@redhat.com> References: <1116450547.12619264.1405673046766.JavaMail.zimbra@redhat.com> <159610302.17896027.1406279294564.JavaMail.zimbra@redhat.com> <53D2522D.70103@redhat.com> <1290685740.18033745.1406292960847.JavaMail.zimbra@redhat.com> <1238071501.18052800.1406294468909.JavaMail.zimbra@redhat.com> Message-ID: <53D25A42.9010604@redhat.com> not sure this will work with SSO. I'm not sure CORS requests can deal with cookies. On 7/25/2014 9:21 AM, Stian Thorgersen wrote: > What about using an iframe in the popup to include the login form from Keycloak? > > You can send a HTTP POST to /auth-server//tokens/grants/access with client id/secret and username/password and get a token back. With keycloak.js you can give it this token, not sure how/if this flow works with the server-side (Undertow) adapter. > > ----- Original Message ----- >> From: "Rodrigo Sasaki" >> To: "Stian Thorgersen" >> Cc: "Bill Burke" , keycloak-user at lists.jboss.org >> Sent: Friday, 25 July, 2014 2:08:43 PM >> Subject: Re: [keycloak-user] Authenticate user without using login page >> >> Actually, the main problem is one of the flows where the password request >> appears in a popup, there's no redirect at all, and one of the things that >> were agreed upon when decided to change the authentication provider, was >> that nothing would be altered in the user experience. >> >> So I really have to try and make keycloak "fit in" in these particular >> scenarios, they are not used as much as the ones where we'll use the >> keycloak login page with our own style, but I do have to make them work. >> >> When you say I could use direct grant to get a token, would that count as >> the same as an user logging in? It's not really clear to me right now >> >> >> On Fri, Jul 25, 2014 at 9:56 AM, Stian Thorgersen wrote: >> >>> Yes, but I'm wondering why the following won't work: >>> >>> 1. Ask for users email (in your app, not KC) >>> 2. Once you get to the flow where a user has to login: >>> a) If user doesn't exist in KC (you can use admin endpoints to check >>> this) redirect to registration page on KC with email already entered >>> b) If user does exist in KC redirect to login page again with email >>> already entered >>> 3. Redirect back to app >>> >>> ----- Original Message ----- >>>> From: "Bill Burke" >>>> To: "Stian Thorgersen" , "Rodrigo Sasaki" < >>> rodrigopsasaki at gmail.com> >>>> Cc: keycloak-user at lists.jboss.org >>>> Sent: Friday, 25 July, 2014 1:48:45 PM >>>> Subject: Re: [keycloak-user] Authenticate user without using login page >>>> >>>> It is because their first login screen is just something asking for an >>>> email. If the email doesn't exist as a user, they want a redirect to >>>> the register page. >>>> >>>> On 7/25/2014 5:08 AM, Stian Thorgersen wrote: >>>>> Yes, you can use the direct grant to retrieve a token. >>>>> >>>>> I'd like to know why redirecting to the login form, when styled to >>> match >>>>> your website, and using login_hint to pre-fill username/email doesn't >>>>> work. Maybe there's something we can do so that you can still use the >>>>> "proper" flow? >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Rodrigo Sasaki" >>>>>> To: "Stian Thorgersen" >>>>>> Cc: "Bill Burke" , keycloak-user at lists.jboss.org >>>>>> Sent: Thursday, 24 July, 2014 6:13:17 PM >>>>>> Subject: Re: [keycloak-user] Authenticate user without using login >>> page >>>>>> >>>>>> Sorry to keep insisting on this, but since it's being a huge >>> showstopper >>>>>> so >>>>>> far, I just have to ask. >>>>>> >>>>>> If I don't mind trading off SSO and all the other benefits that the >>>>>> Keycloak login page provides me, would there be a way for me to do >>> what I >>>>>> want? >>>>>> >>>>>> >>>>>> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen >>>>>> wrote: >>>>>> >>>>>>> We could add support for login_hint query param so you can have the >>>>>>> username/email field on the login form pre-filled for the user, so >>> once a >>>>>>> user has to authenticate you redirect to login on KC and all they >>> would >>>>>>> have to do is enter their password. >>>>>>> >>>>>>> If you bypass the login forms you'd loose SSO, multi-factor support, >>>>>>> required actions, recover password, etc, etc, etc.. >>>>>>> >>>>>>> As Bill mentioned we provide very flexible login forms that can be >>>>>>> templated using either just css or even FreeMarker templates if you >>> need >>>>>>> a >>>>>>> lot of customization, so you should be able to make the login form >>>>>>> integrate well with your website. >>>>>>> >>>>>>> ----- Original Message ----- >>>>>>>> From: "Rodrigo Sasaki" >>>>>>>> To: "Bill Burke" >>>>>>>> Cc: keycloak-user at lists.jboss.org >>>>>>>> Sent: Thursday, 17 July, 2014 6:52:08 PM >>>>>>>> Subject: Re: [keycloak-user] Authenticate user without using login >>> page >>>>>>>> >>>>>>>> You think there could be a way to do this within keycloak itself? >>>>>>>> >>>>>>>> >>>>>>>> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < >>>>>>> rodrigopsasaki at gmail.com > >>>>>>>> wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> I'll give you an example: >>>>>>>> >>>>>>>> We have a situation in our website where we only ask for the user's >>>>>>> e-mail, >>>>>>>> and he can go on with the flow. >>>>>>>> >>>>>>>> On a determined step of the flow, if we identify that this is an >>> e-mail >>>>>>> that >>>>>>>> we already have in our user database, we ask him for his password, >>>>>>>> authenticate him, and let him go on, if this e-mail is new, we >>> redirect >>>>>>> him >>>>>>>> to a page where he can register himself, and after that continue on. >>>>>>>> >>>>>>>> On this specific case and others, we wouldn't like to have to >>> redirect >>>>>>> him to >>>>>>>> keycloak, because that would interrupt the flow that we designed. >>>>>>>> >>>>>>>> >>>>>>>> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < bburke at redhat.com > >>> wrote: >>>>>>>> >>>>>>>> >>>>>>>> http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ >>>>>>>> userguide/html/direct-access- grants.html >>>>>>>> >>>>>>>> If you have to do it this way, please let us know why. Maybe we can >>>>>>> solve the >>>>>>>> issue within keycloak itself. >>>>>>>> >>>>>>>> >>>>>>>> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Just for the sake of conversation, if I did want to handle my own >>> login >>>>>>>> page, would there be a way for me to do it? >>>>>>>> >>>>>>>> >>>>>>>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki >>>>>>>> < rodrigopsasaki at gmail.com > >>> wrote: >>>>>>>> >>>>>>>> I don't want to miss out on all of that, which is why we're mostly >>>>>>>> migrating everything to use keycloak that way. >>>>>>>> >>>>>>>> It's just that we have cases that are so specific, that it would be >>>>>>>> better to authenticate the user in a different manner, create the >>>>>>>> user session and everything, without redirecting. >>>>>>>> >>>>>>>> I'll have a look at that code. Thanks! >>>>>>>> >>>>>>>> >>>>>>>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < bburke at redhat.com >>>>>>>> > wrote: >>>>>>>> >>>>>>>> If you want to handle your own login pages, IMO, you are missing >>>>>>>> out on >>>>>>>> a lot of Keycloak features. Specifically: >>>>>>>> >>>>>>>> * SSO >>>>>>>> * forgot password >>>>>>>> * admin forced credential reset/setup >>>>>>>> >>>>>>>> >>>>>>>> Login pages can be styled however you like to look like your >>>>>>>> application. >>>>>>>> >>>>>>>> There is a REST api for obtaining an access token. Here is an >>>>>>>> example: >>>>>>>> >>>>>>>> https://github.com/keycloak/ keycloak/blob/master/examples/ >>>>>>>> demo-template/admin-access- app/src/main/java/org/ >>>>>>>> keycloak/example/AdminClient. java >>>>>>>> >>>>>>>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: >>>>>>>>> Is there a way to authenticate the user without having to >>>>>>>> input username >>>>>>>>> and password on the login page? >>>>>>>>> >>>>>>>>> For example: >>>>>>>>> >>>>>>>>> Say there's a situation in my application where I request the >>>>>>>> user for >>>>>>>>> his username and password, and I wouldn't like to redirect >>>>>>>> that to the >>>>>>>>> keycloak login page to authenticate him, would there be a way >>>>>>>> for me to >>>>>>>>> do that? >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Rodrigo Sasaki >>>>>>>>> >>>>>>>>> >>>>>>>>> ______________________________ _________________ >>>>>>>>> keycloak-user mailing list >>>>>>>>> keycloak-user at lists.jboss.org >>>>>>>> >>>>>>>> >>>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Bill Burke >>>>>>>> JBoss, a division of Red Hat >>>>>>>> http://bill.burkecentral.com >>>>>>>> ______________________________ _________________ >>>>>>>> keycloak-user mailing list >>>>>>>> keycloak-user at lists.jboss.org >> jboss.org > >>>>>>>> >>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Rodrigo Sasaki >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Rodrigo Sasaki >>>>>>>> >>>>>>>> -- >>>>>>>> Bill Burke >>>>>>>> JBoss, a division of Red Hat >>>>>>>> http://bill.burkecentral.com >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Rodrigo Sasaki >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Rodrigo Sasaki >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> keycloak-user mailing list >>>>>>>> keycloak-user at lists.jboss.org >>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Rodrigo Sasaki >>>>>> >>>> >>>> -- >>>> Bill Burke >>>> JBoss, a division of Red Hat >>>> http://bill.burkecentral.com >>>> >>> >> >> >> >> -- >> Rodrigo Sasaki >> -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From stian at redhat.com Fri Jul 25 09:30:44 2014 From: stian at redhat.com (Stian Thorgersen) Date: Fri, 25 Jul 2014 09:30:44 -0400 (EDT) Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: <53D25A42.9010604@redhat.com> References: <159610302.17896027.1406279294564.JavaMail.zimbra@redhat.com> <53D2522D.70103@redhat.com> <1290685740.18033745.1406292960847.JavaMail.zimbra@redhat.com> <1238071501.18052800.1406294468909.JavaMail.zimbra@redhat.com> <53D25A42.9010604@redhat.com> Message-ID: <455123582.18060022.1406295044131.JavaMail.zimbra@redhat.com> The cookies should be set fine, as the iframe would contain the login page directly from Keycloak. It would redirect to a special page on the app that after extracting the code would close the popup. ----- Original Message ----- > From: "Bill Burke" > To: "Stian Thorgersen" , "Rodrigo Sasaki" > Cc: keycloak-user at lists.jboss.org > Sent: Friday, 25 July, 2014 2:23:14 PM > Subject: Re: [keycloak-user] Authenticate user without using login page > > not sure this will work with SSO. I'm not sure CORS requests can deal > with cookies. > > On 7/25/2014 9:21 AM, Stian Thorgersen wrote: > > What about using an iframe in the popup to include the login form from > > Keycloak? > > > > You can send a HTTP POST to /auth-server//tokens/grants/access with > > client id/secret and username/password and get a token back. With > > keycloak.js you can give it this token, not sure how/if this flow works > > with the server-side (Undertow) adapter. > > > > ----- Original Message ----- > >> From: "Rodrigo Sasaki" > >> To: "Stian Thorgersen" > >> Cc: "Bill Burke" , keycloak-user at lists.jboss.org > >> Sent: Friday, 25 July, 2014 2:08:43 PM > >> Subject: Re: [keycloak-user] Authenticate user without using login page > >> > >> Actually, the main problem is one of the flows where the password request > >> appears in a popup, there's no redirect at all, and one of the things that > >> were agreed upon when decided to change the authentication provider, was > >> that nothing would be altered in the user experience. > >> > >> So I really have to try and make keycloak "fit in" in these particular > >> scenarios, they are not used as much as the ones where we'll use the > >> keycloak login page with our own style, but I do have to make them work. > >> > >> When you say I could use direct grant to get a token, would that count as > >> the same as an user logging in? It's not really clear to me right now > >> > >> > >> On Fri, Jul 25, 2014 at 9:56 AM, Stian Thorgersen > >> wrote: > >> > >>> Yes, but I'm wondering why the following won't work: > >>> > >>> 1. Ask for users email (in your app, not KC) > >>> 2. Once you get to the flow where a user has to login: > >>> a) If user doesn't exist in KC (you can use admin endpoints to check > >>> this) redirect to registration page on KC with email already entered > >>> b) If user does exist in KC redirect to login page again with email > >>> already entered > >>> 3. Redirect back to app > >>> > >>> ----- Original Message ----- > >>>> From: "Bill Burke" > >>>> To: "Stian Thorgersen" , "Rodrigo Sasaki" < > >>> rodrigopsasaki at gmail.com> > >>>> Cc: keycloak-user at lists.jboss.org > >>>> Sent: Friday, 25 July, 2014 1:48:45 PM > >>>> Subject: Re: [keycloak-user] Authenticate user without using login page > >>>> > >>>> It is because their first login screen is just something asking for an > >>>> email. If the email doesn't exist as a user, they want a redirect to > >>>> the register page. > >>>> > >>>> On 7/25/2014 5:08 AM, Stian Thorgersen wrote: > >>>>> Yes, you can use the direct grant to retrieve a token. > >>>>> > >>>>> I'd like to know why redirecting to the login form, when styled to > >>> match > >>>>> your website, and using login_hint to pre-fill username/email doesn't > >>>>> work. Maybe there's something we can do so that you can still use the > >>>>> "proper" flow? > >>>>> > >>>>> ----- Original Message ----- > >>>>>> From: "Rodrigo Sasaki" > >>>>>> To: "Stian Thorgersen" > >>>>>> Cc: "Bill Burke" , keycloak-user at lists.jboss.org > >>>>>> Sent: Thursday, 24 July, 2014 6:13:17 PM > >>>>>> Subject: Re: [keycloak-user] Authenticate user without using login > >>> page > >>>>>> > >>>>>> Sorry to keep insisting on this, but since it's being a huge > >>> showstopper > >>>>>> so > >>>>>> far, I just have to ask. > >>>>>> > >>>>>> If I don't mind trading off SSO and all the other benefits that the > >>>>>> Keycloak login page provides me, would there be a way for me to do > >>> what I > >>>>>> want? > >>>>>> > >>>>>> > >>>>>> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen > >>>>>> wrote: > >>>>>> > >>>>>>> We could add support for login_hint query param so you can have the > >>>>>>> username/email field on the login form pre-filled for the user, so > >>> once a > >>>>>>> user has to authenticate you redirect to login on KC and all they > >>> would > >>>>>>> have to do is enter their password. > >>>>>>> > >>>>>>> If you bypass the login forms you'd loose SSO, multi-factor support, > >>>>>>> required actions, recover password, etc, etc, etc.. > >>>>>>> > >>>>>>> As Bill mentioned we provide very flexible login forms that can be > >>>>>>> templated using either just css or even FreeMarker templates if you > >>> need > >>>>>>> a > >>>>>>> lot of customization, so you should be able to make the login form > >>>>>>> integrate well with your website. > >>>>>>> > >>>>>>> ----- Original Message ----- > >>>>>>>> From: "Rodrigo Sasaki" > >>>>>>>> To: "Bill Burke" > >>>>>>>> Cc: keycloak-user at lists.jboss.org > >>>>>>>> Sent: Thursday, 17 July, 2014 6:52:08 PM > >>>>>>>> Subject: Re: [keycloak-user] Authenticate user without using login > >>> page > >>>>>>>> > >>>>>>>> You think there could be a way to do this within keycloak itself? > >>>>>>>> > >>>>>>>> > >>>>>>>> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < > >>>>>>> rodrigopsasaki at gmail.com > > >>>>>>>> wrote: > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> I'll give you an example: > >>>>>>>> > >>>>>>>> We have a situation in our website where we only ask for the user's > >>>>>>> e-mail, > >>>>>>>> and he can go on with the flow. > >>>>>>>> > >>>>>>>> On a determined step of the flow, if we identify that this is an > >>> e-mail > >>>>>>> that > >>>>>>>> we already have in our user database, we ask him for his password, > >>>>>>>> authenticate him, and let him go on, if this e-mail is new, we > >>> redirect > >>>>>>> him > >>>>>>>> to a page where he can register himself, and after that continue on. > >>>>>>>> > >>>>>>>> On this specific case and others, we wouldn't like to have to > >>> redirect > >>>>>>> him to > >>>>>>>> keycloak, because that would interrupt the flow that we designed. > >>>>>>>> > >>>>>>>> > >>>>>>>> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < bburke at redhat.com > > >>> wrote: > >>>>>>>> > >>>>>>>> > >>>>>>>> http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ > >>>>>>>> userguide/html/direct-access- grants.html > >>>>>>>> > >>>>>>>> If you have to do it this way, please let us know why. Maybe we can > >>>>>>> solve the > >>>>>>>> issue within keycloak itself. > >>>>>>>> > >>>>>>>> > >>>>>>>> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> Just for the sake of conversation, if I did want to handle my own > >>> login > >>>>>>>> page, would there be a way for me to do it? > >>>>>>>> > >>>>>>>> > >>>>>>>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki > >>>>>>>> < rodrigopsasaki at gmail.com > > >>> wrote: > >>>>>>>> > >>>>>>>> I don't want to miss out on all of that, which is why we're mostly > >>>>>>>> migrating everything to use keycloak that way. > >>>>>>>> > >>>>>>>> It's just that we have cases that are so specific, that it would be > >>>>>>>> better to authenticate the user in a different manner, create the > >>>>>>>> user session and everything, without redirecting. > >>>>>>>> > >>>>>>>> I'll have a look at that code. Thanks! > >>>>>>>> > >>>>>>>> > >>>>>>>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < bburke at redhat.com > >>>>>>>> > wrote: > >>>>>>>> > >>>>>>>> If you want to handle your own login pages, IMO, you are missing > >>>>>>>> out on > >>>>>>>> a lot of Keycloak features. Specifically: > >>>>>>>> > >>>>>>>> * SSO > >>>>>>>> * forgot password > >>>>>>>> * admin forced credential reset/setup > >>>>>>>> > >>>>>>>> > >>>>>>>> Login pages can be styled however you like to look like your > >>>>>>>> application. > >>>>>>>> > >>>>>>>> There is a REST api for obtaining an access token. Here is an > >>>>>>>> example: > >>>>>>>> > >>>>>>>> https://github.com/keycloak/ keycloak/blob/master/examples/ > >>>>>>>> demo-template/admin-access- app/src/main/java/org/ > >>>>>>>> keycloak/example/AdminClient. java > >>>>>>>> > >>>>>>>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: > >>>>>>>>> Is there a way to authenticate the user without having to > >>>>>>>> input username > >>>>>>>>> and password on the login page? > >>>>>>>>> > >>>>>>>>> For example: > >>>>>>>>> > >>>>>>>>> Say there's a situation in my application where I request the > >>>>>>>> user for > >>>>>>>>> his username and password, and I wouldn't like to redirect > >>>>>>>> that to the > >>>>>>>>> keycloak login page to authenticate him, would there be a way > >>>>>>>> for me to > >>>>>>>>> do that? > >>>>>>>>> > >>>>>>>>> -- > >>>>>>>>> Rodrigo Sasaki > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> ______________________________ _________________ > >>>>>>>>> keycloak-user mailing list > >>>>>>>>> keycloak-user at lists.jboss.org > >>>>>>>> > >>>>>>>> > >>>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > >>>>>>>>> > >>>>>>>> > >>>>>>>> -- > >>>>>>>> Bill Burke > >>>>>>>> JBoss, a division of Red Hat > >>>>>>>> http://bill.burkecentral.com > >>>>>>>> ______________________________ _________________ > >>>>>>>> keycloak-user mailing list > >>>>>>>> keycloak-user at lists.jboss.org >>> jboss.org > > >>>>>>>> > >>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> -- > >>>>>>>> Rodrigo Sasaki > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> -- > >>>>>>>> Rodrigo Sasaki > >>>>>>>> > >>>>>>>> -- > >>>>>>>> Bill Burke > >>>>>>>> JBoss, a division of Red Hat > >>>>>>>> http://bill.burkecentral.com > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> -- > >>>>>>>> Rodrigo Sasaki > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> -- > >>>>>>>> Rodrigo Sasaki > >>>>>>>> > >>>>>>>> _______________________________________________ > >>>>>>>> keycloak-user mailing list > >>>>>>>> keycloak-user at lists.jboss.org > >>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user > >>>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> -- > >>>>>> Rodrigo Sasaki > >>>>>> > >>>> > >>>> -- > >>>> Bill Burke > >>>> JBoss, a division of Red Hat > >>>> http://bill.burkecentral.com > >>>> > >>> > >> > >> > >> > >> -- > >> Rodrigo Sasaki > >> > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > From stian at redhat.com Fri Jul 25 09:38:44 2014 From: stian at redhat.com (Stian Thorgersen) Date: Fri, 25 Jul 2014 09:38:44 -0400 (EDT) Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: <455123582.18060022.1406295044131.JavaMail.zimbra@redhat.com> References: <159610302.17896027.1406279294564.JavaMail.zimbra@redhat.com> <53D2522D.70103@redhat.com> <1290685740.18033745.1406292960847.JavaMail.zimbra@redhat.com> <1238071501.18052800.1406294468909.JavaMail.zimbra@redhat.com> <53D25A42.9010604@redhat.com> <455123582.18060022.1406295044131.JavaMail.zimbra@redhat.com> Message-ID: <456387541.18067244.1406295524609.JavaMail.zimbra@redhat.com> I think we could quite easily add support for embedding the login page to keycloak.js. Rough idea: 1. Set an option on keycloak.js to use embedded login form. Would also require setting an id for a div where the form should be embedded. 2. When clicking on login instead of redirecting it would render an iframe element inside the configured div with the src of the iframe being the login page on Keycloak 3. The redirect-uri would be a special url on Keycloak that renders a similar page to the iframe session page that allows posting a message back to keycloak.js containing the code 4. Now keycloak.js can swap the code as usual One thing is that we'd probably need an additional styling of the login form, as you would want the login page to display differently when embedded compared to when you redirect to it. ----- Original Message ----- > From: "Stian Thorgersen" > To: "Bill Burke" > Cc: keycloak-user at lists.jboss.org > Sent: Friday, 25 July, 2014 2:30:44 PM > Subject: Re: [keycloak-user] Authenticate user without using login page > > The cookies should be set fine, as the iframe would contain the login page > directly from Keycloak. > > It would redirect to a special page on the app that after extracting the code > would close the popup. > > ----- Original Message ----- > > From: "Bill Burke" > > To: "Stian Thorgersen" , "Rodrigo Sasaki" > > > > Cc: keycloak-user at lists.jboss.org > > Sent: Friday, 25 July, 2014 2:23:14 PM > > Subject: Re: [keycloak-user] Authenticate user without using login page > > > > not sure this will work with SSO. I'm not sure CORS requests can deal > > with cookies. > > > > On 7/25/2014 9:21 AM, Stian Thorgersen wrote: > > > What about using an iframe in the popup to include the login form from > > > Keycloak? > > > > > > You can send a HTTP POST to /auth-server//tokens/grants/access > > > with > > > client id/secret and username/password and get a token back. With > > > keycloak.js you can give it this token, not sure how/if this flow works > > > with the server-side (Undertow) adapter. > > > > > > ----- Original Message ----- > > >> From: "Rodrigo Sasaki" > > >> To: "Stian Thorgersen" > > >> Cc: "Bill Burke" , keycloak-user at lists.jboss.org > > >> Sent: Friday, 25 July, 2014 2:08:43 PM > > >> Subject: Re: [keycloak-user] Authenticate user without using login page > > >> > > >> Actually, the main problem is one of the flows where the password > > >> request > > >> appears in a popup, there's no redirect at all, and one of the things > > >> that > > >> were agreed upon when decided to change the authentication provider, was > > >> that nothing would be altered in the user experience. > > >> > > >> So I really have to try and make keycloak "fit in" in these particular > > >> scenarios, they are not used as much as the ones where we'll use the > > >> keycloak login page with our own style, but I do have to make them work. > > >> > > >> When you say I could use direct grant to get a token, would that count > > >> as > > >> the same as an user logging in? It's not really clear to me right now > > >> > > >> > > >> On Fri, Jul 25, 2014 at 9:56 AM, Stian Thorgersen > > >> wrote: > > >> > > >>> Yes, but I'm wondering why the following won't work: > > >>> > > >>> 1. Ask for users email (in your app, not KC) > > >>> 2. Once you get to the flow where a user has to login: > > >>> a) If user doesn't exist in KC (you can use admin endpoints to > > >>> check > > >>> this) redirect to registration page on KC with email already entered > > >>> b) If user does exist in KC redirect to login page again with email > > >>> already entered > > >>> 3. Redirect back to app > > >>> > > >>> ----- Original Message ----- > > >>>> From: "Bill Burke" > > >>>> To: "Stian Thorgersen" , "Rodrigo Sasaki" < > > >>> rodrigopsasaki at gmail.com> > > >>>> Cc: keycloak-user at lists.jboss.org > > >>>> Sent: Friday, 25 July, 2014 1:48:45 PM > > >>>> Subject: Re: [keycloak-user] Authenticate user without using login > > >>>> page > > >>>> > > >>>> It is because their first login screen is just something asking for an > > >>>> email. If the email doesn't exist as a user, they want a redirect to > > >>>> the register page. > > >>>> > > >>>> On 7/25/2014 5:08 AM, Stian Thorgersen wrote: > > >>>>> Yes, you can use the direct grant to retrieve a token. > > >>>>> > > >>>>> I'd like to know why redirecting to the login form, when styled to > > >>> match > > >>>>> your website, and using login_hint to pre-fill username/email doesn't > > >>>>> work. Maybe there's something we can do so that you can still use the > > >>>>> "proper" flow? > > >>>>> > > >>>>> ----- Original Message ----- > > >>>>>> From: "Rodrigo Sasaki" > > >>>>>> To: "Stian Thorgersen" > > >>>>>> Cc: "Bill Burke" , keycloak-user at lists.jboss.org > > >>>>>> Sent: Thursday, 24 July, 2014 6:13:17 PM > > >>>>>> Subject: Re: [keycloak-user] Authenticate user without using login > > >>> page > > >>>>>> > > >>>>>> Sorry to keep insisting on this, but since it's being a huge > > >>> showstopper > > >>>>>> so > > >>>>>> far, I just have to ask. > > >>>>>> > > >>>>>> If I don't mind trading off SSO and all the other benefits that the > > >>>>>> Keycloak login page provides me, would there be a way for me to do > > >>> what I > > >>>>>> want? > > >>>>>> > > >>>>>> > > >>>>>> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen > > >>>>>> wrote: > > >>>>>> > > >>>>>>> We could add support for login_hint query param so you can have the > > >>>>>>> username/email field on the login form pre-filled for the user, so > > >>> once a > > >>>>>>> user has to authenticate you redirect to login on KC and all they > > >>> would > > >>>>>>> have to do is enter their password. > > >>>>>>> > > >>>>>>> If you bypass the login forms you'd loose SSO, multi-factor > > >>>>>>> support, > > >>>>>>> required actions, recover password, etc, etc, etc.. > > >>>>>>> > > >>>>>>> As Bill mentioned we provide very flexible login forms that can be > > >>>>>>> templated using either just css or even FreeMarker templates if you > > >>> need > > >>>>>>> a > > >>>>>>> lot of customization, so you should be able to make the login form > > >>>>>>> integrate well with your website. > > >>>>>>> > > >>>>>>> ----- Original Message ----- > > >>>>>>>> From: "Rodrigo Sasaki" > > >>>>>>>> To: "Bill Burke" > > >>>>>>>> Cc: keycloak-user at lists.jboss.org > > >>>>>>>> Sent: Thursday, 17 July, 2014 6:52:08 PM > > >>>>>>>> Subject: Re: [keycloak-user] Authenticate user without using login > > >>> page > > >>>>>>>> > > >>>>>>>> You think there could be a way to do this within keycloak itself? > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < > > >>>>>>> rodrigopsasaki at gmail.com > > > >>>>>>>> wrote: > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> I'll give you an example: > > >>>>>>>> > > >>>>>>>> We have a situation in our website where we only ask for the > > >>>>>>>> user's > > >>>>>>> e-mail, > > >>>>>>>> and he can go on with the flow. > > >>>>>>>> > > >>>>>>>> On a determined step of the flow, if we identify that this is an > > >>> e-mail > > >>>>>>> that > > >>>>>>>> we already have in our user database, we ask him for his password, > > >>>>>>>> authenticate him, and let him go on, if this e-mail is new, we > > >>> redirect > > >>>>>>> him > > >>>>>>>> to a page where he can register himself, and after that continue > > >>>>>>>> on. > > >>>>>>>> > > >>>>>>>> On this specific case and others, we wouldn't like to have to > > >>> redirect > > >>>>>>> him to > > >>>>>>>> keycloak, because that would interrupt the flow that we designed. > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < bburke at redhat.com > > > >>> wrote: > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ > > >>>>>>>> userguide/html/direct-access- grants.html > > >>>>>>>> > > >>>>>>>> If you have to do it this way, please let us know why. Maybe we > > >>>>>>>> can > > >>>>>>> solve the > > >>>>>>>> issue within keycloak itself. > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> Just for the sake of conversation, if I did want to handle my own > > >>> login > > >>>>>>>> page, would there be a way for me to do it? > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki > > >>>>>>>> < rodrigopsasaki at gmail.com > > > >>> wrote: > > >>>>>>>> > > >>>>>>>> I don't want to miss out on all of that, which is why we're mostly > > >>>>>>>> migrating everything to use keycloak that way. > > >>>>>>>> > > >>>>>>>> It's just that we have cases that are so specific, that it would > > >>>>>>>> be > > >>>>>>>> better to authenticate the user in a different manner, create the > > >>>>>>>> user session and everything, without redirecting. > > >>>>>>>> > > >>>>>>>> I'll have a look at that code. Thanks! > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < bburke at redhat.com > > >>>>>>>> > wrote: > > >>>>>>>> > > >>>>>>>> If you want to handle your own login pages, IMO, you are missing > > >>>>>>>> out on > > >>>>>>>> a lot of Keycloak features. Specifically: > > >>>>>>>> > > >>>>>>>> * SSO > > >>>>>>>> * forgot password > > >>>>>>>> * admin forced credential reset/setup > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> Login pages can be styled however you like to look like your > > >>>>>>>> application. > > >>>>>>>> > > >>>>>>>> There is a REST api for obtaining an access token. Here is an > > >>>>>>>> example: > > >>>>>>>> > > >>>>>>>> https://github.com/keycloak/ keycloak/blob/master/examples/ > > >>>>>>>> demo-template/admin-access- app/src/main/java/org/ > > >>>>>>>> keycloak/example/AdminClient. java > > >>>>>>>> > > >>>>>>>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: > > >>>>>>>>> Is there a way to authenticate the user without having to > > >>>>>>>> input username > > >>>>>>>>> and password on the login page? > > >>>>>>>>> > > >>>>>>>>> For example: > > >>>>>>>>> > > >>>>>>>>> Say there's a situation in my application where I request the > > >>>>>>>> user for > > >>>>>>>>> his username and password, and I wouldn't like to redirect > > >>>>>>>> that to the > > >>>>>>>>> keycloak login page to authenticate him, would there be a way > > >>>>>>>> for me to > > >>>>>>>>> do that? > > >>>>>>>>> > > >>>>>>>>> -- > > >>>>>>>>> Rodrigo Sasaki > > >>>>>>>>> > > >>>>>>>>> > > >>>>>>>>> ______________________________ _________________ > > >>>>>>>>> keycloak-user mailing list > > >>>>>>>>> keycloak-user at lists.jboss.org > > >>>>>>>> > > >>>>>>>> > > >>>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > > >>>>>>>>> > > >>>>>>>> > > >>>>>>>> -- > > >>>>>>>> Bill Burke > > >>>>>>>> JBoss, a division of Red Hat > > >>>>>>>> http://bill.burkecentral.com > > >>>>>>>> ______________________________ _________________ > > >>>>>>>> keycloak-user mailing list > > >>>>>>>> keycloak-user at lists.jboss.org > >>> jboss.org > > > >>>>>>>> > > >>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> -- > > >>>>>>>> Rodrigo Sasaki > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> -- > > >>>>>>>> Rodrigo Sasaki > > >>>>>>>> > > >>>>>>>> -- > > >>>>>>>> Bill Burke > > >>>>>>>> JBoss, a division of Red Hat > > >>>>>>>> http://bill.burkecentral.com > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> -- > > >>>>>>>> Rodrigo Sasaki > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> -- > > >>>>>>>> Rodrigo Sasaki > > >>>>>>>> > > >>>>>>>> _______________________________________________ > > >>>>>>>> keycloak-user mailing list > > >>>>>>>> keycloak-user at lists.jboss.org > > >>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user > > >>>>>>> > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> -- > > >>>>>> Rodrigo Sasaki > > >>>>>> > > >>>> > > >>>> -- > > >>>> Bill Burke > > >>>> JBoss, a division of Red Hat > > >>>> http://bill.burkecentral.com > > >>>> > > >>> > > >> > > >> > > >> > > >> -- > > >> Rodrigo Sasaki > > >> > > > > -- > > Bill Burke > > JBoss, a division of Red Hat > > http://bill.burkecentral.com > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > From rodrigopsasaki at gmail.com Fri Jul 25 09:42:40 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Fri, 25 Jul 2014 10:42:40 -0300 Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: <456387541.18067244.1406295524609.JavaMail.zimbra@redhat.com> References: <159610302.17896027.1406279294564.JavaMail.zimbra@redhat.com> <53D2522D.70103@redhat.com> <1290685740.18033745.1406292960847.JavaMail.zimbra@redhat.com> <1238071501.18052800.1406294468909.JavaMail.zimbra@redhat.com> <53D25A42.9010604@redhat.com> <455123582.18060022.1406295044131.JavaMail.zimbra@redhat.com> <456387541.18067244.1406295524609.JavaMail.zimbra@redhat.com> Message-ID: That idea actually sounds amazing, I didn't look into keycloak.js yet, but I'll see if I can get it working before I think about styling. Thank you very much! On Fri, Jul 25, 2014 at 10:38 AM, Stian Thorgersen wrote: > I think we could quite easily add support for embedding the login page to > keycloak.js. Rough idea: > > 1. Set an option on keycloak.js to use embedded login form. Would also > require setting an id for a div where the form should be embedded. > 2. When clicking on login instead of redirecting it would render an iframe > element inside the configured div with the src of the iframe being the > login page on Keycloak > 3. The redirect-uri would be a special url on Keycloak that renders a > similar page to the iframe session page that allows posting a message back > to keycloak.js containing the code > 4. Now keycloak.js can swap the code as usual > > One thing is that we'd probably need an additional styling of the login > form, as you would want the login page to display differently when embedded > compared to when you redirect to it. > > ----- Original Message ----- > > From: "Stian Thorgersen" > > To: "Bill Burke" > > Cc: keycloak-user at lists.jboss.org > > Sent: Friday, 25 July, 2014 2:30:44 PM > > Subject: Re: [keycloak-user] Authenticate user without using login page > > > > The cookies should be set fine, as the iframe would contain the login > page > > directly from Keycloak. > > > > It would redirect to a special page on the app that after extracting the > code > > would close the popup. > > > > ----- Original Message ----- > > > From: "Bill Burke" > > > To: "Stian Thorgersen" , "Rodrigo Sasaki" > > > > > > Cc: keycloak-user at lists.jboss.org > > > Sent: Friday, 25 July, 2014 2:23:14 PM > > > Subject: Re: [keycloak-user] Authenticate user without using login page > > > > > > not sure this will work with SSO. I'm not sure CORS requests can deal > > > with cookies. > > > > > > On 7/25/2014 9:21 AM, Stian Thorgersen wrote: > > > > What about using an iframe in the popup to include the login form > from > > > > Keycloak? > > > > > > > > You can send a HTTP POST to /auth-server//tokens/grants/access > > > > with > > > > client id/secret and username/password and get a token back. With > > > > keycloak.js you can give it this token, not sure how/if this flow > works > > > > with the server-side (Undertow) adapter. > > > > > > > > ----- Original Message ----- > > > >> From: "Rodrigo Sasaki" > > > >> To: "Stian Thorgersen" > > > >> Cc: "Bill Burke" , keycloak-user at lists.jboss.org > > > >> Sent: Friday, 25 July, 2014 2:08:43 PM > > > >> Subject: Re: [keycloak-user] Authenticate user without using login > page > > > >> > > > >> Actually, the main problem is one of the flows where the password > > > >> request > > > >> appears in a popup, there's no redirect at all, and one of the > things > > > >> that > > > >> were agreed upon when decided to change the authentication > provider, was > > > >> that nothing would be altered in the user experience. > > > >> > > > >> So I really have to try and make keycloak "fit in" in these > particular > > > >> scenarios, they are not used as much as the ones where we'll use the > > > >> keycloak login page with our own style, but I do have to make them > work. > > > >> > > > >> When you say I could use direct grant to get a token, would that > count > > > >> as > > > >> the same as an user logging in? It's not really clear to me right > now > > > >> > > > >> > > > >> On Fri, Jul 25, 2014 at 9:56 AM, Stian Thorgersen > > > > >> wrote: > > > >> > > > >>> Yes, but I'm wondering why the following won't work: > > > >>> > > > >>> 1. Ask for users email (in your app, not KC) > > > >>> 2. Once you get to the flow where a user has to login: > > > >>> a) If user doesn't exist in KC (you can use admin endpoints to > > > >>> check > > > >>> this) redirect to registration page on KC with email already > entered > > > >>> b) If user does exist in KC redirect to login page again with > email > > > >>> already entered > > > >>> 3. Redirect back to app > > > >>> > > > >>> ----- Original Message ----- > > > >>>> From: "Bill Burke" > > > >>>> To: "Stian Thorgersen" , "Rodrigo Sasaki" < > > > >>> rodrigopsasaki at gmail.com> > > > >>>> Cc: keycloak-user at lists.jboss.org > > > >>>> Sent: Friday, 25 July, 2014 1:48:45 PM > > > >>>> Subject: Re: [keycloak-user] Authenticate user without using login > > > >>>> page > > > >>>> > > > >>>> It is because their first login screen is just something asking > for an > > > >>>> email. If the email doesn't exist as a user, they want a > redirect to > > > >>>> the register page. > > > >>>> > > > >>>> On 7/25/2014 5:08 AM, Stian Thorgersen wrote: > > > >>>>> Yes, you can use the direct grant to retrieve a token. > > > >>>>> > > > >>>>> I'd like to know why redirecting to the login form, when styled > to > > > >>> match > > > >>>>> your website, and using login_hint to pre-fill username/email > doesn't > > > >>>>> work. Maybe there's something we can do so that you can still > use the > > > >>>>> "proper" flow? > > > >>>>> > > > >>>>> ----- Original Message ----- > > > >>>>>> From: "Rodrigo Sasaki" > > > >>>>>> To: "Stian Thorgersen" > > > >>>>>> Cc: "Bill Burke" , > keycloak-user at lists.jboss.org > > > >>>>>> Sent: Thursday, 24 July, 2014 6:13:17 PM > > > >>>>>> Subject: Re: [keycloak-user] Authenticate user without using > login > > > >>> page > > > >>>>>> > > > >>>>>> Sorry to keep insisting on this, but since it's being a huge > > > >>> showstopper > > > >>>>>> so > > > >>>>>> far, I just have to ask. > > > >>>>>> > > > >>>>>> If I don't mind trading off SSO and all the other benefits that > the > > > >>>>>> Keycloak login page provides me, would there be a way for me to > do > > > >>> what I > > > >>>>>> want? > > > >>>>>> > > > >>>>>> > > > >>>>>> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen < > stian at redhat.com> > > > >>>>>> wrote: > > > >>>>>> > > > >>>>>>> We could add support for login_hint query param so you can > have the > > > >>>>>>> username/email field on the login form pre-filled for the > user, so > > > >>> once a > > > >>>>>>> user has to authenticate you redirect to login on KC and all > they > > > >>> would > > > >>>>>>> have to do is enter their password. > > > >>>>>>> > > > >>>>>>> If you bypass the login forms you'd loose SSO, multi-factor > > > >>>>>>> support, > > > >>>>>>> required actions, recover password, etc, etc, etc.. > > > >>>>>>> > > > >>>>>>> As Bill mentioned we provide very flexible login forms that > can be > > > >>>>>>> templated using either just css or even FreeMarker templates > if you > > > >>> need > > > >>>>>>> a > > > >>>>>>> lot of customization, so you should be able to make the login > form > > > >>>>>>> integrate well with your website. > > > >>>>>>> > > > >>>>>>> ----- Original Message ----- > > > >>>>>>>> From: "Rodrigo Sasaki" > > > >>>>>>>> To: "Bill Burke" > > > >>>>>>>> Cc: keycloak-user at lists.jboss.org > > > >>>>>>>> Sent: Thursday, 17 July, 2014 6:52:08 PM > > > >>>>>>>> Subject: Re: [keycloak-user] Authenticate user without using > login > > > >>> page > > > >>>>>>>> > > > >>>>>>>> You think there could be a way to do this within keycloak > itself? > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < > > > >>>>>>> rodrigopsasaki at gmail.com > > > > >>>>>>>> wrote: > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> I'll give you an example: > > > >>>>>>>> > > > >>>>>>>> We have a situation in our website where we only ask for the > > > >>>>>>>> user's > > > >>>>>>> e-mail, > > > >>>>>>>> and he can go on with the flow. > > > >>>>>>>> > > > >>>>>>>> On a determined step of the flow, if we identify that this is > an > > > >>> e-mail > > > >>>>>>> that > > > >>>>>>>> we already have in our user database, we ask him for his > password, > > > >>>>>>>> authenticate him, and let him go on, if this e-mail is new, we > > > >>> redirect > > > >>>>>>> him > > > >>>>>>>> to a page where he can register himself, and after that > continue > > > >>>>>>>> on. > > > >>>>>>>> > > > >>>>>>>> On this specific case and others, we wouldn't like to have to > > > >>> redirect > > > >>>>>>> him to > > > >>>>>>>> keycloak, because that would interrupt the flow that we > designed. > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < > bburke at redhat.com > > > > >>> wrote: > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ > > > >>>>>>>> userguide/html/direct-access- grants.html > > > >>>>>>>> > > > >>>>>>>> If you have to do it this way, please let us know why. Maybe > we > > > >>>>>>>> can > > > >>>>>>> solve the > > > >>>>>>>> issue within keycloak itself. > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> Just for the sake of conversation, if I did want to handle my > own > > > >>> login > > > >>>>>>>> page, would there be a way for me to do it? > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki > > > >>>>>>>> < rodrigopsasaki at gmail.com com >> > > > >>> wrote: > > > >>>>>>>> > > > >>>>>>>> I don't want to miss out on all of that, which is why we're > mostly > > > >>>>>>>> migrating everything to use keycloak that way. > > > >>>>>>>> > > > >>>>>>>> It's just that we have cases that are so specific, that it > would > > > >>>>>>>> be > > > >>>>>>>> better to authenticate the user in a different manner, create > the > > > >>>>>>>> user session and everything, without redirecting. > > > >>>>>>>> > > > >>>>>>>> I'll have a look at that code. Thanks! > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < > bburke at redhat.com > > > >>>>>>>> > wrote: > > > >>>>>>>> > > > >>>>>>>> If you want to handle your own login pages, IMO, you are > missing > > > >>>>>>>> out on > > > >>>>>>>> a lot of Keycloak features. Specifically: > > > >>>>>>>> > > > >>>>>>>> * SSO > > > >>>>>>>> * forgot password > > > >>>>>>>> * admin forced credential reset/setup > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> Login pages can be styled however you like to look like your > > > >>>>>>>> application. > > > >>>>>>>> > > > >>>>>>>> There is a REST api for obtaining an access token. Here is an > > > >>>>>>>> example: > > > >>>>>>>> > > > >>>>>>>> https://github.com/keycloak/ keycloak/blob/master/examples/ > > > >>>>>>>> demo-template/admin-access- app/src/main/java/org/ > > > >>>>>>>> keycloak/example/AdminClient. java > > > >>>>>>>> > > > >>>>>>>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: > > > >>>>>>>>> Is there a way to authenticate the user without having to > > > >>>>>>>> input username > > > >>>>>>>>> and password on the login page? > > > >>>>>>>>> > > > >>>>>>>>> For example: > > > >>>>>>>>> > > > >>>>>>>>> Say there's a situation in my application where I request the > > > >>>>>>>> user for > > > >>>>>>>>> his username and password, and I wouldn't like to redirect > > > >>>>>>>> that to the > > > >>>>>>>>> keycloak login page to authenticate him, would there be a way > > > >>>>>>>> for me to > > > >>>>>>>>> do that? > > > >>>>>>>>> > > > >>>>>>>>> -- > > > >>>>>>>>> Rodrigo Sasaki > > > >>>>>>>>> > > > >>>>>>>>> > > > >>>>>>>>> ______________________________ _________________ > > > >>>>>>>>> keycloak-user mailing list > > > >>>>>>>>> keycloak-user at lists.jboss.org > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > > > >>>>>>>>> > > > >>>>>>>> > > > >>>>>>>> -- > > > >>>>>>>> Bill Burke > > > >>>>>>>> JBoss, a division of Red Hat > > > >>>>>>>> http://bill.burkecentral.com > > > >>>>>>>> ______________________________ _________________ > > > >>>>>>>> keycloak-user mailing list > > > >>>>>>>> keycloak-user at lists.jboss.org > > >>> jboss.org > > > > >>>>>>>> > > > >>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> -- > > > >>>>>>>> Rodrigo Sasaki > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> -- > > > >>>>>>>> Rodrigo Sasaki > > > >>>>>>>> > > > >>>>>>>> -- > > > >>>>>>>> Bill Burke > > > >>>>>>>> JBoss, a division of Red Hat > > > >>>>>>>> http://bill.burkecentral.com > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> -- > > > >>>>>>>> Rodrigo Sasaki > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>> -- > > > >>>>>>>> Rodrigo Sasaki > > > >>>>>>>> > > > >>>>>>>> _______________________________________________ > > > >>>>>>>> keycloak-user mailing list > > > >>>>>>>> keycloak-user at lists.jboss.org > > > >>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user > > > >>>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> > > > >>>>>> -- > > > >>>>>> Rodrigo Sasaki > > > >>>>>> > > > >>>> > > > >>>> -- > > > >>>> Bill Burke > > > >>>> JBoss, a division of Red Hat > > > >>>> http://bill.burkecentral.com > > > >>>> > > > >>> > > > >> > > > >> > > > >> > > > >> -- > > > >> Rodrigo Sasaki > > > >> > > > > > > -- > > > Bill Burke > > > JBoss, a division of Red Hat > > > http://bill.burkecentral.com > > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140725/37bbdbe1/attachment-0001.html From rodrigopsasaki at gmail.com Fri Jul 25 12:21:12 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Fri, 25 Jul 2014 13:21:12 -0300 Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: References: <159610302.17896027.1406279294564.JavaMail.zimbra@redhat.com> <53D2522D.70103@redhat.com> <1290685740.18033745.1406292960847.JavaMail.zimbra@redhat.com> <1238071501.18052800.1406294468909.JavaMail.zimbra@redhat.com> <53D25A42.9010604@redhat.com> <455123582.18060022.1406295044131.JavaMail.zimbra@redhat.com> <456387541.18067244.1406295524609.JavaMail.zimbra@redhat.com> Message-ID: Just one more thing that wasn't completely clear to me. if I add a login page on an iframe, the user will be logged normally? Or would I have to get a token and keep managing it? On Fri, Jul 25, 2014 at 10:42 AM, Rodrigo Sasaki wrote: > That idea actually sounds amazing, I didn't look into keycloak.js yet, but > I'll see if I can get it working before I think about styling. > > Thank you very much! > > > On Fri, Jul 25, 2014 at 10:38 AM, Stian Thorgersen > wrote: > >> I think we could quite easily add support for embedding the login page to >> keycloak.js. Rough idea: >> >> 1. Set an option on keycloak.js to use embedded login form. Would also >> require setting an id for a div where the form should be embedded. >> 2. When clicking on login instead of redirecting it would render an >> iframe element inside the configured div with the src of the iframe being >> the login page on Keycloak >> 3. The redirect-uri would be a special url on Keycloak that renders a >> similar page to the iframe session page that allows posting a message back >> to keycloak.js containing the code >> 4. Now keycloak.js can swap the code as usual >> >> One thing is that we'd probably need an additional styling of the login >> form, as you would want the login page to display differently when embedded >> compared to when you redirect to it. >> >> ----- Original Message ----- >> > From: "Stian Thorgersen" >> > To: "Bill Burke" >> > Cc: keycloak-user at lists.jboss.org >> > Sent: Friday, 25 July, 2014 2:30:44 PM >> > Subject: Re: [keycloak-user] Authenticate user without using login page >> > >> > The cookies should be set fine, as the iframe would contain the login >> page >> > directly from Keycloak. >> > >> > It would redirect to a special page on the app that after extracting >> the code >> > would close the popup. >> > >> > ----- Original Message ----- >> > > From: "Bill Burke" >> > > To: "Stian Thorgersen" , "Rodrigo Sasaki" >> > > >> > > Cc: keycloak-user at lists.jboss.org >> > > Sent: Friday, 25 July, 2014 2:23:14 PM >> > > Subject: Re: [keycloak-user] Authenticate user without using login >> page >> > > >> > > not sure this will work with SSO. I'm not sure CORS requests can deal >> > > with cookies. >> > > >> > > On 7/25/2014 9:21 AM, Stian Thorgersen wrote: >> > > > What about using an iframe in the popup to include the login form >> from >> > > > Keycloak? >> > > > >> > > > You can send a HTTP POST to >> /auth-server//tokens/grants/access >> > > > with >> > > > client id/secret and username/password and get a token back. With >> > > > keycloak.js you can give it this token, not sure how/if this flow >> works >> > > > with the server-side (Undertow) adapter. >> > > > >> > > > ----- Original Message ----- >> > > >> From: "Rodrigo Sasaki" >> > > >> To: "Stian Thorgersen" >> > > >> Cc: "Bill Burke" , >> keycloak-user at lists.jboss.org >> > > >> Sent: Friday, 25 July, 2014 2:08:43 PM >> > > >> Subject: Re: [keycloak-user] Authenticate user without using login >> page >> > > >> >> > > >> Actually, the main problem is one of the flows where the password >> > > >> request >> > > >> appears in a popup, there's no redirect at all, and one of the >> things >> > > >> that >> > > >> were agreed upon when decided to change the authentication >> provider, was >> > > >> that nothing would be altered in the user experience. >> > > >> >> > > >> So I really have to try and make keycloak "fit in" in these >> particular >> > > >> scenarios, they are not used as much as the ones where we'll use >> the >> > > >> keycloak login page with our own style, but I do have to make them >> work. >> > > >> >> > > >> When you say I could use direct grant to get a token, would that >> count >> > > >> as >> > > >> the same as an user logging in? It's not really clear to me right >> now >> > > >> >> > > >> >> > > >> On Fri, Jul 25, 2014 at 9:56 AM, Stian Thorgersen < >> stian at redhat.com> >> > > >> wrote: >> > > >> >> > > >>> Yes, but I'm wondering why the following won't work: >> > > >>> >> > > >>> 1. Ask for users email (in your app, not KC) >> > > >>> 2. Once you get to the flow where a user has to login: >> > > >>> a) If user doesn't exist in KC (you can use admin endpoints to >> > > >>> check >> > > >>> this) redirect to registration page on KC with email already >> entered >> > > >>> b) If user does exist in KC redirect to login page again with >> email >> > > >>> already entered >> > > >>> 3. Redirect back to app >> > > >>> >> > > >>> ----- Original Message ----- >> > > >>>> From: "Bill Burke" >> > > >>>> To: "Stian Thorgersen" , "Rodrigo Sasaki" < >> > > >>> rodrigopsasaki at gmail.com> >> > > >>>> Cc: keycloak-user at lists.jboss.org >> > > >>>> Sent: Friday, 25 July, 2014 1:48:45 PM >> > > >>>> Subject: Re: [keycloak-user] Authenticate user without using >> login >> > > >>>> page >> > > >>>> >> > > >>>> It is because their first login screen is just something asking >> for an >> > > >>>> email. If the email doesn't exist as a user, they want a >> redirect to >> > > >>>> the register page. >> > > >>>> >> > > >>>> On 7/25/2014 5:08 AM, Stian Thorgersen wrote: >> > > >>>>> Yes, you can use the direct grant to retrieve a token. >> > > >>>>> >> > > >>>>> I'd like to know why redirecting to the login form, when styled >> to >> > > >>> match >> > > >>>>> your website, and using login_hint to pre-fill username/email >> doesn't >> > > >>>>> work. Maybe there's something we can do so that you can still >> use the >> > > >>>>> "proper" flow? >> > > >>>>> >> > > >>>>> ----- Original Message ----- >> > > >>>>>> From: "Rodrigo Sasaki" >> > > >>>>>> To: "Stian Thorgersen" >> > > >>>>>> Cc: "Bill Burke" , >> keycloak-user at lists.jboss.org >> > > >>>>>> Sent: Thursday, 24 July, 2014 6:13:17 PM >> > > >>>>>> Subject: Re: [keycloak-user] Authenticate user without using >> login >> > > >>> page >> > > >>>>>> >> > > >>>>>> Sorry to keep insisting on this, but since it's being a huge >> > > >>> showstopper >> > > >>>>>> so >> > > >>>>>> far, I just have to ask. >> > > >>>>>> >> > > >>>>>> If I don't mind trading off SSO and all the other benefits >> that the >> > > >>>>>> Keycloak login page provides me, would there be a way for me >> to do >> > > >>> what I >> > > >>>>>> want? >> > > >>>>>> >> > > >>>>>> >> > > >>>>>> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen < >> stian at redhat.com> >> > > >>>>>> wrote: >> > > >>>>>> >> > > >>>>>>> We could add support for login_hint query param so you can >> have the >> > > >>>>>>> username/email field on the login form pre-filled for the >> user, so >> > > >>> once a >> > > >>>>>>> user has to authenticate you redirect to login on KC and all >> they >> > > >>> would >> > > >>>>>>> have to do is enter their password. >> > > >>>>>>> >> > > >>>>>>> If you bypass the login forms you'd loose SSO, multi-factor >> > > >>>>>>> support, >> > > >>>>>>> required actions, recover password, etc, etc, etc.. >> > > >>>>>>> >> > > >>>>>>> As Bill mentioned we provide very flexible login forms that >> can be >> > > >>>>>>> templated using either just css or even FreeMarker templates >> if you >> > > >>> need >> > > >>>>>>> a >> > > >>>>>>> lot of customization, so you should be able to make the login >> form >> > > >>>>>>> integrate well with your website. >> > > >>>>>>> >> > > >>>>>>> ----- Original Message ----- >> > > >>>>>>>> From: "Rodrigo Sasaki" >> > > >>>>>>>> To: "Bill Burke" >> > > >>>>>>>> Cc: keycloak-user at lists.jboss.org >> > > >>>>>>>> Sent: Thursday, 17 July, 2014 6:52:08 PM >> > > >>>>>>>> Subject: Re: [keycloak-user] Authenticate user without using >> login >> > > >>> page >> > > >>>>>>>> >> > > >>>>>>>> You think there could be a way to do this within keycloak >> itself? >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < >> > > >>>>>>> rodrigopsasaki at gmail.com > >> > > >>>>>>>> wrote: >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> I'll give you an example: >> > > >>>>>>>> >> > > >>>>>>>> We have a situation in our website where we only ask for the >> > > >>>>>>>> user's >> > > >>>>>>> e-mail, >> > > >>>>>>>> and he can go on with the flow. >> > > >>>>>>>> >> > > >>>>>>>> On a determined step of the flow, if we identify that this >> is an >> > > >>> e-mail >> > > >>>>>>> that >> > > >>>>>>>> we already have in our user database, we ask him for his >> password, >> > > >>>>>>>> authenticate him, and let him go on, if this e-mail is new, >> we >> > > >>> redirect >> > > >>>>>>> him >> > > >>>>>>>> to a page where he can register himself, and after that >> continue >> > > >>>>>>>> on. >> > > >>>>>>>> >> > > >>>>>>>> On this specific case and others, we wouldn't like to have to >> > > >>> redirect >> > > >>>>>>> him to >> > > >>>>>>>> keycloak, because that would interrupt the flow that we >> designed. >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < >> bburke at redhat.com > >> > > >>> wrote: >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ >> > > >>>>>>>> userguide/html/direct-access- grants.html >> > > >>>>>>>> >> > > >>>>>>>> If you have to do it this way, please let us know why. Maybe >> we >> > > >>>>>>>> can >> > > >>>>>>> solve the >> > > >>>>>>>> issue within keycloak itself. >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> Just for the sake of conversation, if I did want to handle >> my own >> > > >>> login >> > > >>>>>>>> page, would there be a way for me to do it? >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki >> > > >>>>>>>> < rodrigopsasaki at gmail.com > com >> >> > > >>> wrote: >> > > >>>>>>>> >> > > >>>>>>>> I don't want to miss out on all of that, which is why we're >> mostly >> > > >>>>>>>> migrating everything to use keycloak that way. >> > > >>>>>>>> >> > > >>>>>>>> It's just that we have cases that are so specific, that it >> would >> > > >>>>>>>> be >> > > >>>>>>>> better to authenticate the user in a different manner, >> create the >> > > >>>>>>>> user session and everything, without redirecting. >> > > >>>>>>>> >> > > >>>>>>>> I'll have a look at that code. Thanks! >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < >> bburke at redhat.com >> > > >>>>>>>> > wrote: >> > > >>>>>>>> >> > > >>>>>>>> If you want to handle your own login pages, IMO, you are >> missing >> > > >>>>>>>> out on >> > > >>>>>>>> a lot of Keycloak features. Specifically: >> > > >>>>>>>> >> > > >>>>>>>> * SSO >> > > >>>>>>>> * forgot password >> > > >>>>>>>> * admin forced credential reset/setup >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> Login pages can be styled however you like to look like your >> > > >>>>>>>> application. >> > > >>>>>>>> >> > > >>>>>>>> There is a REST api for obtaining an access token. Here is an >> > > >>>>>>>> example: >> > > >>>>>>>> >> > > >>>>>>>> https://github.com/keycloak/ keycloak/blob/master/examples/ >> > > >>>>>>>> demo-template/admin-access- app/src/main/java/org/ >> > > >>>>>>>> keycloak/example/AdminClient. java >> > > >>>>>>>> >> > > >>>>>>>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: >> > > >>>>>>>>> Is there a way to authenticate the user without having to >> > > >>>>>>>> input username >> > > >>>>>>>>> and password on the login page? >> > > >>>>>>>>> >> > > >>>>>>>>> For example: >> > > >>>>>>>>> >> > > >>>>>>>>> Say there's a situation in my application where I request >> the >> > > >>>>>>>> user for >> > > >>>>>>>>> his username and password, and I wouldn't like to redirect >> > > >>>>>>>> that to the >> > > >>>>>>>>> keycloak login page to authenticate him, would there be a >> way >> > > >>>>>>>> for me to >> > > >>>>>>>>> do that? >> > > >>>>>>>>> >> > > >>>>>>>>> -- >> > > >>>>>>>>> Rodrigo Sasaki >> > > >>>>>>>>> >> > > >>>>>>>>> >> > > >>>>>>>>> ______________________________ _________________ >> > > >>>>>>>>> keycloak-user mailing list >> > > >>>>>>>>> keycloak-user at lists.jboss.org >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user >> > > >>>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> -- >> > > >>>>>>>> Bill Burke >> > > >>>>>>>> JBoss, a division of Red Hat >> > > >>>>>>>> http://bill.burkecentral.com >> > > >>>>>>>> ______________________________ _________________ >> > > >>>>>>>> keycloak-user mailing list >> > > >>>>>>>> keycloak-user at lists.jboss.org > > > >>> jboss.org > >> > > >>>>>>>> >> > > >>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> -- >> > > >>>>>>>> Rodrigo Sasaki >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> -- >> > > >>>>>>>> Rodrigo Sasaki >> > > >>>>>>>> >> > > >>>>>>>> -- >> > > >>>>>>>> Bill Burke >> > > >>>>>>>> JBoss, a division of Red Hat >> > > >>>>>>>> http://bill.burkecentral.com >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> -- >> > > >>>>>>>> Rodrigo Sasaki >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> >> > > >>>>>>>> -- >> > > >>>>>>>> Rodrigo Sasaki >> > > >>>>>>>> >> > > >>>>>>>> _______________________________________________ >> > > >>>>>>>> keycloak-user mailing list >> > > >>>>>>>> keycloak-user at lists.jboss.org >> > > >>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > > >>>>>>> >> > > >>>>>> >> > > >>>>>> >> > > >>>>>> >> > > >>>>>> -- >> > > >>>>>> Rodrigo Sasaki >> > > >>>>>> >> > > >>>> >> > > >>>> -- >> > > >>>> Bill Burke >> > > >>>> JBoss, a division of Red Hat >> > > >>>> http://bill.burkecentral.com >> > > >>>> >> > > >>> >> > > >> >> > > >> >> > > >> >> > > >> -- >> > > >> Rodrigo Sasaki >> > > >> >> > > >> > > -- >> > > Bill Burke >> > > JBoss, a division of Red Hat >> > > http://bill.burkecentral.com >> > > >> > _______________________________________________ >> > keycloak-user mailing list >> > keycloak-user at lists.jboss.org >> > https://lists.jboss.org/mailman/listinfo/keycloak-user >> > >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > > > > -- > Rodrigo Sasaki > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140725/02810c54/attachment-0001.html From rodrigopsasaki at gmail.com Fri Jul 25 13:11:47 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Fri, 25 Jul 2014 14:11:47 -0300 Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: References: <159610302.17896027.1406279294564.JavaMail.zimbra@redhat.com> <53D2522D.70103@redhat.com> <1290685740.18033745.1406292960847.JavaMail.zimbra@redhat.com> <1238071501.18052800.1406294468909.JavaMail.zimbra@redhat.com> <53D25A42.9010604@redhat.com> <455123582.18060022.1406295044131.JavaMail.zimbra@redhat.com> <456387541.18067244.1406295524609.JavaMail.zimbra@redhat.com> Message-ID: It all worked great with the iframe, if I style it properly and use that login_hint it should be perfect. Now how should I go about developing/using this login_hint? Are there any tips on this, or is it something that you plan on including yourselves? On Fri, Jul 25, 2014 at 1:21 PM, Rodrigo Sasaki wrote: > Just one more thing that wasn't completely clear to me. > > if I add a login page on an iframe, the user will be logged normally? Or > would I have to get a token and keep managing it? > > > On Fri, Jul 25, 2014 at 10:42 AM, Rodrigo Sasaki > wrote: > >> That idea actually sounds amazing, I didn't look into keycloak.js yet, >> but I'll see if I can get it working before I think about styling. >> >> Thank you very much! >> >> >> On Fri, Jul 25, 2014 at 10:38 AM, Stian Thorgersen >> wrote: >> >>> I think we could quite easily add support for embedding the login page >>> to keycloak.js. Rough idea: >>> >>> 1. Set an option on keycloak.js to use embedded login form. Would also >>> require setting an id for a div where the form should be embedded. >>> 2. When clicking on login instead of redirecting it would render an >>> iframe element inside the configured div with the src of the iframe being >>> the login page on Keycloak >>> 3. The redirect-uri would be a special url on Keycloak that renders a >>> similar page to the iframe session page that allows posting a message back >>> to keycloak.js containing the code >>> 4. Now keycloak.js can swap the code as usual >>> >>> One thing is that we'd probably need an additional styling of the login >>> form, as you would want the login page to display differently when embedded >>> compared to when you redirect to it. >>> >>> ----- Original Message ----- >>> > From: "Stian Thorgersen" >>> > To: "Bill Burke" >>> > Cc: keycloak-user at lists.jboss.org >>> > Sent: Friday, 25 July, 2014 2:30:44 PM >>> > Subject: Re: [keycloak-user] Authenticate user without using login page >>> > >>> > The cookies should be set fine, as the iframe would contain the login >>> page >>> > directly from Keycloak. >>> > >>> > It would redirect to a special page on the app that after extracting >>> the code >>> > would close the popup. >>> > >>> > ----- Original Message ----- >>> > > From: "Bill Burke" >>> > > To: "Stian Thorgersen" , "Rodrigo Sasaki" >>> > > >>> > > Cc: keycloak-user at lists.jboss.org >>> > > Sent: Friday, 25 July, 2014 2:23:14 PM >>> > > Subject: Re: [keycloak-user] Authenticate user without using login >>> page >>> > > >>> > > not sure this will work with SSO. I'm not sure CORS requests can >>> deal >>> > > with cookies. >>> > > >>> > > On 7/25/2014 9:21 AM, Stian Thorgersen wrote: >>> > > > What about using an iframe in the popup to include the login form >>> from >>> > > > Keycloak? >>> > > > >>> > > > You can send a HTTP POST to >>> /auth-server//tokens/grants/access >>> > > > with >>> > > > client id/secret and username/password and get a token back. With >>> > > > keycloak.js you can give it this token, not sure how/if this flow >>> works >>> > > > with the server-side (Undertow) adapter. >>> > > > >>> > > > ----- Original Message ----- >>> > > >> From: "Rodrigo Sasaki" >>> > > >> To: "Stian Thorgersen" >>> > > >> Cc: "Bill Burke" , >>> keycloak-user at lists.jboss.org >>> > > >> Sent: Friday, 25 July, 2014 2:08:43 PM >>> > > >> Subject: Re: [keycloak-user] Authenticate user without using >>> login page >>> > > >> >>> > > >> Actually, the main problem is one of the flows where the password >>> > > >> request >>> > > >> appears in a popup, there's no redirect at all, and one of the >>> things >>> > > >> that >>> > > >> were agreed upon when decided to change the authentication >>> provider, was >>> > > >> that nothing would be altered in the user experience. >>> > > >> >>> > > >> So I really have to try and make keycloak "fit in" in these >>> particular >>> > > >> scenarios, they are not used as much as the ones where we'll use >>> the >>> > > >> keycloak login page with our own style, but I do have to make >>> them work. >>> > > >> >>> > > >> When you say I could use direct grant to get a token, would that >>> count >>> > > >> as >>> > > >> the same as an user logging in? It's not really clear to me right >>> now >>> > > >> >>> > > >> >>> > > >> On Fri, Jul 25, 2014 at 9:56 AM, Stian Thorgersen < >>> stian at redhat.com> >>> > > >> wrote: >>> > > >> >>> > > >>> Yes, but I'm wondering why the following won't work: >>> > > >>> >>> > > >>> 1. Ask for users email (in your app, not KC) >>> > > >>> 2. Once you get to the flow where a user has to login: >>> > > >>> a) If user doesn't exist in KC (you can use admin endpoints >>> to >>> > > >>> check >>> > > >>> this) redirect to registration page on KC with email already >>> entered >>> > > >>> b) If user does exist in KC redirect to login page again >>> with email >>> > > >>> already entered >>> > > >>> 3. Redirect back to app >>> > > >>> >>> > > >>> ----- Original Message ----- >>> > > >>>> From: "Bill Burke" >>> > > >>>> To: "Stian Thorgersen" , "Rodrigo Sasaki" < >>> > > >>> rodrigopsasaki at gmail.com> >>> > > >>>> Cc: keycloak-user at lists.jboss.org >>> > > >>>> Sent: Friday, 25 July, 2014 1:48:45 PM >>> > > >>>> Subject: Re: [keycloak-user] Authenticate user without using >>> login >>> > > >>>> page >>> > > >>>> >>> > > >>>> It is because their first login screen is just something asking >>> for an >>> > > >>>> email. If the email doesn't exist as a user, they want a >>> redirect to >>> > > >>>> the register page. >>> > > >>>> >>> > > >>>> On 7/25/2014 5:08 AM, Stian Thorgersen wrote: >>> > > >>>>> Yes, you can use the direct grant to retrieve a token. >>> > > >>>>> >>> > > >>>>> I'd like to know why redirecting to the login form, when >>> styled to >>> > > >>> match >>> > > >>>>> your website, and using login_hint to pre-fill username/email >>> doesn't >>> > > >>>>> work. Maybe there's something we can do so that you can still >>> use the >>> > > >>>>> "proper" flow? >>> > > >>>>> >>> > > >>>>> ----- Original Message ----- >>> > > >>>>>> From: "Rodrigo Sasaki" >>> > > >>>>>> To: "Stian Thorgersen" >>> > > >>>>>> Cc: "Bill Burke" , >>> keycloak-user at lists.jboss.org >>> > > >>>>>> Sent: Thursday, 24 July, 2014 6:13:17 PM >>> > > >>>>>> Subject: Re: [keycloak-user] Authenticate user without using >>> login >>> > > >>> page >>> > > >>>>>> >>> > > >>>>>> Sorry to keep insisting on this, but since it's being a huge >>> > > >>> showstopper >>> > > >>>>>> so >>> > > >>>>>> far, I just have to ask. >>> > > >>>>>> >>> > > >>>>>> If I don't mind trading off SSO and all the other benefits >>> that the >>> > > >>>>>> Keycloak login page provides me, would there be a way for me >>> to do >>> > > >>> what I >>> > > >>>>>> want? >>> > > >>>>>> >>> > > >>>>>> >>> > > >>>>>> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen < >>> stian at redhat.com> >>> > > >>>>>> wrote: >>> > > >>>>>> >>> > > >>>>>>> We could add support for login_hint query param so you can >>> have the >>> > > >>>>>>> username/email field on the login form pre-filled for the >>> user, so >>> > > >>> once a >>> > > >>>>>>> user has to authenticate you redirect to login on KC and all >>> they >>> > > >>> would >>> > > >>>>>>> have to do is enter their password. >>> > > >>>>>>> >>> > > >>>>>>> If you bypass the login forms you'd loose SSO, multi-factor >>> > > >>>>>>> support, >>> > > >>>>>>> required actions, recover password, etc, etc, etc.. >>> > > >>>>>>> >>> > > >>>>>>> As Bill mentioned we provide very flexible login forms that >>> can be >>> > > >>>>>>> templated using either just css or even FreeMarker templates >>> if you >>> > > >>> need >>> > > >>>>>>> a >>> > > >>>>>>> lot of customization, so you should be able to make the >>> login form >>> > > >>>>>>> integrate well with your website. >>> > > >>>>>>> >>> > > >>>>>>> ----- Original Message ----- >>> > > >>>>>>>> From: "Rodrigo Sasaki" >>> > > >>>>>>>> To: "Bill Burke" >>> > > >>>>>>>> Cc: keycloak-user at lists.jboss.org >>> > > >>>>>>>> Sent: Thursday, 17 July, 2014 6:52:08 PM >>> > > >>>>>>>> Subject: Re: [keycloak-user] Authenticate user without >>> using login >>> > > >>> page >>> > > >>>>>>>> >>> > > >>>>>>>> You think there could be a way to do this within keycloak >>> itself? >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < >>> > > >>>>>>> rodrigopsasaki at gmail.com > >>> > > >>>>>>>> wrote: >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> I'll give you an example: >>> > > >>>>>>>> >>> > > >>>>>>>> We have a situation in our website where we only ask for the >>> > > >>>>>>>> user's >>> > > >>>>>>> e-mail, >>> > > >>>>>>>> and he can go on with the flow. >>> > > >>>>>>>> >>> > > >>>>>>>> On a determined step of the flow, if we identify that this >>> is an >>> > > >>> e-mail >>> > > >>>>>>> that >>> > > >>>>>>>> we already have in our user database, we ask him for his >>> password, >>> > > >>>>>>>> authenticate him, and let him go on, if this e-mail is new, >>> we >>> > > >>> redirect >>> > > >>>>>>> him >>> > > >>>>>>>> to a page where he can register himself, and after that >>> continue >>> > > >>>>>>>> on. >>> > > >>>>>>>> >>> > > >>>>>>>> On this specific case and others, we wouldn't like to have >>> to >>> > > >>> redirect >>> > > >>>>>>> him to >>> > > >>>>>>>> keycloak, because that would interrupt the flow that we >>> designed. >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < >>> bburke at redhat.com > >>> > > >>> wrote: >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ >>> > > >>>>>>>> userguide/html/direct-access- grants.html >>> > > >>>>>>>> >>> > > >>>>>>>> If you have to do it this way, please let us know why. >>> Maybe we >>> > > >>>>>>>> can >>> > > >>>>>>> solve the >>> > > >>>>>>>> issue within keycloak itself. >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> Just for the sake of conversation, if I did want to handle >>> my own >>> > > >>> login >>> > > >>>>>>>> page, would there be a way for me to do it? >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki >>> > > >>>>>>>> < rodrigopsasaki at gmail.com >> com >> >>> > > >>> wrote: >>> > > >>>>>>>> >>> > > >>>>>>>> I don't want to miss out on all of that, which is why we're >>> mostly >>> > > >>>>>>>> migrating everything to use keycloak that way. >>> > > >>>>>>>> >>> > > >>>>>>>> It's just that we have cases that are so specific, that it >>> would >>> > > >>>>>>>> be >>> > > >>>>>>>> better to authenticate the user in a different manner, >>> create the >>> > > >>>>>>>> user session and everything, without redirecting. >>> > > >>>>>>>> >>> > > >>>>>>>> I'll have a look at that code. Thanks! >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < >>> bburke at redhat.com >>> > > >>>>>>>> > wrote: >>> > > >>>>>>>> >>> > > >>>>>>>> If you want to handle your own login pages, IMO, you are >>> missing >>> > > >>>>>>>> out on >>> > > >>>>>>>> a lot of Keycloak features. Specifically: >>> > > >>>>>>>> >>> > > >>>>>>>> * SSO >>> > > >>>>>>>> * forgot password >>> > > >>>>>>>> * admin forced credential reset/setup >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> Login pages can be styled however you like to look like your >>> > > >>>>>>>> application. >>> > > >>>>>>>> >>> > > >>>>>>>> There is a REST api for obtaining an access token. Here is >>> an >>> > > >>>>>>>> example: >>> > > >>>>>>>> >>> > > >>>>>>>> https://github.com/keycloak/ keycloak/blob/master/examples/ >>> > > >>>>>>>> demo-template/admin-access- app/src/main/java/org/ >>> > > >>>>>>>> keycloak/example/AdminClient. java >>> > > >>>>>>>> >>> > > >>>>>>>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: >>> > > >>>>>>>>> Is there a way to authenticate the user without having to >>> > > >>>>>>>> input username >>> > > >>>>>>>>> and password on the login page? >>> > > >>>>>>>>> >>> > > >>>>>>>>> For example: >>> > > >>>>>>>>> >>> > > >>>>>>>>> Say there's a situation in my application where I request >>> the >>> > > >>>>>>>> user for >>> > > >>>>>>>>> his username and password, and I wouldn't like to redirect >>> > > >>>>>>>> that to the >>> > > >>>>>>>>> keycloak login page to authenticate him, would there be a >>> way >>> > > >>>>>>>> for me to >>> > > >>>>>>>>> do that? >>> > > >>>>>>>>> >>> > > >>>>>>>>> -- >>> > > >>>>>>>>> Rodrigo Sasaki >>> > > >>>>>>>>> >>> > > >>>>>>>>> >>> > > >>>>>>>>> ______________________________ _________________ >>> > > >>>>>>>>> keycloak-user mailing list >>> > > >>>>>>>>> keycloak-user at lists.jboss.org >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user >>> > > >>>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> -- >>> > > >>>>>>>> Bill Burke >>> > > >>>>>>>> JBoss, a division of Red Hat >>> > > >>>>>>>> http://bill.burkecentral.com >>> > > >>>>>>>> ______________________________ _________________ >>> > > >>>>>>>> keycloak-user mailing list >>> > > >>>>>>>> keycloak-user at lists.jboss.org >> > > >>> jboss.org > >>> > > >>>>>>>> >>> > > >>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> -- >>> > > >>>>>>>> Rodrigo Sasaki >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> -- >>> > > >>>>>>>> Rodrigo Sasaki >>> > > >>>>>>>> >>> > > >>>>>>>> -- >>> > > >>>>>>>> Bill Burke >>> > > >>>>>>>> JBoss, a division of Red Hat >>> > > >>>>>>>> http://bill.burkecentral.com >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> -- >>> > > >>>>>>>> Rodrigo Sasaki >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> >>> > > >>>>>>>> -- >>> > > >>>>>>>> Rodrigo Sasaki >>> > > >>>>>>>> >>> > > >>>>>>>> _______________________________________________ >>> > > >>>>>>>> keycloak-user mailing list >>> > > >>>>>>>> keycloak-user at lists.jboss.org >>> > > >>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> > > >>>>>>> >>> > > >>>>>> >>> > > >>>>>> >>> > > >>>>>> >>> > > >>>>>> -- >>> > > >>>>>> Rodrigo Sasaki >>> > > >>>>>> >>> > > >>>> >>> > > >>>> -- >>> > > >>>> Bill Burke >>> > > >>>> JBoss, a division of Red Hat >>> > > >>>> http://bill.burkecentral.com >>> > > >>>> >>> > > >>> >>> > > >> >>> > > >> >>> > > >> >>> > > >> -- >>> > > >> Rodrigo Sasaki >>> > > >> >>> > > >>> > > -- >>> > > Bill Burke >>> > > JBoss, a division of Red Hat >>> > > http://bill.burkecentral.com >>> > > >>> > _______________________________________________ >>> > keycloak-user mailing list >>> > keycloak-user at lists.jboss.org >>> > https://lists.jboss.org/mailman/listinfo/keycloak-user >>> > >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user at lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> >> >> >> >> -- >> Rodrigo Sasaki >> > > > > -- > Rodrigo Sasaki > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140725/448b9f23/attachment-0001.html From vivsriva at cisco.com Fri Jul 25 14:21:07 2014 From: vivsriva at cisco.com (Vivek Srivastav (vivsriva)) Date: Fri, 25 Jul 2014 18:21:07 +0000 Subject: [keycloak-user] keycloak war deployment - cannot configure authenticator for method KEYCLOAK Message-ID: Hi, I am evaluating keycloak and running into this issue when deploying a web application secured using keycloak: 14:12:59,436 INFO [org.jboss.web] (ServerService Thread Pool -- 80) JBAS018210: Register web context: /customer-portal 14:12:59,445 ERROR [org.apache.catalina.startup] (ServerService Thread Pool -- 80) JBWEB001034: Cannot configure an authenticator for method KEYCLOAK 14:12:59,446 ERROR [org.jboss.web] (ServerService Thread Pool -- 80) JBAS018206: Webapp [/customer-portal] is unavailable due to startup errors I have updated the customer-app/src/main/webapp/WEB-INF/web.xml app with following login-config parameter KEYCLOAK demo I have followed the instructions @ http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html_single/#WAR_distribution_installation and using the following versions of the software: jboss-eap-6.2 keycloak-war-dist-all-1.0-beta-3 I have in addition to the instructions above, cd $JBOSS_HOME unzip ~/opt/keycloak/keycloak-war-dist-all-1.0-beta-3/adapters/keycloak-eap6-adapter-dist-1.0-beta-3.zip to update the modules folder. Could you please suggest what I can do to fix this? Regards, Vivek -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140725/d179dbd2/attachment.html From bburke at redhat.com Fri Jul 25 15:02:34 2014 From: bburke at redhat.com (Bill Burke) Date: Fri, 25 Jul 2014 15:02:34 -0400 Subject: [keycloak-user] keycloak war deployment - cannot configure authenticator for method KEYCLOAK In-Reply-To: References: Message-ID: <53D2A9CA.4030805@redhat.com> You need to install the adapter. On 7/25/2014 2:21 PM, Vivek Srivastav (vivsriva) wrote: > Hi, > I am evaluating keycloak and running into this issue when deploying a > web application secured using keycloak: > > 14:12:59,436 INFO [org.jboss.web] (ServerService Thread Pool -- 80) > JBAS018210: Register web context: /customer-portal > > 14:12:59,445 ERROR [org.apache.catalina.startup] (ServerService Thread > Pool -- 80) JBWEB001034: Cannot configure an authenticator for method > KEYCLOAK > > 14:12:59,446 ERROR [org.jboss.web] (ServerService Thread Pool -- 80) > JBAS018206: Webapp [/customer-portal] is unavailable due to startup errors > > > I have updated the customer-app/src/main/webapp/WEB-INF/web.xml app with > following login-config parameter > > > > KEYCLOAK > > demo > > > > > I have followed the instructions @ > http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html_single/#WAR_distribution_installation and > using the following versions of the software: > > jboss-eap-6.2 > keycloak-war-dist-all-1.0-beta-3 > > I have in addition to the instructions above, > > cd $JBOSS_HOME > > unzip > ~/opt/keycloak/keycloak-war-dist-all-1.0-beta-3/adapters/keycloak-eap6-adapter-dist-1.0-beta-3.zip > > > to update the modules folder. > > Could you please suggest what I can do to fix this? > > Regards, > Vivek > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From vivsriva at cisco.com Fri Jul 25 15:45:14 2014 From: vivsriva at cisco.com (Vivek Srivastav (vivsriva)) Date: Fri, 25 Jul 2014 19:45:14 +0000 Subject: [keycloak-user] keycloak war deployment - cannot configure authenticator for method KEYCLOAK In-Reply-To: <53D2A9CA.4030805@redhat.com> References: <53D2A9CA.4030805@redhat.com> Message-ID: Hi Bill, Thanks for the info. The keycloak auth service is a really great product and I have been going through your excellent tutorials at youtube. I think you and your team has done an incredible job creating this product. Since, the information about adapter installation is not documented. I presumed that the adapter would be deployed in the ${JBOSS_HOME}/modules folder. Here?s what I did, thinking that the adapters needs to go into the modules folder: cd $JBOSS_HOME unzip -un ~/opt/keycloak/keycloak-war-dist-all-1.0-beta-3/adapters/keycloak-eap6-adap ter-dist-1.0-beta-3.zip However, I don?t think it deployed the adapter. I also tried to deploy the adapters in jboss-as-7.1.1.Final, thinking that keycloak-eap6-adapter-dist-1.0-beta-3.zip, since I saw references to as7 and wildly but no eap6 in the zip file. Regards, Vivek Following files are deployed in my modules folder: modules/system/layers/base/org/keycloak modules/system/layers/base/org/keycloak/keycloak-adapter-core modules/system/layers/base/org/keycloak/keycloak-adapter-core/main modules/system/layers/base/org/keycloak/keycloak-adapter-core/main/keycloak -adapter-core-1.0-beta-3.jar modules/system/layers/base/org/keycloak/keycloak-adapter-core/main/module.x ml modules/system/layers/base/org/keycloak/keycloak-as7-adapter modules/system/layers/base/org/keycloak/keycloak-as7-adapter/main modules/system/layers/base/org/keycloak/keycloak-as7-adapter/main/keycloak- as7-adapter-1.0-beta-3.jar modules/system/layers/base/org/keycloak/keycloak-as7-adapter/main/module.xm l modules/system/layers/base/org/keycloak/keycloak-as7-subsystem modules/system/layers/base/org/keycloak/keycloak-as7-subsystem/main modules/system/layers/base/org/keycloak/keycloak-as7-subsystem/main/keycloa k-as7-subsystem-1.0-beta-3.jar modules/system/layers/base/org/keycloak/keycloak-as7-subsystem/main/module. xml modules/system/layers/base/org/keycloak/keycloak-core modules/system/layers/base/org/keycloak/keycloak-core/main modules/system/layers/base/org/keycloak/keycloak-core/main/keycloak-core-1. 0-beta-3.jar modules/system/layers/base/org/keycloak/keycloak-core/main/module.xml modules/system/layers/base/org/keycloak/keycloak-jboss-adapter-core modules/system/layers/base/org/keycloak/keycloak-jboss-adapter-core/main modules/system/layers/base/org/keycloak/keycloak-jboss-adapter-core/main/ke ycloak-jboss-adapter-core-1.0-beta-3.jar modules/system/layers/base/org/keycloak/keycloak-jboss-adapter-core/main/mo dule.xml modules/system/layers/base/org/keycloak/keycloak-undertow-adapter modules/system/layers/base/org/keycloak/keycloak-undertow-adapter/main modules/system/layers/base/org/keycloak/keycloak-undertow-adapter/main/keyc loak-undertow-adapter-1.0-beta-3.jar modules/system/layers/base/org/keycloak/keycloak-undertow-adapter/main/modu le.xml modules/system/layers/base/org/keycloak/keycloak-wildfly-adapter modules/system/layers/base/org/keycloak/keycloak-wildfly-adapter/main modules/system/layers/base/org/keycloak/keycloak-wildfly-adapter/main/keycl oak-wildfly-adapter-1.0-beta-3.jar modules/system/layers/base/org/keycloak/keycloak-wildfly-adapter/main/modul e.xml modules/system/layers/base/org/keycloak/keycloak-wildfly-subsystem modules/system/layers/base/org/keycloak/keycloak-wildfly-subsystem/main modules/system/layers/base/org/keycloak/keycloak-wildfly-subsystem/main/key cloak-wildfly-subsystem-1.0-beta-3.jar modules/system/layers/base/org/keycloak/keycloak-wildfly-subsystem/main/mod ule.xml On 7/25/14, 3:02 PM, "Bill Burke" wrote: >You need to install the adapter. > >On 7/25/2014 2:21 PM, Vivek Srivastav (vivsriva) wrote: >> Hi, >> I am evaluating keycloak and running into this issue when deploying a >> web application secured using keycloak: >> >> 14:12:59,436 INFO [org.jboss.web] (ServerService Thread Pool -- 80) >> JBAS018210: Register web context: /customer-portal >> >> 14:12:59,445 ERROR [org.apache.catalina.startup] (ServerService Thread >> Pool -- 80) JBWEB001034: Cannot configure an authenticator for method >> KEYCLOAK >> >> 14:12:59,446 ERROR [org.jboss.web] (ServerService Thread Pool -- 80) >> JBAS018206: Webapp [/customer-portal] is unavailable due to startup >>errors >> >> >> I have updated the customer-app/src/main/webapp/WEB-INF/web.xml app with >> following login-config parameter >> >> >> >> KEYCLOAK >> >> demo >> >> >> >> >> I have followed the instructions @ >> >>http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html_single/#WAR >>_distribution_installation and >> using the following versions of the software: >> >> jboss-eap-6.2 >> keycloak-war-dist-all-1.0-beta-3 >> >> I have in addition to the instructions above, >> >> cd $JBOSS_HOME >> >> unzip >> >>~/opt/keycloak/keycloak-war-dist-all-1.0-beta-3/adapters/keycloak-eap6-ad >>apter-dist-1.0-beta-3.zip >> >> >> to update the modules folder. >> >> Could you please suggest what I can do to fix this? >> >> Regards, >> Vivek >> >> >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > >-- >Bill Burke >JBoss, a division of Red Hat >http://bill.burkecentral.com >_______________________________________________ >keycloak-user mailing list >keycloak-user at lists.jboss.org >https://lists.jboss.org/mailman/listinfo/keycloak-user From vivsriva at cisco.com Fri Jul 25 16:37:33 2014 From: vivsriva at cisco.com (Vivek Srivastav (vivsriva)) Date: Fri, 25 Jul 2014 20:37:33 +0000 Subject: [keycloak-user] keycloak war deployment - cannot configure authenticator for method KEYCLOAK In-Reply-To: References: <53D2A9CA.4030805@redhat.com> Message-ID: Please ignore my previous email. Read through the adapter installation and was able to successfully configure the adapter: http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html_single/#d4e55 0 I missed the standalone.xml configuration. Regards, Vivek On 7/25/14, 3:45 PM, "Vivek Srivastav (vivsriva)" wrote: >Hi Bill, > >Thanks for the info. The keycloak auth service is a really great product >and I have been going through your excellent tutorials at youtube. I think >you and your team has done an incredible job creating this product. > >Since, the information about adapter installation is not documented. I >presumed that the adapter would be deployed in the >${JBOSS_HOME}/modules folder. Here?s what I did, thinking that the >adapters needs to go into the modules folder: > >cd $JBOSS_HOME >unzip -un >~/opt/keycloak/keycloak-war-dist-all-1.0-beta-3/adapters/keycloak-eap6-ada >p >ter-dist-1.0-beta-3.zip > > >However, I don?t think it deployed the adapter. I also tried to deploy the >adapters in jboss-as-7.1.1.Final, thinking that >keycloak-eap6-adapter-dist-1.0-beta-3.zip, since I saw references to as7 >and wildly but no eap6 in the zip file. > >Regards, >Vivek > >Following files are deployed in my modules folder: > >modules/system/layers/base/org/keycloak >modules/system/layers/base/org/keycloak/keycloak-adapter-core >modules/system/layers/base/org/keycloak/keycloak-adapter-core/main >modules/system/layers/base/org/keycloak/keycloak-adapter-core/main/keycloa >k >-adapter-core-1.0-beta-3.jar >modules/system/layers/base/org/keycloak/keycloak-adapter-core/main/module. >x >ml >modules/system/layers/base/org/keycloak/keycloak-as7-adapter >modules/system/layers/base/org/keycloak/keycloak-as7-adapter/main >modules/system/layers/base/org/keycloak/keycloak-as7-adapter/main/keycloak >- >as7-adapter-1.0-beta-3.jar >modules/system/layers/base/org/keycloak/keycloak-as7-adapter/main/module.x >m >l >modules/system/layers/base/org/keycloak/keycloak-as7-subsystem >modules/system/layers/base/org/keycloak/keycloak-as7-subsystem/main >modules/system/layers/base/org/keycloak/keycloak-as7-subsystem/main/keyclo >a >k-as7-subsystem-1.0-beta-3.jar >modules/system/layers/base/org/keycloak/keycloak-as7-subsystem/main/module >. >xml >modules/system/layers/base/org/keycloak/keycloak-core >modules/system/layers/base/org/keycloak/keycloak-core/main >modules/system/layers/base/org/keycloak/keycloak-core/main/keycloak-core-1 >. >0-beta-3.jar >modules/system/layers/base/org/keycloak/keycloak-core/main/module.xml >modules/system/layers/base/org/keycloak/keycloak-jboss-adapter-core >modules/system/layers/base/org/keycloak/keycloak-jboss-adapter-core/main >modules/system/layers/base/org/keycloak/keycloak-jboss-adapter-core/main/k >e >ycloak-jboss-adapter-core-1.0-beta-3.jar >modules/system/layers/base/org/keycloak/keycloak-jboss-adapter-core/main/m >o >dule.xml >modules/system/layers/base/org/keycloak/keycloak-undertow-adapter >modules/system/layers/base/org/keycloak/keycloak-undertow-adapter/main >modules/system/layers/base/org/keycloak/keycloak-undertow-adapter/main/key >c >loak-undertow-adapter-1.0-beta-3.jar >modules/system/layers/base/org/keycloak/keycloak-undertow-adapter/main/mod >u >le.xml >modules/system/layers/base/org/keycloak/keycloak-wildfly-adapter >modules/system/layers/base/org/keycloak/keycloak-wildfly-adapter/main >modules/system/layers/base/org/keycloak/keycloak-wildfly-adapter/main/keyc >l >oak-wildfly-adapter-1.0-beta-3.jar >modules/system/layers/base/org/keycloak/keycloak-wildfly-adapter/main/modu >l >e.xml >modules/system/layers/base/org/keycloak/keycloak-wildfly-subsystem >modules/system/layers/base/org/keycloak/keycloak-wildfly-subsystem/main >modules/system/layers/base/org/keycloak/keycloak-wildfly-subsystem/main/ke >y >cloak-wildfly-subsystem-1.0-beta-3.jar >modules/system/layers/base/org/keycloak/keycloak-wildfly-subsystem/main/mo >d >ule.xml > > > >On 7/25/14, 3:02 PM, "Bill Burke" wrote: > >>You need to install the adapter. >> >>On 7/25/2014 2:21 PM, Vivek Srivastav (vivsriva) wrote: >>> Hi, >>> I am evaluating keycloak and running into this issue when deploying a >>> web application secured using keycloak: >>> >>> 14:12:59,436 INFO [org.jboss.web] (ServerService Thread Pool -- 80) >>> JBAS018210: Register web context: /customer-portal >>> >>> 14:12:59,445 ERROR [org.apache.catalina.startup] (ServerService Thread >>> Pool -- 80) JBWEB001034: Cannot configure an authenticator for method >>> KEYCLOAK >>> >>> 14:12:59,446 ERROR [org.jboss.web] (ServerService Thread Pool -- 80) >>> JBAS018206: Webapp [/customer-portal] is unavailable due to startup >>>errors >>> >>> >>> I have updated the customer-app/src/main/webapp/WEB-INF/web.xml app >>>with >>> following login-config parameter >>> >>> >>> >>> KEYCLOAK >>> >>> demo >>> >>> >>> >>> >>> I have followed the instructions @ >>> >>>http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html_single/#WA >>>R >>>_distribution_installation and >>> using the following versions of the software: >>> >>> jboss-eap-6.2 >>> keycloak-war-dist-all-1.0-beta-3 >>> >>> I have in addition to the instructions above, >>> >>> cd $JBOSS_HOME >>> >>> unzip >>> >>>~/opt/keycloak/keycloak-war-dist-all-1.0-beta-3/adapters/keycloak-eap6-a >>>d >>>apter-dist-1.0-beta-3.zip >>> >>> >>> to update the modules folder. >>> >>> Could you please suggest what I can do to fix this? >>> >>> Regards, >>> Vivek >>> >>> >>> >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user at lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>> >> >>-- >>Bill Burke >>JBoss, a division of Red Hat >>http://bill.burkecentral.com >>_______________________________________________ >>keycloak-user mailing list >>keycloak-user at lists.jboss.org >>https://lists.jboss.org/mailman/listinfo/keycloak-user > From christinalau28 at icloud.com Mon Jul 28 07:52:11 2014 From: christinalau28 at icloud.com (Christina Lau) Date: Mon, 28 Jul 2014 07:52:11 -0400 Subject: [keycloak-user] Unable to register redirect url to google developer console Message-ID: <8A7A4577-441D-49F6-BFE1-206F886F5357@icloud.com> I have successfully create google social login on local keycloak install using this URL: http://localhost:8080/auth/rest/social/callback However, when I changed it to a keycloak install running on EC2, like this: http://54.84.240.18:8080/auth/rest/social/callback I keep getting invalid redirect URL error. Any idea what additional changes to make? Christina From stian at redhat.com Mon Jul 28 08:14:57 2014 From: stian at redhat.com (Stian Thorgersen) Date: Mon, 28 Jul 2014 08:14:57 -0400 (EDT) Subject: [keycloak-user] Unable to register redirect url to google developer console In-Reply-To: <8A7A4577-441D-49F6-BFE1-206F886F5357@icloud.com> References: <8A7A4577-441D-49F6-BFE1-206F886F5357@icloud.com> Message-ID: <1364124143.19034022.1406549697428.JavaMail.zimbra@redhat.com> Where and when are you getting redirect URL error? From Google or Keycloak? ----- Original Message ----- > From: "Christina Lau" > To: keycloak-user at lists.jboss.org > Sent: Monday, 28 July, 2014 12:52:11 PM > Subject: [keycloak-user] Unable to register redirect url to google developer console > > I have successfully create google social login on local keycloak install > using this URL: > > http://localhost:8080/auth/rest/social/callback > > However, when I changed it to a keycloak install running on EC2, like this: > > http://54.84.240.18:8080/auth/rest/social/callback > > I keep getting invalid redirect URL error. > > Any idea what additional changes to make? > > Christina > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > From christinalau28 at icloud.com Mon Jul 28 08:33:25 2014 From: christinalau28 at icloud.com (Christina Lau) Date: Mon, 28 Jul 2014 08:33:25 -0400 Subject: [keycloak-user] Unable to register redirect url to google developer console In-Reply-To: <1364124143.19034022.1406549697428.JavaMail.zimbra@redhat.com> References: <8A7A4577-441D-49F6-BFE1-206F886F5357@icloud.com> <1364124143.19034022.1406549697428.JavaMail.zimbra@redhat.com> Message-ID: <66271765-97A6-44FF-A620-686AD57418C0@icloud.com> >From the Google dialog when I try to save. On Jul 28, 2014, at 8:14 AM, Stian Thorgersen wrote: > Where and when are you getting redirect URL error? From Google or Keycloak? > > ----- Original Message ----- >> From: "Christina Lau" >> To: keycloak-user at lists.jboss.org >> Sent: Monday, 28 July, 2014 12:52:11 PM >> Subject: [keycloak-user] Unable to register redirect url to google developer console >> >> I have successfully create google social login on local keycloak install >> using this URL: >> >> http://localhost:8080/auth/rest/social/callback >> >> However, when I changed it to a keycloak install running on EC2, like this: >> >> http://54.84.240.18:8080/auth/rest/social/callback >> >> I keep getting invalid redirect URL error. >> >> Any idea what additional changes to make? >> >> Christina >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> From stian at redhat.com Mon Jul 28 08:40:30 2014 From: stian at redhat.com (Stian Thorgersen) Date: Mon, 28 Jul 2014 08:40:30 -0400 (EDT) Subject: [keycloak-user] Unable to register redirect url to google developer console In-Reply-To: <66271765-97A6-44FF-A620-686AD57418C0@icloud.com> References: <8A7A4577-441D-49F6-BFE1-206F886F5357@icloud.com> <1364124143.19034022.1406549697428.JavaMail.zimbra@redhat.com> <66271765-97A6-44FF-A620-686AD57418C0@icloud.com> Message-ID: <1178663698.19064065.1406551230976.JavaMail.zimbra@redhat.com> Looks like Google isn't keen on using an IP address for the redirect-uri. Try using your public EC2 hostname instead. ----- Original Message ----- > From: "Christina Lau" > To: "Stian Thorgersen" > Cc: keycloak-user at lists.jboss.org > Sent: Monday, 28 July, 2014 1:33:25 PM > Subject: Re: [keycloak-user] Unable to register redirect url to google developer console > > From the Google dialog when I try to save. > > On Jul 28, 2014, at 8:14 AM, Stian Thorgersen wrote: > > > Where and when are you getting redirect URL error? From Google or Keycloak? > > > > ----- Original Message ----- > >> From: "Christina Lau" > >> To: keycloak-user at lists.jboss.org > >> Sent: Monday, 28 July, 2014 12:52:11 PM > >> Subject: [keycloak-user] Unable to register redirect url to google > >> developer console > >> > >> I have successfully create google social login on local keycloak install > >> using this URL: > >> > >> http://localhost:8080/auth/rest/social/callback > >> > >> However, when I changed it to a keycloak install running on EC2, like > >> this: > >> > >> http://54.84.240.18:8080/auth/rest/social/callback > >> > >> I keep getting invalid redirect URL error. > >> > >> Any idea what additional changes to make? > >> > >> Christina > >> _______________________________________________ > >> keycloak-user mailing list > >> keycloak-user at lists.jboss.org > >> https://lists.jboss.org/mailman/listinfo/keycloak-user > >> > > From vivsriva at cisco.com Mon Jul 28 08:54:58 2014 From: vivsriva at cisco.com (Vivek Srivastav (vivsriva)) Date: Mon, 28 Jul 2014 12:54:58 +0000 Subject: [keycloak-user] Clarification on redirect uri configuration on the KeyCloak admin console Message-ID: I am trying to understand the redirect uri configuration on the KeyCloak admin console. As per the document: http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html_single/#installed-applications there are two special special redirect uri for application. I have few questions about the http://localhost 1. When I configure my application with the http://localhost and confidential access_type, am I supposed to provide a callback implementation or is is handled by keyclock client libraries that I bundle with my web app? 2. Am I supposed to provide a ?port? along with the redirect uri? I.e. http://localhost:8989? It seems like with either configuration gives me ?WE?RE SORRY?, ?Invalid redirect_uri?. 3. When running KeyCloak and my client application on separate servers, will the http://localhost redirect uri automatically supposed to be replaced with the correct IP address/hostname of the Resource Server provides, I.e. my application? I understand that this redirect_uri has been made a mandatory field in recent release of KeyCloak and I could not find information related to its configuration in the ?Base Part 1? tutorial video. Any pointers about how to configure this redirect uri for ?confidential? access_type would be very helpful. Kind Regards, Vivek -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140728/46498b53/attachment.html From stian at redhat.com Mon Jul 28 09:10:10 2014 From: stian at redhat.com (Stian Thorgersen) Date: Mon, 28 Jul 2014 09:10:10 -0400 (EDT) Subject: [keycloak-user] Clarification on redirect uri configuration on the KeyCloak admin console In-Reply-To: References: Message-ID: <184593483.19087918.1406553010224.JavaMail.zimbra@redhat.com> The two special redirect-uris you refer to are for installed applications (for example a CLI interface or a desktop app). In #1 you're asking about bundling with your web app, so you shouldn't be using these. Instead you should use whatever URL you use to access your application. For example if your application is: http://www.mydomain.com/myapp/secure.html Then your redirect-uri should be: http://www.mydomain.com/myapp/secure.html You can also use a wild-card if you want to allow any page on a certain domain/context-path, for example: http://www.mydomain.com/myapp/* ----- Original Message ----- > From: "Vivek Srivastav (vivsriva)" > To: keycloak-user at lists.jboss.org > Sent: Monday, 28 July, 2014 1:54:58 PM > Subject: [keycloak-user] Clarification on redirect uri configuration on the KeyCloak admin console > > I am trying to understand the redirect uri configuration on the KeyCloak > admin console. > > As per the document: > http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html_single/#installed-applications > > there are two special special redirect uri for application. I have few > questions about the http://localhost > > > 1. When I configure my application with the http://localhost and > confidential access_type, am I supposed to provide a callback > implementation or is is handled by keyclock client libraries that I > bundle with my web app? > 2. Am I supposed to provide a ?port? along with the redirect uri? I.e. > http://localhost:8989 ? It seems like with either configuration gives me > ?WE?RE SORRY?, ?Invalid redirect_uri?. > 3. When running KeyCloak and my client application on separate servers, > will the http://localhost redirect uri automatically supposed to be > replaced with the correct IP address/hostname of the Resource Server > provides, I.e. my application? > I understand that this redirect_uri has been made a mandatory field in recent > release of KeyCloak and I could not find information related to its > configuration in the ?Base Part 1? tutorial video. > > Any pointers about how to configure this redirect uri for ?confidential? > access_type would be very helpful. > > Kind Regards, > Vivek > > > > > > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user From christinalau28 at icloud.com Mon Jul 28 09:23:10 2014 From: christinalau28 at icloud.com (Christina Lau) Date: Mon, 28 Jul 2014 09:23:10 -0400 Subject: [keycloak-user] Unable to register redirect url to google developer console In-Reply-To: <1178663698.19064065.1406551230976.JavaMail.zimbra@redhat.com> References: <8A7A4577-441D-49F6-BFE1-206F886F5357@icloud.com> <1364124143.19034022.1406549697428.JavaMail.zimbra@redhat.com> <66271765-97A6-44FF-A620-686AD57418C0@icloud.com> <1178663698.19064065.1406551230976.JavaMail.zimbra@redhat.com> Message-ID: <5C413BC3-DC84-4AD9-821E-0A78EAB92666@icloud.com> It got a little further after I made the change to (http://ec2-54-84-240-18.compute-1.amazonaws.com:8080/auth/social/callback), I can save. But still it didn?t get me to the Project Default Service Account screen (which I got to using local). I got the 400 error instead when I clicked on the google+ login. 400. That?s an error. Error: invalid_request Invalid parameter value for redirect_uri: Raw IP addresses not allowed: http://54.84.240.18:8080/auth/social/callback Learn more Request Details scope=openid profile email response_type=code redirect_uri=http://54.84.240.18:8080/auth/social/callback state=eyJhbGciOiJSUzI1NiJ9.eyJyZWFsbSI6ImRlbW8iLCJwcm92aWRlciI6Imdvb2dsZSIsImF0dHJpYnV0ZXMiOnsicmVzcG9uc2VfdHlwZSI6bnVsbCwic2NvcGUiOm51bGwsInJlZGlyZWN0X3VyaSI6Imh0dHA6Ly81NC44NC4yNDAuMTg6ODA4MC9jdXN0b21lci1wb3J0YWwvY3VzdG9tZXJzL3ZpZXcuanNwIiwic3RhdGUiOiIzMS8yMDI1NjljMC0yMTk2LTQzYTItYmY5YS0yYTQ0NzY5NjNhZDAiLCJjbGllbnRfaWQiOiJjdXN0b21lci1wb3J0YWwifX0.AkSP5VGCLtVKQGxdD0EtAi022_74pox0TbQEpDgDrRtMzJvnTmW7bcgKG_0Vd7tKnYGJvneoKiAKg43Gj_Ns2mPgIyzHTLU18J2t5_pam1hyAwsuNcwyNDY6bYrVH1bWVv8rp5Wed2ghodY7HT9yXHswV318TLwdBJxR6s2NIBI client_id=307515625284-g4fbfm5jj8u5602mcj6fdca5ne4742nl.apps.googleusercontent.com That?s all we know. On Jul 28, 2014, at 8:40 AM, Stian Thorgersen wrote: > Looks like Google isn't keen on using an IP address for the redirect-uri. Try using your public EC2 hostname instead. > > ----- Original Message ----- >> From: "Christina Lau" >> To: "Stian Thorgersen" >> Cc: keycloak-user at lists.jboss.org >> Sent: Monday, 28 July, 2014 1:33:25 PM >> Subject: Re: [keycloak-user] Unable to register redirect url to google developer console >> >> From the Google dialog when I try to save. >> >> On Jul 28, 2014, at 8:14 AM, Stian Thorgersen wrote: >> >>> Where and when are you getting redirect URL error? From Google or Keycloak? >>> >>> ----- Original Message ----- >>>> From: "Christina Lau" >>>> To: keycloak-user at lists.jboss.org >>>> Sent: Monday, 28 July, 2014 12:52:11 PM >>>> Subject: [keycloak-user] Unable to register redirect url to google >>>> developer console >>>> >>>> I have successfully create google social login on local keycloak install >>>> using this URL: >>>> >>>> http://localhost:8080/auth/rest/social/callback >>>> >>>> However, when I changed it to a keycloak install running on EC2, like >>>> this: >>>> >>>> http://54.84.240.18:8080/auth/rest/social/callback >>>> >>>> I keep getting invalid redirect URL error. >>>> >>>> Any idea what additional changes to make? >>>> >>>> Christina >>>> _______________________________________________ >>>> keycloak-user mailing list >>>> keycloak-user at lists.jboss.org >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>> >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140728/37e1e867/attachment-0001.html From vivsriva at cisco.com Mon Jul 28 09:35:01 2014 From: vivsriva at cisco.com (Vivek Srivastav (vivsriva)) Date: Mon, 28 Jul 2014 13:35:01 +0000 Subject: [keycloak-user] Clarification on redirect uri configuration on the KeyCloak admin console In-Reply-To: <184593483.19087918.1406553010224.JavaMail.zimbra@redhat.com> References: <184593483.19087918.1406553010224.JavaMail.zimbra@redhat.com> Message-ID: Thanks for clarifications. I tried using the following configuration with customer-portal and product-portal: Name: customer-portal Access Type: confidential Redirect URI: http://localhost:8080/customer-portal Base URL: Admin URL: http://localhost:8080/customer-portal/admin But I keep getting ?WE?RE SORRY?, ?Invalid redirect_uri? error Regards, Vivek On 7/28/14, 9:10 AM, "Stian Thorgersen" wrote: >The two special redirect-uris you refer to are for installed applications >(for example a CLI interface or a desktop app). In #1 you're asking about >bundling with your web app, so you shouldn't be using these. > >Instead you should use whatever URL you use to access your application. >For example if your application is: > > http://www.mydomain.com/myapp/secure.html > >Then your redirect-uri should be: > > http://www.mydomain.com/myapp/secure.html > >You can also use a wild-card if you want to allow any page on a certain >domain/context-path, for example: > > http://www.mydomain.com/myapp/* > >----- Original Message ----- >> From: "Vivek Srivastav (vivsriva)" >> To: keycloak-user at lists.jboss.org >> Sent: Monday, 28 July, 2014 1:54:58 PM >> Subject: [keycloak-user] Clarification on redirect uri configuration on >>the KeyCloak admin console >> >> I am trying to understand the redirect uri configuration on the KeyCloak >> admin console. >> >> As per the document: >> >>http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html_single/#ins >>talled-applications >> >> there are two special special redirect uri for application. I have few >> questions about the http://localhost >> >> >> 1. When I configure my application with the http://localhost and >> confidential access_type, am I supposed to provide a callback >> implementation or is is handled by keyclock client libraries that I >> bundle with my web app? >> 2. Am I supposed to provide a ?port? along with the redirect uri? >>I.e. >> http://localhost:8989 ? It seems like with either configuration >>gives me >> ?WE?RE SORRY?, ?Invalid redirect_uri?. >> 3. When running KeyCloak and my client application on separate >>servers, >> will the http://localhost redirect uri automatically supposed to be >> replaced with the correct IP address/hostname of the Resource Server >> provides, I.e. my application? >> I understand that this redirect_uri has been made a mandatory field in >>recent >> release of KeyCloak and I could not find information related to its >> configuration in the ?Base Part 1? tutorial video. >> >> Any pointers about how to configure this redirect uri for ?confidential? >> access_type would be very helpful. >> >> Kind Regards, >> Vivek >> >> >> >> >> >> >> >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user -------------- next part -------------- A non-text attachment was scrubbed... Name: default.png Type: image/png Size: 55491 bytes Desc: default.png Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20140728/8d6a8eea/attachment-0001.png From bburke at redhat.com Mon Jul 28 09:40:56 2014 From: bburke at redhat.com (Bill Burke) Date: Mon, 28 Jul 2014 09:40:56 -0400 Subject: [keycloak-user] Clarification on redirect uri configuration on the KeyCloak admin console In-Reply-To: References: <184593483.19087918.1406553010224.JavaMail.zimbra@redhat.com> Message-ID: <53D652E8.5070302@redhat.com> Do redirect uri: http://localhost:8080/customer-portal/* Notice the "/*". Redirect is either a wildcard or specific/exact URL. On 7/28/2014 9:35 AM, Vivek Srivastav (vivsriva) wrote: > Thanks for clarifications. I tried using the following configuration with > customer-portal and product-portal: > > Name: customer-portal > Access Type: confidential > Redirect URI: http://localhost:8080/customer-portal > Base URL: > Admin URL: http://localhost:8080/customer-portal/admin > > But I keep getting ?WE?RE SORRY?, ?Invalid redirect_uri? error > > Regards, > Vivek > > > > > On 7/28/14, 9:10 AM, "Stian Thorgersen" wrote: > >> The two special redirect-uris you refer to are for installed applications >> (for example a CLI interface or a desktop app). In #1 you're asking about >> bundling with your web app, so you shouldn't be using these. >> >> Instead you should use whatever URL you use to access your application. >> For example if your application is: >> >> http://www.mydomain.com/myapp/secure.html >> >> Then your redirect-uri should be: >> >> http://www.mydomain.com/myapp/secure.html >> >> You can also use a wild-card if you want to allow any page on a certain >> domain/context-path, for example: >> >> http://www.mydomain.com/myapp/* >> >> ----- Original Message ----- >>> From: "Vivek Srivastav (vivsriva)" >>> To: keycloak-user at lists.jboss.org >>> Sent: Monday, 28 July, 2014 1:54:58 PM >>> Subject: [keycloak-user] Clarification on redirect uri configuration on >>> the KeyCloak admin console >>> >>> I am trying to understand the redirect uri configuration on the KeyCloak >>> admin console. >>> >>> As per the document: >>> >>> http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html_single/#ins >>> talled-applications >>> >>> there are two special special redirect uri for application. I have few >>> questions about the http://localhost >>> >>> >>> 1. When I configure my application with the http://localhost and >>> confidential access_type, am I supposed to provide a callback >>> implementation or is is handled by keyclock client libraries that I >>> bundle with my web app? >>> 2. Am I supposed to provide a ?port? along with the redirect uri? >>> I.e. >>> http://localhost:8989 ? It seems like with either configuration >>> gives me >>> ?WE?RE SORRY?, ?Invalid redirect_uri?. >>> 3. When running KeyCloak and my client application on separate >>> servers, >>> will the http://localhost redirect uri automatically supposed to be >>> replaced with the correct IP address/hostname of the Resource Server >>> provides, I.e. my application? >>> I understand that this redirect_uri has been made a mandatory field in >>> recent >>> release of KeyCloak and I could not find information related to its >>> configuration in the ?Base Part 1? tutorial video. >>> >>> Any pointers about how to configure this redirect uri for ?confidential? >>> access_type would be very helpful. >>> >>> Kind Regards, >>> Vivek >>> >>> >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user at lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From vivsriva at cisco.com Mon Jul 28 09:50:51 2014 From: vivsriva at cisco.com (Vivek Srivastav (vivsriva)) Date: Mon, 28 Jul 2014 13:50:51 +0000 Subject: [keycloak-user] Clarification on redirect uri configuration on the KeyCloak admin console In-Reply-To: <53D652E8.5070302@redhat.com> References: <184593483.19087918.1406553010224.JavaMail.zimbra@redhat.com> <53D652E8.5070302@redhat.com> Message-ID: Bill, Thanks. That fixed it. Regards, Vivek On 7/28/14, 9:40 AM, "Bill Burke" wrote: >Do > >redirect uri: http://localhost:8080/customer-portal/* > >Notice the "/*". Redirect is either a wildcard or specific/exact URL. > > >On 7/28/2014 9:35 AM, Vivek Srivastav (vivsriva) wrote: >> Thanks for clarifications. I tried using the following configuration >>with >> customer-portal and product-portal: >> >> Name: customer-portal >> Access Type: confidential >> Redirect URI: http://localhost:8080/customer-portal >> Base URL: >> Admin URL: http://localhost:8080/customer-portal/admin >> >> But I keep getting ?WE?RE SORRY?, ?Invalid redirect_uri? error >> >> Regards, >> Vivek >> >> >> >> >> On 7/28/14, 9:10 AM, "Stian Thorgersen" wrote: >> >>> The two special redirect-uris you refer to are for installed >>>applications >>> (for example a CLI interface or a desktop app). In #1 you're asking >>>about >>> bundling with your web app, so you shouldn't be using these. >>> >>> Instead you should use whatever URL you use to access your application. >>> For example if your application is: >>> >>> http://www.mydomain.com/myapp/secure.html >>> >>> Then your redirect-uri should be: >>> >>> http://www.mydomain.com/myapp/secure.html >>> >>> You can also use a wild-card if you want to allow any page on a certain >>> domain/context-path, for example: >>> >>> http://www.mydomain.com/myapp/* >>> >>> ----- Original Message ----- >>>> From: "Vivek Srivastav (vivsriva)" >>>> To: keycloak-user at lists.jboss.org >>>> Sent: Monday, 28 July, 2014 1:54:58 PM >>>> Subject: [keycloak-user] Clarification on redirect uri configuration >>>>on >>>> the KeyCloak admin console >>>> >>>> I am trying to understand the redirect uri configuration on the >>>>KeyCloak >>>> admin console. >>>> >>>> As per the document: >>>> >>>> >>>>http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html_single/#i >>>>ns >>>> talled-applications >>>> >>>> there are two special special redirect uri for application. I have few >>>> questions about the http://localhost >>>> >>>> >>>> 1. When I configure my application with the http://localhost and >>>> confidential access_type, am I supposed to provide a callback >>>> implementation or is is handled by keyclock client libraries >>>>that I >>>> bundle with my web app? >>>> 2. Am I supposed to provide a ?port? along with the redirect uri? >>>> I.e. >>>> http://localhost:8989 ? It seems like with either configuration >>>> gives me >>>> ?WE?RE SORRY?, ?Invalid redirect_uri?. >>>> 3. When running KeyCloak and my client application on separate >>>> servers, >>>> will the http://localhost redirect uri automatically supposed to >>>>be >>>> replaced with the correct IP address/hostname of the Resource >>>>Server >>>> provides, I.e. my application? >>>> I understand that this redirect_uri has been made a mandatory field in >>>> recent >>>> release of KeyCloak and I could not find information related to its >>>> configuration in the ?Base Part 1? tutorial video. >>>> >>>> Any pointers about how to configure this redirect uri for >>>>?confidential? >>>> access_type would be very helpful. >>>> >>>> Kind Regards, >>>> Vivek >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> keycloak-user mailing list >>>> keycloak-user at lists.jboss.org >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >> >> >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > >-- >Bill Burke >JBoss, a division of Red Hat >http://bill.burkecentral.com >_______________________________________________ >keycloak-user mailing list >keycloak-user at lists.jboss.org >https://lists.jboss.org/mailman/listinfo/keycloak-user From christinalau28 at icloud.com Mon Jul 28 15:52:19 2014 From: christinalau28 at icloud.com (Christina Lau) Date: Mon, 28 Jul 2014 15:52:19 -0400 Subject: [keycloak-user] How can I customize the New User Registration workflow? Message-ID: Is it possible to add a call to call my own code before a new user is added to the system using the New User Registration form? I need to call some other services when onboarding a new user. Thx. Christina From vivsriva at cisco.com Mon Jul 28 16:46:32 2014 From: vivsriva at cisco.com (Vivek Srivastav (vivsriva)) Date: Mon, 28 Jul 2014 20:46:32 +0000 Subject: [keycloak-user] Client cert based OAuth Message-ID: The KeyCloak reference guide points out that client cert auth is coming soon. What cert authentication mechanism will be used in the implementation and when is is planned? Regards, Vivek -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140728/8898d093/attachment.html From john.c.stier at gmail.com Mon Jul 28 17:19:34 2014 From: john.c.stier at gmail.com (Chris Stier) Date: Mon, 28 Jul 2014 15:19:34 -0600 Subject: [keycloak-user] Getting all roles for a realm and appliaction Message-ID: Hi all, Is there currently a way to get all roles for a realm and application? I found the rest api docs... but when I call /admin/realms/{realm}/applications/{app-name}/roles with the appropriate realm and app name I just get the text "Bearer" returned. Is this still in the works or am I missing something? Thanks so much! Chris Stier -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140728/621ee9f0/attachment.html From stian at redhat.com Tue Jul 29 04:47:30 2014 From: stian at redhat.com (Stian Thorgersen) Date: Tue, 29 Jul 2014 04:47:30 -0400 (EDT) Subject: [keycloak-user] How can I customize the New User Registration workflow? In-Reply-To: References: Message-ID: <929661017.19696513.1406623650372.JavaMail.zimbra@redhat.com> Not before, but you can after it's been registered. See http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/audit.html#d4e1166 Ignore the fact it's called an AuditListener, the name should have been EventListener. ----- Original Message ----- > From: "Christina Lau" > To: keycloak-user at lists.jboss.org > Sent: Monday, 28 July, 2014 8:52:19 PM > Subject: [keycloak-user] How can I customize the New User Registration workflow? > > Is it possible to add a call to call my own code before a new user is added > to the system using the New User Registration form? I need to call some > other services when onboarding a new user. Thx. > > Christina > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > From stian at redhat.com Tue Jul 29 05:12:04 2014 From: stian at redhat.com (Stian Thorgersen) Date: Tue, 29 Jul 2014 05:12:04 -0400 (EDT) Subject: [keycloak-user] Getting all roles for a realm and appliaction In-Reply-To: References: Message-ID: <862319792.19702717.1406625124788.JavaMail.zimbra@redhat.com> To call those endpoints you need to include the bearer token in the authorization header. We'll soon have a Java API to call the admin endpoints, but in the meantime you can have a look at the admin-access-app example. ----- Original Message ----- > From: "Chris Stier" > To: keycloak-user at lists.jboss.org > Sent: Monday, 28 July, 2014 10:19:34 PM > Subject: [keycloak-user] Getting all roles for a realm and appliaction > > Hi all, > Is there currently a way to get all roles for a realm and application? I > found the rest api docs... but when I call > /admin/realms/{realm}/applications/{app-name}/roles with the appropriate > realm and app name I just get the text "Bearer" returned. Is this still in > the works or am I missing something? > Thanks so much! > Chris Stier > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user From rodrigopsasaki at gmail.com Tue Jul 29 07:15:15 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Tue, 29 Jul 2014 08:15:15 -0300 Subject: [keycloak-user] "Remember Me" feature on Social Login Message-ID: Hi, I know this doesn't exist now, but I was wondering if it is something that is planned to be implemented, or if there's a particular reason why it isn't. Thanks! -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140729/9d708b06/attachment.html From rodrigopsasaki at gmail.com Tue Jul 29 07:21:30 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Tue, 29 Jul 2014 08:21:30 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <438546910.12158401.1405609875586.JavaMail.zimbra@redhat.com> <53C8385A.8030400@redhat.com> <53C94D34.70307@redhat.com> <1703920550.15129364.1406037527645.JavaMail.zimbra@redhat.com> <53CFC211.2020806@redhat.com> Message-ID: Hello, I was just wondering. What is missing from the admin-client to merge it with the master branch? On Wed, Jul 23, 2014 at 1:04 PM, Rodrigo Sasaki wrote: > So far it's good :) But it's not fully in production. > > We changed a small portion of the application, that only internal > administrative employees have access to, and so far it's holding up very > well > > But we can't really put it completely in production until we figure out > those login issues from the other thread > > > On Wed, Jul 23, 2014 at 11:09 AM, Bill Burke wrote: > >> You are using us in production? I don't know if I should be happy or >> scared :) How is it going? Are we holding up? >> >> On 7/23/2014 9:50 AM, Rodrigo Sasaki wrote: >> >>> The problem was that the version of keycloak we have in production is >>> based on the beta-2, and the UserRepresentation there is different, >>> sorry about this. >>> >>> I submitted a PR with the alterations >>> >>> >>> On Tue, Jul 22, 2014 at 11:06 AM, Rodrigo Sasaki >>> > wrote: >>> >>> The thing is that I simply create an instance and assign an username >>> >>> UserRepresentation userRep = new UserRepresentation(); >>> userRep.setUsername("user1"); >>> realm.users().create(userRep); >>> >>> That create is a proxy of the interface, so I don't really know >>> where I could interfere here with code. >>> >>> >>> On Tue, Jul 22, 2014 at 10:58 AM, Stian Thorgersen >> > wrote: >>> >>> Try removing socialLinks instead of setting the value to null, >>> or specifying an empty array. >>> >>> ----- Original Message ----- >>> > From: "Rodrigo Sasaki" >> > >>> > To: "Bill Burke" >> >> >>> > Cc: "Stian Thorgersen" >> >, keycloak-user at lists.jboss.org >>> >>> > Sent: Tuesday, 22 July, 2014 2:54:49 PM >>> > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper >>> > >>> > I tried creating a user using the API, and I got a 400 status >>> code, I went >>> > to check everything, and it seems that I can't send >>> "socialLinks", >>> > "realmRoles" and "applicationRoles" as null for some reason, >>> I get this >>> > exception: >>> > >>> > org.codehaus.jackson.map.exc.UnrecognizedPropertyException: >>> Unrecognized >>> > field "socialLinks" >>> > (Class >>> org.keycloak.representations.idm.UserRepresentation), not marked >>> > as ignorable >>> > >>> > But I know those values aren't mandatory. Is there a fix for >>> this? >>> > >>> > >>> > On Fri, Jul 18, 2014 at 1:37 PM, Bill Burke >>> > wrote: >>> > >>> > > String token = getToken(); >>> > > final String authHeader = "Bearer " + token; >>> > > ClientRequestFilter authFilter = new ClientRequestFilter() { >>> > > @Override >>> > > public void filter(ClientRequestContext requestContext) >>> throws >>> > > IOException { >>> > > >>> > > requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, >>> authHeader); >>> > > >>> > > } >>> > > }; >>> > > >>> > > >>> > > ResteasyWebTarget target = >>> client.target("http://localhost:8080/auth"); >>> > > target.register(authFilter); >>> > > Admin admin = target.proxy(Admin.class); >>> > > >>> > > >>> > > >>> > > On 7/18/2014 12:26 PM, Rodrigo Sasaki wrote: >>> > > >>> > >> Can you help me with any hint or documentation regarding >>> that >>> > >> BearerTokenFilter implementation? >>> > >> >>> > >> I understand that I have to create it myself, but I don't >>> know what I >>> > >> should create. I tried browsing the web, but with no >>> success.. Perhaps >>> > >> I'm missing the right keyword to find what I need >>> > >> >>> > >> >>> > >> On Thu, Jul 17, 2014 at 6:36 PM, Rodrigo Sasaki >>> > >> >> >>> >> >> wrote: >>> > >> >>> > >> That's perfect :) thanks for the help >>> > >> >>> > >> I'll get started on it as soon as I can >>> > >> >>> > >> On Jul 17, 2014 5:55 PM, "Bill Burke" >>> >>> > >> >> >>> wrote: >>> > >> >>> > >> @Path("/admin >>> > >> public interface Admin { >>> > >> @Path("realms/{realm}") >>> > >> Realm realm(@PathParameter("realm") realmName); >>> > >> } >>> > >> >>> > >> public interface Realm { >>> > >> @GET >>> > >> @Produces("application/json") >>> > >> RealmRepresentation get(); >>> > >> >>> > >> @DELETE >>> > >> void delete(); >>> > >> >>> > >> @PUT >>> > >> @Consumes("application/json") >>> > >> void update(RealmRepresentation rep); >>> > >> >>> > >> @Path("users") >>> > >> Users users(); >>> > >> } >>> > >> >>> > >> public interface Users { >>> > >> ... >>> > >> } >>> > >> >>> > >> FOllow me? >>> > >> >>> > >> Then its just >>> > >> >>> > >> ResteasyClient client = new >>> ResteasyClientBuilder().build(__); >>> > >> ResteasyWebTarget target = >>> > >> client.target("http://__localhost:8080/auth >>> > >> >>> > >> "); >>> > >> >>> > >> String token = ... get a token ... >>> > >> >>> > >> target.register(new BearerTokenFilter(token)); // >>> you'd have to >>> > >> implement this >>> > >> >>> > >> Admin admin = target.proxy(Admin.class); >>> > >> >>> > >> admin.realm("master") >>> > >> >>> > >> That's about as much help I can give you right now. >>> > >> >>> > >> >>> > >> >>> > >> >>> > >> On 7/17/2014 11:18 AM, Rodrigo Sasaki wrote: >>> > >> >>> > >> OK, will do. >>> > >> >>> > >> Is there a way for me to do it like it is >>> there? I'll >>> > >> explain a little >>> > >> better >>> > >> >>> > >> the class *AdminRoot* has the path set to >>> "/admin", and it >>> > >> has a method >>> > >> getRealmsAdmin, with "realms" on the path, and >>> on the >>> > >> *RealmsAdminResource* there's the >>> getRealmAdmin mapped to >>> > >> "{realm}", >>> > >> making the full path for it >>> "/admin/realms/{realm}", even >>> > >> though each >>> > >> one is in a different class. >>> > >> >>> > >> Is there a way for me to do it the same way, I >>> don't know >>> > >> how the Proxy >>> > >> framework would understand that, maybe I would >>> have to set >>> > >> the full path >>> > >> >>> > >> >>> > >> On Thu, Jul 17, 2014 at 12:11 PM, Stian >>> Thorgersen >>> > >> >>> > >>> > >> >> >> >>> wrote: >>> > >> >>> > >> Rodrigo: just create your own interfaces. >>> If you can >>> > >> try to keep >>> > >> them as consistent with jax-rs classes in >>> services as >>> > >> you can that >>> > >> would be great. >>> > >> >>> > >> ----- Original Message ----- >>> > >> > From: "Stian Thorgersen" >>> >>> > >> >> > >> >>> > >> >> >>> >>> > >> > To: "Rodrigo Sasaki" >>> >>> > >> >> > >>> > >> >> __com >>> > >> >> >>>, "Bill Burke" >>> > >> >>> > >>> > >> >> >> >>> >>> > >> > Cc: keycloak-user at lists.jboss.org >>> >>> > >> >> > >>> > >> >> __jboss.org >>> > >> >>> > >> >> >> >>> > >> > Sent: Wednesday, 16 July, 2014 2:34:44 >>> PM >>> > >> > Subject: Re: [keycloak-user] Java >>> Keycloak REST API >>> > >> Wrapper >>> > >> > >>> > >> > Bill: does it make sense for us to >>> share interfaces >>> > >> (with jax-rs >>> > >> annotations) >>> > >> > for services and admin-client? >>> > >> > >>> > >> > ----- Original Message ----- >>> > >> > > From: "Rodrigo Sasaki" >>> >>> > >> >> > >>> > >> >> __com >>> > >> >> >>> >>> > >> > > To: "Stian Thorgersen" >>> >>> > >> >> > >> >>> > >> >> >>> >>> > >> > > Cc: "Juraci Paix?o Kr?hling" >>> >>> > >> >> > >>> > >> >> >> >>> > >> >>>, >>> > >> > > keycloak-user at lists.jboss.org >>> >>> > >> >> > >>> > >> >> __jboss.org >>> > >> >>> > >> >> >> >>> > >> > > Sent: Wednesday, 16 July, 2014 >>> 2:31:35 PM >>> > >> > > Subject: Re: [keycloak-user] Java >>> Keycloak REST >>> > >> API Wrapper >>> > >> > > >>> > >> > > I'll get on it for sure. >>> > >> > > >>> > >> > > Just one thing, should I create >>> myself the >>> > >> interfaces for the >>> > >> services? Or >>> > >> > > is there a more integrated way to do >>> that? >>> > >> > > >>> > >> > > >>> > >> > > On Wed, Jul 16, 2014 at 10:27 AM, >>> Stian Thorgersen >>> > >> >> >> > >>> > >> >> >> >>> >>> > >> >>> > >> > > wrote: >>> > >> > > >>> > >> > > > Great work with the admin-client. >>> As I commented >>> > >> on GitHub I >>> > >> added it to >>> > >> > > > 'admin-client' branch, and would >>> like a few >>> > >> changes before >>> > >> merging to >>> > >> > > > master: >>> > >> > > > >>> > >> > > > * Make it use RestEasy client >>> framwork >>> > >> > > > * Tests - I've added a starting >>> point to >>> > >> > > > >>> > >> https://github.com/keycloak/__ >>> keycloak/blob/admin-client/__ >>> > >> >>> testsuite/integration/src/__test/java/org/keycloak/__ >>> testsuite/admin/__ >>> > >> AdminClientTest.java >>> > >> >>> > >> >>> >> > >> >>> testsuite/integration/src/test/java/org/keycloak/ >>> testsuite/admin/ >>> > >> AdminClientTest.java> >>> > >> > > > * Better error handling - instead >>> of swallowing >>> > >> exceptions it >>> > >> now throws >>> > >> > > > KeycloakException >>> (RuntimeException), but >>> > >> there's HTTP >>> > >> response codes are >>> > >> > > > not checked (see above test that >>> tries to create >>> > >> two users >>> > >> with the same >>> > >> > > > username) >>> > >> > > > >>> > >> > > > If you're happy to do this work >>> that would be >>> > >> awesome! >>> > >> > > > >>> > >> > > > ----- Original Message ----- >>> > >> > > > > From: "Rodrigo Sasaki" >>> > >> >> >>> >> com>> >>> > >> >> __com >>> > >> >> >>> >>> > >> > > > > To: "Stian Thorgersen" >>> >>> > >> >> > >>> > >> >> >> >>> >>> > >> > > > > Cc: "Juraci Paix?o Kr?hling" >>> > >> >> >> > >>> > >> >> >> >>> > >> >>>, >>> > >> > > > keycloak-user at lists.jboss.org >>> >>> > >> >> > >>> > >> >> __jboss.org >>> > >> >>> > >> >> >> >>> > >> > > > > Sent: Monday, 14 July, 2014 >>> 2:44:48 PM >>> > >> > > > > Subject: Re: [keycloak-user] >>> Java Keycloak >>> > >> REST API Wrapper >>> > >> > > > > >>> > >> > > > > Glad to hear it :) >>> > >> > > > > >>> > >> > > > > I'll be waiting on more replies >>> and ideas to >>> > >> perhaps make >>> > >> it better. >>> > >> > > > > Thanks! :) >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > On Mon, Jul 14, 2014 at 10:43 >>> AM, Stian >>> > >> Thorgersen >>> > >> >> >> > >>> > >> >> >> >>> >>> > >> >>> > >> > > > wrote: >>> > >> > > > > >>> > >> > > > > > Great stuff, I'll have a look >>> at it soon. At >>> > >> first glance >>> > >> it looks >>> > >> > > > really >>> > >> > > > > > good! >>> > >> > > > > > >>> > >> > > > > > Thanks :) >>> > >> > > > > > >>> > >> > > > > > ----- Original Message ----- >>> > >> > > > > > > From: "Rodrigo Sasaki" >>> > >> >> >>> >> com>> >>> > >> >> __com >>> > >> >> >>> >>> > >> > > > > > > To: "Stian Thorgersen" >>> >>> > >> >> > >>> > >> >> >> >>> >>> > >> > > > > > > Cc: "Juraci Paix?o Kr?hling" >>> > >> >> >> > >>> > >> >> >> >>> > >> >>>, >>> > >> > > > > > keycloak-user at lists.jboss.org >>> >>> > >> >> > >>> > >> >> __jboss.org >>> > >> >>> > >> >> >> >>> > >> > > > > > > Sent: Monday, 14 July, 2014 >>> 2:40:17 PM >>> > >> > > > > > > Subject: Re: [keycloak-user] >>> Java Keycloak >>> > >> REST API Wrapper >>> > >> > > > > > > >>> > >> > > > > > > PR submitted :) >>> > >> > > > > > > >>> > >> > > > > > > >>> > >> > > > > > > On Fri, Jul 11, 2014 at 9:56 >>> AM, Stian >>> > >> Thorgersen >>> > >> > > > > > > >> >>> > >> >> > >> >>> > >> >>> > >> >> >>> >>> > >> > > > > > wrote: >>> > >> > > > > > > >>> > >> > > > > > > > Please change package >>> names to >>> > >> 'org.keycloak.admin.client' >>> > >> > > > > > > > >>> > >> > > > > > > > ----- Original Message >>> ----- >>> > >> > > > > > > > > From: "Rodrigo Sasaki" >>> > >> >> >>> >> com>> >>> > >> >> __com >>> > >> >> >>> >>> > >> > > > > > > > > To: "Stian Thorgersen" >>> > >> >>> > >>> > >> >> >> >>> >>> > >> > > > > > > > > Cc: "Juraci Paix?o >>> Kr?hling" >>> > >> >> >> > >>> > >> >> >> >>> > >> >>>, >>> > >> > > > > > > > >>> keycloak-user at lists.jboss.org >> jboss.org> >>> > >> >> > >>> > >> >> __jboss.org >>> > >> >>> > >> >> >> >>> > >> > > > > > > > > Sent: Friday, 11 July, >>> 2014 1:51:41 PM >>> > >> > > > > > > > > Subject: Re: >>> [keycloak-user] Java >>> > >> Keycloak REST API >>> > >> Wrapper >>> > >> > > > > > > > > >>> > >> > > > > > > > > Just one more question, >>> I created it >>> > >> with my >>> > >> companies' name in >>> > >> > > > the >>> > >> > > > > > > > > package, should I >>> replace it? Or just >>> > >> upload it as is? >>> > >> > > > > > > > > >>> > >> > > > > > > > > It's >>> br.com.icarros.keycloak.api >>> > >> > > > > > > > > >>> > >> > > > > > > > > >>> > >> > > > > > > > > >>> > >> > > > > > > > > >>> > >> > > > > > > > > On Fri, Jul 11, 2014 at >>> 4:13 AM, Stian >>> > >> Thorgersen < >>> > >> > > > stian at redhat.com >>> >> > >>> > >> >> >> >>> >>> > >> >>> > >> > > > > > > > wrote: >>> > >> > > > > > > > > >>> > >> > > > > > > > > > You can create a new >>> module for it in: >>> > >> > > > > > > > > > >>> > >> > > > > > > > > > >>> integration/admin-client >>> > >> > > > > > > > > > >>> > >> > > > > > > > > > ----- Original Message >>> ----- >>> > >> > > > > > > > > > > From: "Rodrigo >>> Sasaki" >>> > >> >> >>> > >> >> > >>> > >> >> __com >>> > >> >> >>> >>> > >> > > > > > > > > > > To: "Stian >>> Thorgersen" >>> > >> >>> > >>> > >> >> >> >>> >>> > >> > > > > > > > > > > Cc: "Juraci Paix?o >>> Kr?hling" >>> > >> >> >> > >>> > >> >> >> >>>, >>> > >> > > > > > > > > > >>> keycloak-user at lists.jboss.org >> jboss.org> >>> > >> >> > >>> > >> >> __jboss.org >>> > >> >>> > >> >> >> >>> > >> > > > > > > > > > > Sent: Thursday, 10 >>> July, 2014 >>> > >> 8:50:00 PM >>> > >> > > > > > > > > > > Subject: Re: >>> [keycloak-user] Java >>> > >> Keycloak REST >>> > >> API Wrapper >>> > >> > > > > > > > > > > >>> > >> > > > > > > > > > > Stian, how should I >>> send the code >>> > >> that I made >>> > >> to the >>> > >> > > > > > > > > > > Keycloak >>> > >> > > > > > repo? >>> > >> > > > > > > > > > > >>> > >> > > > > > > > > > > Can you tell me what >>> module name >>> > >> to use, and >>> > >> where to >>> > >> > > > > > > > > > > create >>> > >> > > > it? >>> > >> > > > > > > > > > > >>> > >> > > > > > > > > > > >>> > >> > > > > > > > > > > On Tue, Jul 8, 2014 >>> at 10:00 AM, >>> > >> Rodrigo Sasaki < >>> > >> > > > > > > > > > >>> rodrigopsasaki at gmail.com >>> > >> >> > >>> > >> >> __com >>> > >> >>> > >> >> >>> >>> > >> > > > > > > > > > > wrote: >>> > >> > > > > > > > > > > >>> > >> > > > > > > > > > > > I would really >>> like to do that >>> > >> :) All I'm >>> > >> waiting for is >>> > >> > > > an OK >>> > >> > > > > > to >>> > >> > > > > > > > do >>> > >> > > > > > > > > > it, >>> > >> > > > > > > > > > > > because it was >>> built inside the >>> > >> company, so I >>> > >> need >>> > >> > > > approval. >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > > > > But I really >>> believe it'll get a >>> > >> lot better >>> > >> when it's out >>> > >> > > > > > there, >>> > >> > > > > > > > and >>> > >> > > > > > > > > > you >>> > >> > > > > > > > > > > > can all pitch in >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > > > > On Tue, Jul 8, >>> 2014 at 9:55 AM, >>> > >> Stian >>> > >> Thorgersen < >>> > >> > > > > > stian at redhat.com >>> >> > >>> > >> >> >> >> >>> > >> >>> > >> > > > > > > > > >>> > >> > > > > > > > > > wrote: >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > > > >> Ideal way to >>> contribute it to >>> > >> Keycloak would >>> > >> be if you >>> > >> > > > fork >>> > >> > > > > > the >>> > >> > > > > > > > > > Keycloak >>> > >> > > > > > > > > > > >> repo, add a >>> module and do a PR ;) >>> > >> > > > > > > > > > > >> >>> > >> > > > > > > > > > > >> ----- Original >>> Message ----- >>> > >> > > > > > > > > > > >> > From: "Rodrigo >>> Sasaki" >>> > >> >> >>> > >> >> > >>> > >> >> __com >>> > >> >> >>> >>> > >> > > > > > > > > > > >> > To: "Juraci >>> Paix?o Kr?hling" >>> > >> >> >> > >>> > >> >> >> >>> >>> > >> > > > > > > > > > > >> > Cc: >>> > >> keycloak-user at lists.jboss.org >>> >>> > >> >> > >>> > >> >> __jboss.org >>> > >> >>> > >> >> >> >>> > >> > > > > > > > > > > >> > Sent: Tuesday, >>> 8 July, 2014 >>> > >> 1:50:14 PM >>> > >> > > > > > > > > > > >> > Subject: Re: >>> [keycloak-user] >>> > >> Java Keycloak >>> > >> REST API >>> > >> > > > Wrapper >>> > >> > > > > > > > > > > >> > >>> > >> > > > > > > > > > > >> > Oh yes, I >>> believe it is >>> > >> already very usable. >>> > >> > > > > > > > > > > >> > >>> > >> > > > > > > > > > > >> > All I need now >>> is to get my >>> > >> manager to >>> > >> agree to make >>> > >> > > > this >>> > >> > > > > > repo >>> > >> > > > > > > > > > public, >>> > >> > > > > > > > > > > >> > because there >>> is a policy >>> > >> that all repos >>> > >> are private >>> > >> > > > > > > > > > > >> > in >>> > >> > > > this >>> > >> > > > > > > > project >>> > >> > > > > > > > > > > >> we're >>> > >> > > > > > > > > > > >> > working in, but >>> I don't think >>> > >> we'll have >>> > >> problems with >>> > >> > > > > > this. I >>> > >> > > > > > > > > > pitched >>> > >> > > > > > > > > > > >> him >>> > >> > > > > > > > > > > >> > the idea of >>> contributing to >>> > >> Keycloak and >>> > >> he seemed to >>> > >> > > > like >>> > >> > > > > > it >>> > >> > > > > > > > > > > >> > >>> > >> > > > > > > > > > > >> > >>> > >> > > > > > > > > > > >> > On Tue, Jul 8, >>> 2014 at 9:32 >>> > >> AM, Juraci >>> > >> Paix?o Kr?hling >>> > >> > > > > > > > > > > >> > < >>> > >> > > > > > > > > > > >> >>> juraci at kroehling.de >>> > >> >> > >> >>> > >> >>> > >> >> >> >>> > >> > > > > > > > > > > >> > > wrote: >>> > >> > > > > > > > > > > >> > >>> > >> > > > > > > > > > > >> > >>> > >> > > > > > > > > > > >> > -----BEGIN PGP >>> SIGNED >>> > >> MESSAGE----- >>> > >> > > > > > > > > > > >> > Hash: SHA512 >>> > >> > > > > > > > > > > >> > >>> > >> > > > > > > > > > > >> > Hello Rodrigo, >>> > >> > > > > > > > > > > >> > >>> > >> > > > > > > > > > > >> > Do you have >>> news about this? >>> > >> I'm working >>> > >> on a task >>> > >> > > > > > > > > > > >> > that >>> > >> > > > > > would >>> > >> > > > > > > > > > require >>> > >> > > > > > > > > > > >> > me to do >>> something similar, >>> > >> so, I think it >>> > >> would best >>> > >> > > > if we >>> > >> > > > > > can >>> > >> > > > > > > > > > > >> > collaborate on >>> this API :-) >>> > >> > > > > > > > > > > >> > >>> > >> > > > > > > > > > > >> > If/when you >>> have some time, >>> > >> we could have >>> > >> a chat via >>> > >> > > > > > > > > > > >> > IRC >>> > >> > > > > > > > > > (jpkroehling >>> > >> > > > > > > > > > > >> > at #keycloak on >>> freenode). >>> > >> > > > > > > > > > > >> > >>> > >> > > > > > > > > > > >> > - - Juca. >>> > >> > > > > > > > > > > >> > >>> > >> > > > > > > > > > > >> > On 06/20/2014 >>> 10:00 PM, >>> > >> Rodrigo Sasaki wrote: >>> > >> > > > > > > > > > > >> > > I'm working >>> on a Java-based >>> > >> wrapper for >>> > >> the REST >>> > >> > > > > > > > > > > >> > > API, >>> > >> > > > to >>> > >> > > > > > make >>> > >> > > > > > > > it >>> > >> > > > > > > > > > > >> > > look more OO, >>> abstracting >>> > >> the access to >>> > >> servers. >>> > >> > > > > > > > > > > >> > > >>> > >> > > > > > > > > > > >> > > It uses >>> methods such as >>> > >> > > > > > > > > > > >> > > >>> > >> > > > > > > > > > > >> > > User bill = >>> >> > > > -- > Rodrigo Sasaki > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140729/1b68f6b0/attachment-0001.html From stian at redhat.com Tue Jul 29 07:54:00 2014 From: stian at redhat.com (Stian Thorgersen) Date: Tue, 29 Jul 2014 07:54:00 -0400 (EDT) Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <1703920550.15129364.1406037527645.JavaMail.zimbra@redhat.com> <53CFC211.2020806@redhat.com> Message-ID: <1642862811.19749418.1406634840854.JavaMail.zimbra@redhat.com> I'll have a look later today or tomorrow morning ----- Original Message ----- > From: "Rodrigo Sasaki" > To: "Bill Burke" > Cc: "Stian Thorgersen" , keycloak-user at lists.jboss.org > Sent: Tuesday, 29 July, 2014 12:21:30 PM > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > Hello, > > I was just wondering. What is missing from the admin-client to merge it > with the master branch? > > > On Wed, Jul 23, 2014 at 1:04 PM, Rodrigo Sasaki > wrote: > > > So far it's good :) But it's not fully in production. > > > > We changed a small portion of the application, that only internal > > administrative employees have access to, and so far it's holding up very > > well > > > > But we can't really put it completely in production until we figure out > > those login issues from the other thread > > > > > > On Wed, Jul 23, 2014 at 11:09 AM, Bill Burke wrote: > > > >> You are using us in production? I don't know if I should be happy or > >> scared :) How is it going? Are we holding up? > >> > >> On 7/23/2014 9:50 AM, Rodrigo Sasaki wrote: > >> > >>> The problem was that the version of keycloak we have in production is > >>> based on the beta-2, and the UserRepresentation there is different, > >>> sorry about this. > >>> > >>> I submitted a PR with the alterations > >>> > >>> > >>> On Tue, Jul 22, 2014 at 11:06 AM, Rodrigo Sasaki > >>> > wrote: > >>> > >>> The thing is that I simply create an instance and assign an username > >>> > >>> UserRepresentation userRep = new UserRepresentation(); > >>> userRep.setUsername("user1"); > >>> realm.users().create(userRep); > >>> > >>> That create is a proxy of the interface, so I don't really know > >>> where I could interfere here with code. > >>> > >>> > >>> On Tue, Jul 22, 2014 at 10:58 AM, Stian Thorgersen >>> > wrote: > >>> > >>> Try removing socialLinks instead of setting the value to null, > >>> or specifying an empty array. > >>> > >>> ----- Original Message ----- > >>> > From: "Rodrigo Sasaki" >>> > > >>> > To: "Bill Burke" >>> >> > >>> > Cc: "Stian Thorgersen" >>> >, keycloak-user at lists.jboss.org > >>> > >>> > Sent: Tuesday, 22 July, 2014 2:54:49 PM > >>> > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > >>> > > >>> > I tried creating a user using the API, and I got a 400 status > >>> code, I went > >>> > to check everything, and it seems that I can't send > >>> "socialLinks", > >>> > "realmRoles" and "applicationRoles" as null for some reason, > >>> I get this > >>> > exception: > >>> > > >>> > org.codehaus.jackson.map.exc.UnrecognizedPropertyException: > >>> Unrecognized > >>> > field "socialLinks" > >>> > (Class > >>> org.keycloak.representations.idm.UserRepresentation), not marked > >>> > as ignorable > >>> > > >>> > But I know those values aren't mandatory. Is there a fix for > >>> this? > >>> > > >>> > > >>> > On Fri, Jul 18, 2014 at 1:37 PM, Bill Burke > >>> > wrote: > >>> > > >>> > > String token = getToken(); > >>> > > final String authHeader = "Bearer " + token; > >>> > > ClientRequestFilter authFilter = new ClientRequestFilter() { > >>> > > @Override > >>> > > public void filter(ClientRequestContext requestContext) > >>> throws > >>> > > IOException { > >>> > > > >>> > > requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, > >>> authHeader); > >>> > > > >>> > > } > >>> > > }; > >>> > > > >>> > > > >>> > > ResteasyWebTarget target = > >>> client.target("http://localhost:8080/auth"); > >>> > > target.register(authFilter); > >>> > > Admin admin = target.proxy(Admin.class); > >>> > > > >>> > > > >>> > > > >>> > > On 7/18/2014 12:26 PM, Rodrigo Sasaki wrote: > >>> > > > >>> > >> Can you help me with any hint or documentation regarding > >>> that > >>> > >> BearerTokenFilter implementation? > >>> > >> > >>> > >> I understand that I have to create it myself, but I don't > >>> know what I > >>> > >> should create. I tried browsing the web, but with no > >>> success.. Perhaps > >>> > >> I'm missing the right keyword to find what I need > >>> > >> > >>> > >> > >>> > >> On Thu, Jul 17, 2014 at 6:36 PM, Rodrigo Sasaki > >>> > >> >>> > >>> >>> >> wrote: > >>> > >> > >>> > >> That's perfect :) thanks for the help > >>> > >> > >>> > >> I'll get started on it as soon as I can > >>> > >> > >>> > >> On Jul 17, 2014 5:55 PM, "Bill Burke" > >>> > >>> > >> >> > >>> wrote: > >>> > >> > >>> > >> @Path("/admin > >>> > >> public interface Admin { > >>> > >> @Path("realms/{realm}") > >>> > >> Realm realm(@PathParameter("realm") realmName); > >>> > >> } > >>> > >> > >>> > >> public interface Realm { > >>> > >> @GET > >>> > >> @Produces("application/json") > >>> > >> RealmRepresentation get(); > >>> > >> > >>> > >> @DELETE > >>> > >> void delete(); > >>> > >> > >>> > >> @PUT > >>> > >> @Consumes("application/json") > >>> > >> void update(RealmRepresentation rep); > >>> > >> > >>> > >> @Path("users") > >>> > >> Users users(); > >>> > >> } > >>> > >> > >>> > >> public interface Users { > >>> > >> ... > >>> > >> } > >>> > >> > >>> > >> FOllow me? > >>> > >> > >>> > >> Then its just > >>> > >> > >>> > >> ResteasyClient client = new > >>> ResteasyClientBuilder().build(__); > >>> > >> ResteasyWebTarget target = > >>> > >> client.target("http://__localhost:8080/auth > >>> > >> > >>> > >> "); > >>> > >> > >>> > >> String token = ... get a token ... > >>> > >> > >>> > >> target.register(new BearerTokenFilter(token)); // > >>> you'd have to > >>> > >> implement this > >>> > >> > >>> > >> Admin admin = target.proxy(Admin.class); > >>> > >> > >>> > >> admin.realm("master") > >>> > >> > >>> > >> That's about as much help I can give you right now. > >>> > >> > >>> > >> > >>> > >> > >>> > >> > >>> > >> On 7/17/2014 11:18 AM, Rodrigo Sasaki wrote: > >>> > >> > >>> > >> OK, will do. > >>> > >> > >>> > >> Is there a way for me to do it like it is > >>> there? I'll > >>> > >> explain a little > >>> > >> better > >>> > >> > >>> > >> the class *AdminRoot* has the path set to > >>> "/admin", and it > >>> > >> has a method > >>> > >> getRealmsAdmin, with "realms" on the path, and > >>> on the > >>> > >> *RealmsAdminResource* there's the > >>> getRealmAdmin mapped to > >>> > >> "{realm}", > >>> > >> making the full path for it > >>> "/admin/realms/{realm}", even > >>> > >> though each > >>> > >> one is in a different class. > >>> > >> > >>> > >> Is there a way for me to do it the same way, I > >>> don't know > >>> > >> how the Proxy > >>> > >> framework would understand that, maybe I would > >>> have to set > >>> > >> the full path > >>> > >> > >>> > >> > >>> > >> On Thu, Jul 17, 2014 at 12:11 PM, Stian > >>> Thorgersen > >>> > >> > >>> > > >>> > >> >>> >>> >>> wrote: > >>> > >> > >>> > >> Rodrigo: just create your own interfaces. > >>> If you can > >>> > >> try to keep > >>> > >> them as consistent with jax-rs classes in > >>> services as > >>> > >> you can that > >>> > >> would be great. > >>> > >> > >>> > >> ----- Original Message ----- > >>> > >> > From: "Stian Thorgersen" > >>> > >>> > >> >>> > >>> > >>> > >> >>> >>> > >>> > >> > To: "Rodrigo Sasaki" > >>> > >>> > >> >>> > > >>> > >> >>> __com > >>> > >> >>> >>>, "Bill Burke" > >>> > >> > >>> > > >>> > >> >>> >>> >>> > >>> > >> > Cc: keycloak-user at lists.jboss.org > >>> > >>> > >> >>> > > >>> > >> >>> __jboss.org > >>> > >> > >>> > >> >>> >> > >>> > >> > Sent: Wednesday, 16 July, 2014 2:34:44 > >>> PM > >>> > >> > Subject: Re: [keycloak-user] Java > >>> Keycloak REST API > >>> > >> Wrapper > >>> > >> > > >>> > >> > Bill: does it make sense for us to > >>> share interfaces > >>> > >> (with jax-rs > >>> > >> annotations) > >>> > >> > for services and admin-client? > >>> > >> > > >>> > >> > ----- Original Message ----- > >>> > >> > > From: "Rodrigo Sasaki" > >>> > >>> > >> >>> > > >>> > >> >>> __com > >>> > >> >>> >>> > >>> > >> > > To: "Stian Thorgersen" > >>> > >>> > >> >>> > >>> > >>> > >> >>> >>> > >>> > >> > > Cc: "Juraci Paix?o Kr?hling" > >>> > >>> > >> >>> > > >>> > >> >>> >>> > >>> > >> >>>, > >>> > >> > > keycloak-user at lists.jboss.org > >>> > >>> > >> >>> > > >>> > >> >>> __jboss.org > >>> > >> > >>> > >> >>> >> > >>> > >> > > Sent: Wednesday, 16 July, 2014 > >>> 2:31:35 PM > >>> > >> > > Subject: Re: [keycloak-user] Java > >>> Keycloak REST > >>> > >> API Wrapper > >>> > >> > > > >>> > >> > > I'll get on it for sure. > >>> > >> > > > >>> > >> > > Just one thing, should I create > >>> myself the > >>> > >> interfaces for the > >>> > >> services? Or > >>> > >> > > is there a more integrated way to do > >>> that? > >>> > >> > > > >>> > >> > > > >>> > >> > > On Wed, Jul 16, 2014 at 10:27 AM, > >>> Stian Thorgersen > >>> > >> >>> >>> > > >>> > >> >>> >>> >>> > >>> > >> > >>> > >> > > wrote: > >>> > >> > > > >>> > >> > > > Great work with the admin-client. > >>> As I commented > >>> > >> on GitHub I > >>> > >> added it to > >>> > >> > > > 'admin-client' branch, and would > >>> like a few > >>> > >> changes before > >>> > >> merging to > >>> > >> > > > master: > >>> > >> > > > > >>> > >> > > > * Make it use RestEasy client > >>> framwork > >>> > >> > > > * Tests - I've added a starting > >>> point to > >>> > >> > > > > >>> > >> https://github.com/keycloak/__ > >>> keycloak/blob/admin-client/__ > >>> > >> > >>> testsuite/integration/src/__test/java/org/keycloak/__ > >>> testsuite/admin/__ > >>> > >> AdminClientTest.java > >>> > >> > >>> > >> > >>> >>> > >> > >>> testsuite/integration/src/test/java/org/keycloak/ > >>> testsuite/admin/ > >>> > >> AdminClientTest.java> > >>> > >> > > > * Better error handling - instead > >>> of swallowing > >>> > >> exceptions it > >>> > >> now throws > >>> > >> > > > KeycloakException > >>> (RuntimeException), but > >>> > >> there's HTTP > >>> > >> response codes are > >>> > >> > > > not checked (see above test that > >>> tries to create > >>> > >> two users > >>> > >> with the same > >>> > >> > > > username) > >>> > >> > > > > >>> > >> > > > If you're happy to do this work > >>> that would be > >>> > >> awesome! > >>> > >> > > > > >>> > >> > > > ----- Original Message ----- > >>> > >> > > > > From: "Rodrigo Sasaki" > >>> > >> >>> > >>> >>> com>> > >>> > >> >>> __com > >>> > >> >>> >>> > >>> > >> > > > > To: "Stian Thorgersen" > >>> > >>> > >> >>> > > >>> > >> >>> >>> >>> > >>> > >> > > > > Cc: "Juraci Paix?o Kr?hling" > >>> > >> >>> >>> > > >>> > >> >>> >>> > >>> > >> >>>, > >>> > >> > > > keycloak-user at lists.jboss.org > >>> > >>> > >> >>> > > >>> > >> >>> __jboss.org > >>> > >> > >>> > >> >>> >> > >>> > >> > > > > Sent: Monday, 14 July, 2014 > >>> 2:44:48 PM > >>> > >> > > > > Subject: Re: [keycloak-user] > >>> Java Keycloak > >>> > >> REST API Wrapper > >>> > >> > > > > > >>> > >> > > > > Glad to hear it :) > >>> > >> > > > > > >>> > >> > > > > I'll be waiting on more replies > >>> and ideas to > >>> > >> perhaps make > >>> > >> it better. > >>> > >> > > > > Thanks! :) > >>> > >> > > > > > >>> > >> > > > > > >>> > >> > > > > On Mon, Jul 14, 2014 at 10:43 > >>> AM, Stian > >>> > >> Thorgersen > >>> > >> >>> >>> > > >>> > >> >>> >>> >>> > >>> > >> > >>> > >> > > > wrote: > >>> > >> > > > > > >>> > >> > > > > > Great stuff, I'll have a look > >>> at it soon. At > >>> > >> first glance > >>> > >> it looks > >>> > >> > > > really > >>> > >> > > > > > good! > >>> > >> > > > > > > >>> > >> > > > > > Thanks :) > >>> > >> > > > > > > >>> > >> > > > > > ----- Original Message ----- > >>> > >> > > > > > > From: "Rodrigo Sasaki" > >>> > >> >>> > >>> >>> com>> > >>> > >> >>> __com > >>> > >> >>> >>> > >>> > >> > > > > > > To: "Stian Thorgersen" > >>> > >>> > >> >>> > > >>> > >> >>> >>> >>> > >>> > >> > > > > > > Cc: "Juraci Paix?o Kr?hling" > >>> > >> >>> >>> > > >>> > >> >>> >>> > >>> > >> >>>, > >>> > >> > > > > > keycloak-user at lists.jboss.org > >>> > >>> > >> >>> > > >>> > >> >>> __jboss.org > >>> > >> > >>> > >> >>> >> > >>> > >> > > > > > > Sent: Monday, 14 July, 2014 > >>> 2:40:17 PM > >>> > >> > > > > > > Subject: Re: [keycloak-user] > >>> Java Keycloak > >>> > >> REST API Wrapper > >>> > >> > > > > > > > >>> > >> > > > > > > PR submitted :) > >>> > >> > > > > > > > >>> > >> > > > > > > > >>> > >> > > > > > > On Fri, Jul 11, 2014 at 9:56 > >>> AM, Stian > >>> > >> Thorgersen > >>> > >> > > > > > > >>> > >>> > >> >>> > >>> > >>> > >> > >>> > >> >>> >>> > >>> > >> > > > > > wrote: > >>> > >> > > > > > > > >>> > >> > > > > > > > Please change package > >>> names to > >>> > >> 'org.keycloak.admin.client' > >>> > >> > > > > > > > > >>> > >> > > > > > > > ----- Original Message > >>> ----- > >>> > >> > > > > > > > > From: "Rodrigo Sasaki" > >>> > >> >>> > >>> >>> com>> > >>> > >> >>> __com > >>> > >> >>> >>> > >>> > >> > > > > > > > > To: "Stian Thorgersen" > >>> > >> > >>> > > >>> > >> >>> >>> >>> > >>> > >> > > > > > > > > Cc: "Juraci Paix?o > >>> Kr?hling" > >>> > >> >>> >>> > > >>> > >> >>> >>> > >>> > >> >>>, > >>> > >> > > > > > > > > >>> keycloak-user at lists.jboss.org >>> jboss.org> > >>> > >> >>> > > >>> > >> >>> __jboss.org > >>> > >> > >>> > >> >>> >> > >>> > >> > > > > > > > > Sent: Friday, 11 July, > >>> 2014 1:51:41 PM > >>> > >> > > > > > > > > Subject: Re: > >>> [keycloak-user] Java > >>> > >> Keycloak REST API > >>> > >> Wrapper > >>> > >> > > > > > > > > > >>> > >> > > > > > > > > Just one more question, > >>> I created it > >>> > >> with my > >>> > >> companies' name in > >>> > >> > > > the > >>> > >> > > > > > > > > package, should I > >>> replace it? Or just > >>> > >> upload it as is? > >>> > >> > > > > > > > > > >>> > >> > > > > > > > > It's > >>> br.com.icarros.keycloak.api > >>> > >> > > > > > > > > > >>> > >> > > > > > > > > > >>> > >> > > > > > > > > > >>> > >> > > > > > > > > > >>> > >> > > > > > > > > On Fri, Jul 11, 2014 at > >>> 4:13 AM, Stian > >>> > >> Thorgersen < > >>> > >> > > > stian at redhat.com > >>> >>> > > >>> > >> >>> >>> >>> > >>> > >> > >>> > >> > > > > > > > wrote: > >>> > >> > > > > > > > > > >>> > >> > > > > > > > > > You can create a new > >>> module for it in: > >>> > >> > > > > > > > > > > >>> > >> > > > > > > > > > > >>> integration/admin-client > >>> > >> > > > > > > > > > > >>> > >> > > > > > > > > > ----- Original Message > >>> ----- > >>> > >> > > > > > > > > > > From: "Rodrigo > >>> Sasaki" > >>> > >> >>> > >>> > >> >>> > > >>> > >> >>> __com > >>> > >> >>> >>> > >>> > >> > > > > > > > > > > To: "Stian > >>> Thorgersen" > >>> > >> > >>> > > >>> > >> >>> >>> >>> > >>> > >> > > > > > > > > > > Cc: "Juraci Paix?o > >>> Kr?hling" > >>> > >> >>> >>> > > >>> > >> >>> >>> >>>, > >>> > >> > > > > > > > > > > >>> keycloak-user at lists.jboss.org >>> jboss.org> > >>> > >> >>> > > >>> > >> >>> __jboss.org > >>> > >> > >>> > >> >>> >> > >>> > >> > > > > > > > > > > Sent: Thursday, 10 > >>> July, 2014 > >>> > >> 8:50:00 PM > >>> > >> > > > > > > > > > > Subject: Re: > >>> [keycloak-user] Java > >>> > >> Keycloak REST > >>> > >> API Wrapper > >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > > > Stian, how should I > >>> send the code > >>> > >> that I made > >>> > >> to the > >>> > >> > > > > > > > > > > Keycloak > >>> > >> > > > > > repo? > >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > > > Can you tell me what > >>> module name > >>> > >> to use, and > >>> > >> where to > >>> > >> > > > > > > > > > > create > >>> > >> > > > it? > >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > > > On Tue, Jul 8, 2014 > >>> at 10:00 AM, > >>> > >> Rodrigo Sasaki < > >>> > >> > > > > > > > > > > >>> rodrigopsasaki at gmail.com > >>> > >> >>> > > >>> > >> >>> __com > >>> > >> > >>> > >> >>> >>> > >>> > >> > > > > > > > > > > wrote: > >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > > > > I would really > >>> like to do that > >>> > >> :) All I'm > >>> > >> waiting for is > >>> > >> > > > an OK > >>> > >> > > > > > to > >>> > >> > > > > > > > do > >>> > >> > > > > > > > > > it, > >>> > >> > > > > > > > > > > > because it was > >>> built inside the > >>> > >> company, so I > >>> > >> need > >>> > >> > > > approval. > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > > > > But I really > >>> believe it'll get a > >>> > >> lot better > >>> > >> when it's out > >>> > >> > > > > > there, > >>> > >> > > > > > > > and > >>> > >> > > > > > > > > > you > >>> > >> > > > > > > > > > > > can all pitch in > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > > > > On Tue, Jul 8, > >>> 2014 at 9:55 AM, > >>> > >> Stian > >>> > >> Thorgersen < > >>> > >> > > > > > stian at redhat.com > >>> >>> > > >>> > >> >>> >>> >> > >>> > >> > >>> > >> > > > > > > > > > >>> > >> > > > > > > > > > wrote: > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > > > >> Ideal way to > >>> contribute it to > >>> > >> Keycloak would > >>> > >> be if you > >>> > >> > > > fork > >>> > >> > > > > > the > >>> > >> > > > > > > > > > Keycloak > >>> > >> > > > > > > > > > > >> repo, add a > >>> module and do a PR ;) > >>> > >> > > > > > > > > > > >> > >>> > >> > > > > > > > > > > >> ----- Original > >>> Message ----- > >>> > >> > > > > > > > > > > >> > From: "Rodrigo > >>> Sasaki" > >>> > >> >>> > >>> > >> >>> > > >>> > >> >>> __com > >>> > >> >>> >>> > >>> > >> > > > > > > > > > > >> > To: "Juraci > >>> Paix?o Kr?hling" > >>> > >> >>> >>> > > >>> > >> >>> >>> >>> > >>> > >> > > > > > > > > > > >> > Cc: > >>> > >> keycloak-user at lists.jboss.org > >>> > >>> > >> >>> > > >>> > >> >>> __jboss.org > >>> > >> > >>> > >> >>> >> > >>> > >> > > > > > > > > > > >> > Sent: Tuesday, > >>> 8 July, 2014 > >>> > >> 1:50:14 PM > >>> > >> > > > > > > > > > > >> > Subject: Re: > >>> [keycloak-user] > >>> > >> Java Keycloak > >>> > >> REST API > >>> > >> > > > Wrapper > >>> > >> > > > > > > > > > > >> > > >>> > >> > > > > > > > > > > >> > Oh yes, I > >>> believe it is > >>> > >> already very usable. > >>> > >> > > > > > > > > > > >> > > >>> > >> > > > > > > > > > > >> > All I need now > >>> is to get my > >>> > >> manager to > >>> > >> agree to make > >>> > >> > > > this > >>> > >> > > > > > repo > >>> > >> > > > > > > > > > public, > >>> > >> > > > > > > > > > > >> > because there > >>> is a policy > >>> > >> that all repos > >>> > >> are private > >>> > >> > > > > > > > > > > >> > in > >>> > >> > > > this > >>> > >> > > > > > > > project > >>> > >> > > > > > > > > > > >> we're > >>> > >> > > > > > > > > > > >> > working in, but > >>> I don't think > >>> > >> we'll have > >>> > >> problems with > >>> > >> > > > > > this. I > >>> > >> > > > > > > > > > pitched > >>> > >> > > > > > > > > > > >> him > >>> > >> > > > > > > > > > > >> > the idea of > >>> contributing to > >>> > >> Keycloak and > >>> > >> he seemed to > >>> > >> > > > like > >>> > >> > > > > > it > >>> > >> > > > > > > > > > > >> > > >>> > >> > > > > > > > > > > >> > > >>> > >> > > > > > > > > > > >> > On Tue, Jul 8, > >>> 2014 at 9:32 > >>> > >> AM, Juraci > >>> > >> Paix?o Kr?hling > >>> > >> > > > > > > > > > > >> > < > >>> > >> > > > > > > > > > > >> > >>> juraci at kroehling.de > >>> > >> >>> > >>> > >>> > >> > >>> > >> >>> >> > >>> > >> > > > > > > > > > > >> > > wrote: > >>> > >> > > > > > > > > > > >> > > >>> > >> > > > > > > > > > > >> > > >>> > >> > > > > > > > > > > >> > -----BEGIN PGP > >>> SIGNED > >>> > >> MESSAGE----- > >>> > >> > > > > > > > > > > >> > Hash: SHA512 > >>> > >> > > > > > > > > > > >> > > >>> > >> > > > > > > > > > > >> > Hello Rodrigo, > >>> > >> > > > > > > > > > > >> > > >>> > >> > > > > > > > > > > >> > Do you have > >>> news about this? > >>> > >> I'm working > >>> > >> on a task > >>> > >> > > > > > > > > > > >> > that > >>> > >> > > > > > would > >>> > >> > > > > > > > > > require > >>> > >> > > > > > > > > > > >> > me to do > >>> something similar, > >>> > >> so, I think it > >>> > >> would best > >>> > >> > > > if we > >>> > >> > > > > > can > >>> > >> > > > > > > > > > > >> > collaborate on > >>> this API :-) > >>> > >> > > > > > > > > > > >> > > >>> > >> > > > > > > > > > > >> > If/when you > >>> have some time, > >>> > >> we could have > >>> > >> a chat via > >>> > >> > > > > > > > > > > >> > IRC > >>> > >> > > > > > > > > > (jpkroehling > >>> > >> > > > > > > > > > > >> > at #keycloak on > >>> freenode). > >>> > >> > > > > > > > > > > >> > > >>> > >> > > > > > > > > > > >> > - - Juca. > >>> > >> > > > > > > > > > > >> > > >>> > >> > > > > > > > > > > >> > On 06/20/2014 > >>> 10:00 PM, > >>> > >> Rodrigo Sasaki wrote: > >>> > >> > > > > > > > > > > >> > > I'm working > >>> on a Java-based > >>> > >> wrapper for > >>> > >> the REST > >>> > >> > > > > > > > > > > >> > > API, > >>> > >> > > > to > >>> > >> > > > > > make > >>> > >> > > > > > > > it > >>> > >> > > > > > > > > > > >> > > look more OO, > >>> abstracting > >>> > >> the access to > >>> > >> servers. > >>> > >> > > > > > > > > > > >> > > > >>> > >> > > > > > > > > > > >> > > It uses > >>> methods such as > >>> > >> > > > > > > > > > > >> > > > >>> > >> > > > > > > > > > > >> > > User bill = > >>> > >> > > > > > > -- > > Rodrigo Sasaki > > > > > > -- > Rodrigo Sasaki > From stian at redhat.com Tue Jul 29 07:55:00 2014 From: stian at redhat.com (Stian Thorgersen) Date: Tue, 29 Jul 2014 07:55:00 -0400 (EDT) Subject: [keycloak-user] "Remember Me" feature on Social Login In-Reply-To: References: Message-ID: <652626286.19751482.1406634900650.JavaMail.zimbra@redhat.com> It's planned just not implemented yet. One of the reasons was that we couldn't figure out an elegant placement for the remember-me checkbox. ----- Original Message ----- > From: "Rodrigo Sasaki" > To: keycloak-user at lists.jboss.org > Sent: Tuesday, 29 July, 2014 12:15:15 PM > Subject: [keycloak-user] "Remember Me" feature on Social Login > > Hi, > > I know this doesn't exist now, but I was wondering if it is something that is > planned to be implemented, or if there's a particular reason why it isn't. > > Thanks! > > -- > Rodrigo Sasaki > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user From bburke at redhat.com Tue Jul 29 09:41:43 2014 From: bburke at redhat.com (Bill Burke) Date: Tue, 29 Jul 2014 09:41:43 -0400 Subject: [keycloak-user] Client cert based OAuth In-Reply-To: References: Message-ID: <53D7A497.7030204@redhat.com> Planned post-1.0.final based on user demand. Cert auth is SSL client certs. On 7/28/2014 4:46 PM, Vivek Srivastav (vivsriva) wrote: > The KeyCloak reference guide points out that client cert auth is coming > soon. > What cert authentication mechanism will be used in the implementation > and when is is planned? > Regards, > Vivek > > > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From bburke at redhat.com Tue Jul 29 09:42:43 2014 From: bburke at redhat.com (Bill Burke) Date: Tue, 29 Jul 2014 09:42:43 -0400 Subject: [keycloak-user] Getting all roles for a realm and appliaction In-Reply-To: References: Message-ID: <53D7A4D3.50606@redhat.com> You are probably getting a 401 message back with a "Bearer" description, meaning you are not authenticated. YOu need to obtain a token. On 7/28/2014 5:19 PM, Chris Stier wrote: > Hi all, > Is there currently a way to get all roles for a realm and application? > I found the rest api docs... but when I call > /admin/realms/{realm}/applications/{app-name}/roles > > with the appropriate realm and app name I just get the text "Bearer" > returned. Is this still in the works or am I missing something? > Thanks so much! > Chris Stier > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From emorny at gmail.com Tue Jul 29 10:12:42 2014 From: emorny at gmail.com (Edem Morny) Date: Tue, 29 Jul 2014 14:12:42 +0000 Subject: [keycloak-user] Admin of A Realm Message-ID: <53D7ABDA.7070903@gmail.com> Hi, We will be doing a demo of a proof of concept of a project we've been working on by Friday, with keycloak as our security backbone. One of the questions that has come up in our work is that since the organisation's own IT staff will be managing the security and assigning of users to roles etc, there should be the ability to assign a person/persons as administrators of a particular realm. In our testing we've always been logging in with the admin of the "master" realm and navigating to the realm of the application. Is there a way to make a user in a realm an administrator of only their realm, so the org's IT staff can take over that task? From bburke at redhat.com Tue Jul 29 10:15:41 2014 From: bburke at redhat.com (Bill Burke) Date: Tue, 29 Jul 2014 10:15:41 -0400 Subject: [keycloak-user] Admin of A Realm In-Reply-To: <53D7ABDA.7070903@gmail.com> References: <53D7ABDA.7070903@gmail.com> Message-ID: <53D7AC8D.4020407@redhat.com> yes. http://docs.jboss.org/keycloak/docs/1.0-beta-3/userguide/html/per-realm-admin-permissions.html On 7/29/2014 10:12 AM, Edem Morny wrote: > Hi, > > We will be doing a demo of a proof of concept of a project we've been > working on by Friday, with keycloak as our security backbone. One of the > questions that has come up in our work is that since the organisation's > own IT staff will be managing the security and assigning of users to > roles etc, there should be the ability to assign a person/persons as > administrators of a particular realm. > > In our testing we've always been logging in with the admin of the > "master" realm and navigating to the realm of the application. Is there > a way to make a user in a realm an administrator of only their realm, so > the org's IT staff can take over that task? > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From rodrigopsasaki at gmail.com Tue Jul 29 10:51:01 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Tue, 29 Jul 2014 11:51:01 -0300 Subject: [keycloak-user] Bearer Only Application access with token Message-ID: Hi, I'm trying to secure a bearer-only application with keycloak, to access it with access tokens, but I think I'm missing something. I tried it with the database-service of the unconfigured demo. 1. I created the user role in the application. 2. I assigned that role to my user 3. I copied the contents of the installation json to *webapp/META-INF/keycloak.json* { "realm": "demo", "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwRayjzh7W+EfPaeSdyXWLyXof7c3fwD7vb0AEtG+ogLHtMkYiTdX9y/JXOmXwWDzGhx7NM3Q6vkCG0F3lZqOVsSlYH56c5+Ev4QmSGK/+6e+WcZMcgmscoz1OoXKom4+pzqMey42hqdwwMhkvCq/jxJSmUGnZJQuqEKVH00NZ1wIDAQAB", "bearer-only": true, "ssl-not-required": true, "resource": "database-service", "use-resource-role-mappings": true } 4. Set the auth-method to *KEYCLOAK* on web.xml 5. Started the server deploying the *database-service* 6. Generated a token using *security-admin-console* client_id and my user 7. Submitted a GET request to *localhost:8080/database/customers* After these steps I get a 403 error, saying that I'm not authorized to access the resource, wasn't this supposed to work? -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140729/4643e441/attachment.html From bburke at redhat.com Tue Jul 29 10:59:23 2014 From: bburke at redhat.com (Bill Burke) Date: Tue, 29 Jul 2014 10:59:23 -0400 Subject: [keycloak-user] Bearer Only Application access with token In-Reply-To: References: Message-ID: <53D7B6CB.8080001@redhat.com> What kind of role is it? Is the new role defined under the "database-service" application? If not, then you must add this role to the "database-service"'s scope in the admin console. On 7/29/2014 10:51 AM, Rodrigo Sasaki wrote: > Hi, > > I'm trying to secure a bearer-only application with keycloak, to access > it with access tokens, but I think I'm missing something. > > I tried it with the database-service of the unconfigured demo. > > 1. I created the user role in the application. > 2. I assigned that role to my user > 3. I copied the contents of the installation json to > *webapp/META-INF/keycloak.json* > > { > "realm": "demo", > "realm-public-key": > "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwRayjzh7W+EfPaeSdyXWLyXof7c3fwD7vb0AEtG+ogLHtMkYiTdX9y/JXOmXwWDzGhx7NM3Q6vkCG0F3lZqOVsSlYH56c5+Ev4QmSGK/+6e+WcZMcgmscoz1OoXKom4+pzqMey42hqdwwMhkvCq/jxJSmUGnZJQuqEKVH00NZ1wIDAQAB", > "bearer-only": true, > "ssl-not-required": true, > "resource": "database-service", > "use-resource-role-mappings": true > } > > 4. Set the auth-method to *KEYCLOAK* on web.xml > 5. Started the server deploying the *database-service* > 6. Generated a token using *security-admin-console* client_id and my user > 7. Submitted a GET request to /localhost:8080/database/customers/ > > After these steps I get a 403 error, saying that I'm not authorized to > access the resource, wasn't this supposed to work? > > -- > Rodrigo Sasaki > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From rodrigopsasaki at gmail.com Tue Jul 29 12:51:04 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Tue, 29 Jul 2014 13:51:04 -0300 Subject: [keycloak-user] Bearer Only Application access with token In-Reply-To: <53D7B6CB.8080001@redhat.com> References: <53D7B6CB.8080001@redhat.com> Message-ID: It is defined under the application itself, so I it's under the scope. This should be working right? On Tue, Jul 29, 2014 at 11:59 AM, Bill Burke wrote: > What kind of role is it? Is the new role defined under the > "database-service" application? If not, then you must add this role to > the "database-service"'s scope in the admin console. > > On 7/29/2014 10:51 AM, Rodrigo Sasaki wrote: > > Hi, > > > > I'm trying to secure a bearer-only application with keycloak, to access > > it with access tokens, but I think I'm missing something. > > > > I tried it with the database-service of the unconfigured demo. > > > > 1. I created the user role in the application. > > 2. I assigned that role to my user > > 3. I copied the contents of the installation json to > > *webapp/META-INF/keycloak.json* > > > > { > > "realm": "demo", > > "realm-public-key": > > > "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwRayjzh7W+EfPaeSdyXWLyXof7c3fwD7vb0AEtG+ogLHtMkYiTdX9y/JXOmXwWDzGhx7NM3Q6vkCG0F3lZqOVsSlYH56c5+Ev4QmSGK/+6e+WcZMcgmscoz1OoXKom4+pzqMey42hqdwwMhkvCq/jxJSmUGnZJQuqEKVH00NZ1wIDAQAB", > > "bearer-only": true, > > "ssl-not-required": true, > > "resource": "database-service", > > "use-resource-role-mappings": true > > } > > > > 4. Set the auth-method to *KEYCLOAK* on web.xml > > 5. Started the server deploying the *database-service* > > 6. Generated a token using *security-admin-console* client_id and my user > > 7. Submitted a GET request to /localhost:8080/database/customers/ > > > > After these steps I get a 403 error, saying that I'm not authorized to > > access the resource, wasn't this supposed to work? > > > > -- > > Rodrigo Sasaki > > > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140729/fe41d96c/attachment-0001.html From vivsriva at cisco.com Tue Jul 29 15:05:14 2014 From: vivsriva at cisco.com (Vivek Srivastav (vivsriva)) Date: Tue, 29 Jul 2014 19:05:14 +0000 Subject: [keycloak-user] Implicit client login problem Message-ID: I am trying to get the customer-portal-cli to work customer-portal-cli has the following configuration: access type: public redirect URL: http://localhost Keycloak Environment: 1.0-beta-3 The app is able to launch a browser, obtain the code, but I am getting invalid token signature. Following is the jboss log: 14:53:40,883 INFO [org.keycloak.services.resources.TokenService] (http-/127.0.0.1:8080-8) no authorization header 14:53:40,891 INFO [org.keycloak.audit] (http-/127.0.0.1:8080-8) event=CODE_TO_TOKEN, realmId=bd1320b5-7601-4056-8e30-4839f5bfdf8b, clientId=customer-portal-cli, userId=13598dc1-61d5-42e8-a6b1-86595548b384, ipAddress=127.0.0.1, refresh_token_id=784df1b7-8d6e-44de-80d7-b3ce44317007, code_id=d0ae1bc2-f66c-4d44-9a48-72059f5463f81406660020834, token_id=8170b67d-888f-4770-a4fd-691ece674214 Commands: login - login with desktop browser if available, otherwise do manual login login-manual - manual login login-desktop - desktop login token - show token details id-token - show ID token details profile - retrieve user profile customers - retrieve customers listing refresh - refresh token exit - exit $ login Invalid token signature. Appreciate any help. Kind Regards, Vivek -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140729/06b868ea/attachment.html From vivsriva at cisco.com Tue Jul 29 15:09:50 2014 From: vivsriva at cisco.com (Vivek Srivastav (vivsriva)) Date: Tue, 29 Jul 2014 19:09:50 +0000 Subject: [keycloak-user] Bearer Only Application access with token In-Reply-To: References: <53D7B6CB.8080001@redhat.com> Message-ID: Make sure you have the following settings configured for your database service: [cid:7FB161C8-9169-498E-BE38-35D4735A9146] [cid:F53847FE-4703-4AB3-9C06-790DC32B5A75] In the web.xml, make sure you have the security setup with the appropriate user role: database /* user KEYCLOAK demo user From: Rodrigo Sasaki > Date: Tuesday, July 29, 2014 at 12:51 PM To: Bill Burke > Cc: "keycloak-user at lists.jboss.org" > Subject: Re: [keycloak-user] Bearer Only Application access with token It is defined under the application itself, so I it's under the scope. This should be working right? On Tue, Jul 29, 2014 at 11:59 AM, Bill Burke > wrote: What kind of role is it? Is the new role defined under the "database-service" application? If not, then you must add this role to the "database-service"'s scope in the admin console. On 7/29/2014 10:51 AM, Rodrigo Sasaki wrote: > Hi, > > I'm trying to secure a bearer-only application with keycloak, to access > it with access tokens, but I think I'm missing something. > > I tried it with the database-service of the unconfigured demo. > > 1. I created the user role in the application. > 2. I assigned that role to my user > 3. I copied the contents of the installation json to > *webapp/META-INF/keycloak.json* > > { > "realm": "demo", > "realm-public-key": > "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwRayjzh7W+EfPaeSdyXWLyXof7c3fwD7vb0AEtG+ogLHtMkYiTdX9y/JXOmXwWDzGhx7NM3Q6vkCG0F3lZqOVsSlYH56c5+Ev4QmSGK/+6e+WcZMcgmscoz1OoXKom4+pzqMey42hqdwwMhkvCq/jxJSmUGnZJQuqEKVH00NZ1wIDAQAB", > "bearer-only": true, > "ssl-not-required": true, > "resource": "database-service", > "use-resource-role-mappings": true > } > > 4. Set the auth-method to *KEYCLOAK* on web.xml > 5. Started the server deploying the *database-service* > 6. Generated a token using *security-admin-console* client_id and my user > 7. Submitted a GET request to /localhost:8080/database/customers/ > > After these steps I get a 403 error, saying that I'm not authorized to > access the resource, wasn't this supposed to work? > > -- > Rodrigo Sasaki > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-user mailing list keycloak-user at lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140729/4a43f38d/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: 7FB161C8-9169-498E-BE38-35D4735A9146.png Type: image/png Size: 26058 bytes Desc: 7FB161C8-9169-498E-BE38-35D4735A9146.png Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20140729/4a43f38d/attachment-0002.png -------------- next part -------------- A non-text attachment was scrubbed... Name: F53847FE-4703-4AB3-9C06-790DC32B5A75.png Type: image/png Size: 15533 bytes Desc: F53847FE-4703-4AB3-9C06-790DC32B5A75.png Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20140729/4a43f38d/attachment-0003.png From rodrigopsasaki at gmail.com Tue Jul 29 16:56:41 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Tue, 29 Jul 2014 17:56:41 -0300 Subject: [keycloak-user] Bearer Only Application access with token In-Reply-To: References: <53D7B6CB.8080001@redhat.com> Message-ID: I made sure of all that, I just recreated everything using realm roles just for the sake of completeness, but I'm still getting a 403 On Tue, Jul 29, 2014 at 4:09 PM, Vivek Srivastav (vivsriva) < vivsriva at cisco.com> wrote: > Make sure you have the following settings configured for your database > service: > > > > > > In the web.xml, make sure you have the security setup with the > appropriate user role: > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:schemaLocation="http://java.sun.com/xml/ns/javaee > http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" > version="3.0"> > > database > > > /* > > > > user > > > > > KEYCLOAK > demo > > > > user > > > > > > From: Rodrigo Sasaki > Date: Tuesday, July 29, 2014 at 12:51 PM > To: Bill Burke > Cc: "keycloak-user at lists.jboss.org" > Subject: Re: [keycloak-user] Bearer Only Application access with token > > It is defined under the application itself, so I it's under the scope. > This should be working right? > > > On Tue, Jul 29, 2014 at 11:59 AM, Bill Burke wrote: > >> What kind of role is it? Is the new role defined under the >> "database-service" application? If not, then you must add this role to >> the "database-service"'s scope in the admin console. >> >> On 7/29/2014 10:51 AM, Rodrigo Sasaki wrote: >> > Hi, >> > >> > I'm trying to secure a bearer-only application with keycloak, to access >> > it with access tokens, but I think I'm missing something. >> > >> > I tried it with the database-service of the unconfigured demo. >> > >> > 1. I created the user role in the application. >> > 2. I assigned that role to my user >> > 3. I copied the contents of the installation json to >> > *webapp/META-INF/keycloak.json* >> > >> > { >> > "realm": "demo", >> > "realm-public-key": >> > >> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwRayjzh7W+EfPaeSdyXWLyXof7c3fwD7vb0AEtG+ogLHtMkYiTdX9y/JXOmXwWDzGhx7NM3Q6vkCG0F3lZqOVsSlYH56c5+Ev4QmSGK/+6e+WcZMcgmscoz1OoXKom4+pzqMey42hqdwwMhkvCq/jxJSmUGnZJQuqEKVH00NZ1wIDAQAB", >> > "bearer-only": true, >> > "ssl-not-required": true, >> > "resource": "database-service", >> > "use-resource-role-mappings": true >> > } >> > >> > 4. Set the auth-method to *KEYCLOAK* on web.xml >> > 5. Started the server deploying the *database-service* >> > 6. Generated a token using *security-admin-console* client_id and my >> user >> > 7. Submitted a GET request to /localhost:8080/database/customers/ >> > >> > After these steps I get a 403 error, saying that I'm not authorized to >> > access the resource, wasn't this supposed to work? >> > >> > -- >> > Rodrigo Sasaki >> > >> > >> > _______________________________________________ >> > keycloak-user mailing list >> > keycloak-user at lists.jboss.org >> > https://lists.jboss.org/mailman/listinfo/keycloak-user >> > >> >> -- >> Bill Burke >> JBoss, a division of Red Hat >> http://bill.burkecentral.com >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > > > > -- > Rodrigo Sasaki > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140729/29319bc4/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: F53847FE-4703-4AB3-9C06-790DC32B5A75.png Type: image/png Size: 15533 bytes Desc: not available Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20140729/29319bc4/attachment-0002.png -------------- next part -------------- A non-text attachment was scrubbed... Name: 7FB161C8-9169-498E-BE38-35D4735A9146.png Type: image/png Size: 26058 bytes Desc: not available Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20140729/29319bc4/attachment-0003.png From stian at redhat.com Wed Jul 30 05:04:24 2014 From: stian at redhat.com (Stian Thorgersen) Date: Wed, 30 Jul 2014 05:04:24 -0400 (EDT) Subject: [keycloak-user] Implicit client login problem In-Reply-To: References: Message-ID: <1600374303.20275923.1406711064147.JavaMail.zimbra@redhat.com> Looks like the pub-key in customer-portal-cli doesn't match the pub-key for the realm. Did you import the testrealm.json from the example, or manually create the realm? ----- Original Message ----- > From: "Vivek Srivastav (vivsriva)" > To: keycloak-user at lists.jboss.org > Sent: Tuesday, 29 July, 2014 8:05:14 PM > Subject: [keycloak-user] Implicit client login problem > > I am trying to get the customer-portal-cli to work > > customer-portal-cli has the following configuration: > > access type: public > redirect URL: http://localhost > > Keycloak Environment: > > > 1.0-beta-3 > > The app is able to launch a browser, obtain the code, but I am getting > invalid token signature. Following is the jboss log: > > > > 14:53:40,883 INFO [org.keycloak.services.resources.TokenService] > (http-/127.0.0.1:8080-8) no authorization header > > 14:53:40,891 INFO [org.keycloak.audit] (http-/127.0.0.1:8080-8) > event=CODE_TO_TOKEN, realmId=bd1320b5-7601-4056-8e30-4839f5bfdf8b, > clientId=customer-portal-cli, userId=13598dc1-61d5-42e8-a6b1-86595548b384, > ipAddress=127.0.0.1, refresh_token_id=784df1b7-8d6e-44de-80d7-b3ce44317007, > code_id=d0ae1bc2-f66c-4d44-9a48-72059f5463f81406660020834, > token_id=8170b67d-888f-4770-a4fd-691ece674214 > > > > > Commands: > > login - login with desktop browser if available, otherwise do manual login > > login-manual - manual login > > login-desktop - desktop login > > token - show token details > > id-token - show ID token details > > profile - retrieve user profile > > customers - retrieve customers listing > > refresh - refresh token > > exit - exit > > > > > $ login > > > > > Invalid token signature. > > Appreciate any help. > > Kind Regards, > Vivek > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user From stian at redhat.com Wed Jul 30 08:28:26 2014 From: stian at redhat.com (Stian Thorgersen) Date: Wed, 30 Jul 2014 08:28:26 -0400 (EDT) Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: <1642862811.19749418.1406634840854.JavaMail.zimbra@redhat.com> References: <1703920550.15129364.1406037527645.JavaMail.zimbra@redhat.com> <53CFC211.2020806@redhat.com> <1642862811.19749418.1406634840854.JavaMail.zimbra@redhat.com> Message-ID: <2120785185.20359789.1406723306337.JavaMail.zimbra@redhat.com> It's merged now! I added some more tests, will add more soon. Also, I renamed the resources to remove the Keycloak prefix (so it's now RealmResource instead of KeycloakRealm). Great work, thanks :) ----- Original Message ----- > From: "Stian Thorgersen" > To: "Rodrigo Sasaki" > Cc: keycloak-user at lists.jboss.org > Sent: Tuesday, 29 July, 2014 12:54:00 PM > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > I'll have a look later today or tomorrow morning > > ----- Original Message ----- > > From: "Rodrigo Sasaki" > > To: "Bill Burke" > > Cc: "Stian Thorgersen" , keycloak-user at lists.jboss.org > > Sent: Tuesday, 29 July, 2014 12:21:30 PM > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > Hello, > > > > I was just wondering. What is missing from the admin-client to merge it > > with the master branch? > > > > > > On Wed, Jul 23, 2014 at 1:04 PM, Rodrigo Sasaki > > wrote: > > > > > So far it's good :) But it's not fully in production. > > > > > > We changed a small portion of the application, that only internal > > > administrative employees have access to, and so far it's holding up very > > > well > > > > > > But we can't really put it completely in production until we figure out > > > those login issues from the other thread > > > > > > > > > On Wed, Jul 23, 2014 at 11:09 AM, Bill Burke wrote: > > > > > >> You are using us in production? I don't know if I should be happy or > > >> scared :) How is it going? Are we holding up? > > >> > > >> On 7/23/2014 9:50 AM, Rodrigo Sasaki wrote: > > >> > > >>> The problem was that the version of keycloak we have in production is > > >>> based on the beta-2, and the UserRepresentation there is different, > > >>> sorry about this. > > >>> > > >>> I submitted a PR with the alterations > > >>> > > >>> > > >>> On Tue, Jul 22, 2014 at 11:06 AM, Rodrigo Sasaki > > >>> > wrote: > > >>> > > >>> The thing is that I simply create an instance and assign an > > >>> username > > >>> > > >>> UserRepresentation userRep = new UserRepresentation(); > > >>> userRep.setUsername("user1"); > > >>> realm.users().create(userRep); > > >>> > > >>> That create is a proxy of the interface, so I don't really know > > >>> where I could interfere here with code. > > >>> > > >>> > > >>> On Tue, Jul 22, 2014 at 10:58 AM, Stian Thorgersen > > >>> > >>> > wrote: > > >>> > > >>> Try removing socialLinks instead of setting the value to null, > > >>> or specifying an empty array. > > >>> > > >>> ----- Original Message ----- > > >>> > From: "Rodrigo Sasaki" > >>> > > > >>> > To: "Bill Burke" > >>> > > >>> >> > > >>> > Cc: "Stian Thorgersen" > >>> >, keycloak-user at lists.jboss.org > > >>> > > >>> > Sent: Tuesday, 22 July, 2014 2:54:49 PM > > >>> > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > >>> > > > >>> > I tried creating a user using the API, and I got a 400 > > >>> > status > > >>> code, I went > > >>> > to check everything, and it seems that I can't send > > >>> "socialLinks", > > >>> > "realmRoles" and "applicationRoles" as null for some reason, > > >>> I get this > > >>> > exception: > > >>> > > > >>> > org.codehaus.jackson.map.exc.UnrecognizedPropertyException: > > >>> Unrecognized > > >>> > field "socialLinks" > > >>> > (Class > > >>> org.keycloak.representations.idm.UserRepresentation), not > > >>> marked > > >>> > as ignorable > > >>> > > > >>> > But I know those values aren't mandatory. Is there a fix for > > >>> this? > > >>> > > > >>> > > > >>> > On Fri, Jul 18, 2014 at 1:37 PM, Bill Burke > > >>> > wrote: > > >>> > > > >>> > > String token = getToken(); > > >>> > > final String authHeader = "Bearer " + token; > > >>> > > ClientRequestFilter authFilter = new ClientRequestFilter() > > >>> > > { > > >>> > > @Override > > >>> > > public void filter(ClientRequestContext requestContext) > > >>> throws > > >>> > > IOException { > > >>> > > > > >>> > > requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, > > >>> authHeader); > > >>> > > > > >>> > > } > > >>> > > }; > > >>> > > > > >>> > > > > >>> > > ResteasyWebTarget target = > > >>> client.target("http://localhost:8080/auth"); > > >>> > > target.register(authFilter); > > >>> > > Admin admin = target.proxy(Admin.class); > > >>> > > > > >>> > > > > >>> > > > > >>> > > On 7/18/2014 12:26 PM, Rodrigo Sasaki wrote: > > >>> > > > > >>> > >> Can you help me with any hint or documentation regarding > > >>> that > > >>> > >> BearerTokenFilter implementation? > > >>> > >> > > >>> > >> I understand that I have to create it myself, but I don't > > >>> know what I > > >>> > >> should create. I tried browsing the web, but with no > > >>> success.. Perhaps > > >>> > >> I'm missing the right keyword to find what I need > > >>> > >> > > >>> > >> > > >>> > >> On Thu, Jul 17, 2014 at 6:36 PM, Rodrigo Sasaki > > >>> > >> > >>> > > >>> > >>> >> wrote: > > >>> > >> > > >>> > >> That's perfect :) thanks for the help > > >>> > >> > > >>> > >> I'll get started on it as soon as I can > > >>> > >> > > >>> > >> On Jul 17, 2014 5:55 PM, "Bill Burke" > > >>> > > >>> > >> > >>> > >> >> > > >>> wrote: > > >>> > >> > > >>> > >> @Path("/admin > > >>> > >> public interface Admin { > > >>> > >> @Path("realms/{realm}") > > >>> > >> Realm realm(@PathParameter("realm") > > >>> > >> realmName); > > >>> > >> } > > >>> > >> > > >>> > >> public interface Realm { > > >>> > >> @GET > > >>> > >> @Produces("application/json") > > >>> > >> RealmRepresentation get(); > > >>> > >> > > >>> > >> @DELETE > > >>> > >> void delete(); > > >>> > >> > > >>> > >> @PUT > > >>> > >> @Consumes("application/json") > > >>> > >> void update(RealmRepresentation rep); > > >>> > >> > > >>> > >> @Path("users") > > >>> > >> Users users(); > > >>> > >> } > > >>> > >> > > >>> > >> public interface Users { > > >>> > >> ... > > >>> > >> } > > >>> > >> > > >>> > >> FOllow me? > > >>> > >> > > >>> > >> Then its just > > >>> > >> > > >>> > >> ResteasyClient client = new > > >>> ResteasyClientBuilder().build(__); > > >>> > >> ResteasyWebTarget target = > > >>> > >> client.target("http://__localhost:8080/auth > > >>> > >> > > >>> > >> "); > > >>> > >> > > >>> > >> String token = ... get a token ... > > >>> > >> > > >>> > >> target.register(new BearerTokenFilter(token)); // > > >>> you'd have to > > >>> > >> implement this > > >>> > >> > > >>> > >> Admin admin = target.proxy(Admin.class); > > >>> > >> > > >>> > >> admin.realm("master") > > >>> > >> > > >>> > >> That's about as much help I can give you right > > >>> > >> now. > > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> > > >>> > >> On 7/17/2014 11:18 AM, Rodrigo Sasaki wrote: > > >>> > >> > > >>> > >> OK, will do. > > >>> > >> > > >>> > >> Is there a way for me to do it like it is > > >>> there? I'll > > >>> > >> explain a little > > >>> > >> better > > >>> > >> > > >>> > >> the class *AdminRoot* has the path set to > > >>> "/admin", and it > > >>> > >> has a method > > >>> > >> getRealmsAdmin, with "realms" on the path, > > >>> > >> and > > >>> on the > > >>> > >> *RealmsAdminResource* there's the > > >>> getRealmAdmin mapped to > > >>> > >> "{realm}", > > >>> > >> making the full path for it > > >>> "/admin/realms/{realm}", even > > >>> > >> though each > > >>> > >> one is in a different class. > > >>> > >> > > >>> > >> Is there a way for me to do it the same way, > > >>> > >> I > > >>> don't know > > >>> > >> how the Proxy > > >>> > >> framework would understand that, maybe I > > >>> > >> would > > >>> have to set > > >>> > >> the full path > > >>> > >> > > >>> > >> > > >>> > >> On Thu, Jul 17, 2014 at 12:11 PM, Stian > > >>> Thorgersen > > >>> > >> > > >>> > > > >>> > >> > >>> > >>> >>> wrote: > > >>> > >> > > >>> > >> Rodrigo: just create your own > > >>> > >> interfaces. > > >>> If you can > > >>> > >> try to keep > > >>> > >> them as consistent with jax-rs classes > > >>> > >> in > > >>> services as > > >>> > >> you can that > > >>> > >> would be great. > > >>> > >> > > >>> > >> ----- Original Message ----- > > >>> > >> > From: "Stian Thorgersen" > > >>> > > >>> > >> > >>> > > >>> > > >>> > >> > >>> >>> > > >>> > >> > To: "Rodrigo Sasaki" > > >>> > > >>> > >> > >>> > > > >>> > >> > >>> __com > > >>> > >> > >>> >>>, "Bill Burke" > > >>> > >> > > >>> > > > >>> > >> > >>> > >>> >>> > > >>> > >> > Cc: keycloak-user at lists.jboss.org > > >>> > > >>> > >> > >>> > > > >>> > >> > >>> __jboss.org > > >>> > >> > > >>> > >> > >>> >> > > >>> > >> > Sent: Wednesday, 16 July, 2014 > > >>> > >> > 2:34:44 > > >>> PM > > >>> > >> > Subject: Re: [keycloak-user] Java > > >>> Keycloak REST API > > >>> > >> Wrapper > > >>> > >> > > > >>> > >> > Bill: does it make sense for us to > > >>> share interfaces > > >>> > >> (with jax-rs > > >>> > >> annotations) > > >>> > >> > for services and admin-client? > > >>> > >> > > > >>> > >> > ----- Original Message ----- > > >>> > >> > > From: "Rodrigo Sasaki" > > >>> > > >>> > >> > >>> > > > >>> > >> > >>> __com > > >>> > >> > >>> >>> > > >>> > >> > > To: "Stian Thorgersen" > > >>> > > >>> > >> > >>> > > >>> > > >>> > >> > >>> >>> > > >>> > >> > > Cc: "Juraci Paix?o Kr?hling" > > >>> > > >>> > >> > >>> > > > >>> > >> > >>> > >>> > > >>> > >> >>>, > > >>> > >> > > keycloak-user at lists.jboss.org > > >>> > > >>> > >> > >>> > > > >>> > >> > >>> __jboss.org > > >>> > >> > > >>> > >> > >>> >> > > >>> > >> > > Sent: Wednesday, 16 July, 2014 > > >>> 2:31:35 PM > > >>> > >> > > Subject: Re: [keycloak-user] Java > > >>> Keycloak REST > > >>> > >> API Wrapper > > >>> > >> > > > > >>> > >> > > I'll get on it for sure. > > >>> > >> > > > > >>> > >> > > Just one thing, should I create > > >>> myself the > > >>> > >> interfaces for the > > >>> > >> services? Or > > >>> > >> > > is there a more integrated way to > > >>> > >> > > do > > >>> that? > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > On Wed, Jul 16, 2014 at 10:27 AM, > > >>> Stian Thorgersen > > >>> > >> > >>> > >>> > > > >>> > >> > >>> > >>> >>> > > >>> > >> > > >>> > >> > > wrote: > > >>> > >> > > > > >>> > >> > > > Great work with the admin-client. > > >>> As I commented > > >>> > >> on GitHub I > > >>> > >> added it to > > >>> > >> > > > 'admin-client' branch, and would > > >>> like a few > > >>> > >> changes before > > >>> > >> merging to > > >>> > >> > > > master: > > >>> > >> > > > > > >>> > >> > > > * Make it use RestEasy client > > >>> framwork > > >>> > >> > > > * Tests - I've added a starting > > >>> point to > > >>> > >> > > > > > >>> > >> https://github.com/keycloak/__ > > >>> keycloak/blob/admin-client/__ > > >>> > >> > > >>> testsuite/integration/src/__test/java/org/keycloak/__ > > >>> testsuite/admin/__ > > >>> > >> AdminClientTest.java > > >>> > >> > > >>> > >> > > >>> > >>> > >> > > >>> testsuite/integration/src/test/java/org/keycloak/ > > >>> testsuite/admin/ > > >>> > >> AdminClientTest.java> > > >>> > >> > > > * Better error handling - instead > > >>> of swallowing > > >>> > >> exceptions it > > >>> > >> now throws > > >>> > >> > > > KeycloakException > > >>> (RuntimeException), but > > >>> > >> there's HTTP > > >>> > >> response codes are > > >>> > >> > > > not checked (see above test that > > >>> tries to create > > >>> > >> two users > > >>> > >> with the same > > >>> > >> > > > username) > > >>> > >> > > > > > >>> > >> > > > If you're happy to do this work > > >>> that would be > > >>> > >> awesome! > > >>> > >> > > > > > >>> > >> > > > ----- Original Message ----- > > >>> > >> > > > > From: "Rodrigo Sasaki" > > >>> > >> > >>> > > >>> > >>> com>> > > >>> > >> > >>> __com > > >>> > >> > >>> >>> > > >>> > >> > > > > To: "Stian Thorgersen" > > >>> > > >>> > >> > >>> > > > >>> > >> > >>> > >>> >>> > > >>> > >> > > > > Cc: "Juraci Paix?o Kr?hling" > > >>> > >> > >>> > >>> > > > >>> > >> > >>> > >>> > > >>> > >> >>>, > > >>> > >> > > > keycloak-user at lists.jboss.org > > >>> > > >>> > >> > >>> > > > >>> > >> > >>> __jboss.org > > >>> > >> > > >>> > >> > >>> >> > > >>> > >> > > > > Sent: Monday, 14 July, 2014 > > >>> 2:44:48 PM > > >>> > >> > > > > Subject: Re: [keycloak-user] > > >>> Java Keycloak > > >>> > >> REST API Wrapper > > >>> > >> > > > > > > >>> > >> > > > > Glad to hear it :) > > >>> > >> > > > > > > >>> > >> > > > > I'll be waiting on more replies > > >>> and ideas to > > >>> > >> perhaps make > > >>> > >> it better. > > >>> > >> > > > > Thanks! :) > > >>> > >> > > > > > > >>> > >> > > > > > > >>> > >> > > > > On Mon, Jul 14, 2014 at 10:43 > > >>> AM, Stian > > >>> > >> Thorgersen > > >>> > >> > >>> > >>> > > > >>> > >> > >>> > >>> >>> > > >>> > >> > > >>> > >> > > > wrote: > > >>> > >> > > > > > > >>> > >> > > > > > Great stuff, I'll have a look > > >>> at it soon. At > > >>> > >> first glance > > >>> > >> it looks > > >>> > >> > > > really > > >>> > >> > > > > > good! > > >>> > >> > > > > > > > >>> > >> > > > > > Thanks :) > > >>> > >> > > > > > > > >>> > >> > > > > > ----- Original Message ----- > > >>> > >> > > > > > > From: "Rodrigo Sasaki" > > >>> > >> > >>> > > >>> > >>> com>> > > >>> > >> > >>> __com > > >>> > >> > >>> >>> > > >>> > >> > > > > > > To: "Stian Thorgersen" > > >>> > > >>> > >> > >>> > > > >>> > >> > >>> > >>> >>> > > >>> > >> > > > > > > Cc: "Juraci Paix?o > > >>> > >> > > > > > > Kr?hling" > > >>> > >> > >>> > >>> > > > >>> > >> > >>> > >>> > > >>> > >> >>>, > > >>> > >> > > > > > keycloak-user at lists.jboss.org > > >>> > > >>> > >> > >>> > > > >>> > >> > >>> __jboss.org > > >>> > >> > > >>> > >> > >>> >> > > >>> > >> > > > > > > Sent: Monday, 14 July, 2014 > > >>> 2:40:17 PM > > >>> > >> > > > > > > Subject: Re: > > >>> > >> > > > > > > [keycloak-user] > > >>> Java Keycloak > > >>> > >> REST API Wrapper > > >>> > >> > > > > > > > > >>> > >> > > > > > > PR submitted :) > > >>> > >> > > > > > > > > >>> > >> > > > > > > > > >>> > >> > > > > > > On Fri, Jul 11, 2014 at > > >>> > >> > > > > > > 9:56 > > >>> AM, Stian > > >>> > >> Thorgersen > > >>> > >> > > > > > > > >>> > > >>> > >> > >>> > > >>> > > >>> > >> > > >>> > >> > >>> >>> > > >>> > >> > > > > > wrote: > > >>> > >> > > > > > > > > >>> > >> > > > > > > > Please change package > > >>> names to > > >>> > >> 'org.keycloak.admin.client' > > >>> > >> > > > > > > > > > >>> > >> > > > > > > > ----- Original Message > > >>> ----- > > >>> > >> > > > > > > > > From: "Rodrigo Sasaki" > > >>> > >> > >>> > > >>> > >>> com>> > > >>> > >> > >>> __com > > >>> > >> > >>> >>> > > >>> > >> > > > > > > > > To: "Stian Thorgersen" > > >>> > >> > > >>> > > > >>> > >> > >>> > >>> >>> > > >>> > >> > > > > > > > > Cc: "Juraci Paix?o > > >>> Kr?hling" > > >>> > >> > >>> > >>> > > > >>> > >> > >>> > >>> > > >>> > >> >>>, > > >>> > >> > > > > > > > > > >>> keycloak-user at lists.jboss.org > >>> jboss.org> > > >>> > >> > >>> > > > >>> > >> > >>> __jboss.org > > >>> > >> > > >>> > >> > >>> >> > > >>> > >> > > > > > > > > Sent: Friday, 11 July, > > >>> 2014 1:51:41 PM > > >>> > >> > > > > > > > > Subject: Re: > > >>> [keycloak-user] Java > > >>> > >> Keycloak REST API > > >>> > >> Wrapper > > >>> > >> > > > > > > > > > > >>> > >> > > > > > > > > Just one more question, > > >>> I created it > > >>> > >> with my > > >>> > >> companies' name in > > >>> > >> > > > the > > >>> > >> > > > > > > > > package, should I > > >>> replace it? Or just > > >>> > >> upload it as is? > > >>> > >> > > > > > > > > > > >>> > >> > > > > > > > > It's > > >>> br.com.icarros.keycloak.api > > >>> > >> > > > > > > > > > > >>> > >> > > > > > > > > > > >>> > >> > > > > > > > > > > >>> > >> > > > > > > > > > > >>> > >> > > > > > > > > On Fri, Jul 11, 2014 at > > >>> 4:13 AM, Stian > > >>> > >> Thorgersen < > > >>> > >> > > > stian at redhat.com > > >>> > >>> > > > >>> > >> > >>> > >>> >>> > > >>> > >> > > >>> > >> > > > > > > > wrote: > > >>> > >> > > > > > > > > > > >>> > >> > > > > > > > > > You can create a new > > >>> module for it in: > > >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > > > > >>> integration/admin-client > > >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > > ----- Original > > >>> > >> > > > > > > > > > Message > > >>> ----- > > >>> > >> > > > > > > > > > > From: "Rodrigo > > >>> Sasaki" > > >>> > >> > >>> > > >>> > >> > >>> > > > >>> > >> > >>> __com > > >>> > >> > >>> >>> > > >>> > >> > > > > > > > > > > To: "Stian > > >>> Thorgersen" > > >>> > >> > > >>> > > > >>> > >> > >>> > >>> >>> > > >>> > >> > > > > > > > > > > Cc: "Juraci Paix?o > > >>> Kr?hling" > > >>> > >> > >>> > >>> > > > >>> > >> > >>> > >>> >>>, > > >>> > >> > > > > > > > > > > > >>> keycloak-user at lists.jboss.org > >>> jboss.org> > > >>> > >> > >>> > > > >>> > >> > >>> __jboss.org > > >>> > >> > > >>> > >> > >>> >> > > >>> > >> > > > > > > > > > > Sent: Thursday, 10 > > >>> July, 2014 > > >>> > >> 8:50:00 PM > > >>> > >> > > > > > > > > > > Subject: Re: > > >>> [keycloak-user] Java > > >>> > >> Keycloak REST > > >>> > >> API Wrapper > > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > > > Stian, how should I > > >>> send the code > > >>> > >> that I made > > >>> > >> to the > > >>> > >> > > > > > > > > > > Keycloak > > >>> > >> > > > > > repo? > > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > > > Can you tell me > > >>> > >> > > > > > > > > > > what > > >>> module name > > >>> > >> to use, and > > >>> > >> where to > > >>> > >> > > > > > > > > > > create > > >>> > >> > > > it? > > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > > > On Tue, Jul 8, 2014 > > >>> at 10:00 AM, > > >>> > >> Rodrigo Sasaki < > > >>> > >> > > > > > > > > > > > >>> rodrigopsasaki at gmail.com > > >>> > >> > >>> > > > >>> > >> > >>> __com > > >>> > >> > > >>> > >> > >>> >>> > > >>> > >> > > > > > > > > > > wrote: > > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > > > > I would really > > >>> like to do that > > >>> > >> :) All I'm > > >>> > >> waiting for is > > >>> > >> > > > an OK > > >>> > >> > > > > > to > > >>> > >> > > > > > > > do > > >>> > >> > > > > > > > > > it, > > >>> > >> > > > > > > > > > > > because it was > > >>> built inside the > > >>> > >> company, so I > > >>> > >> need > > >>> > >> > > > approval. > > >>> > >> > > > > > > > > > > > > > >>> > >> > > > > > > > > > > > But I really > > >>> believe it'll get a > > >>> > >> lot better > > >>> > >> when it's out > > >>> > >> > > > > > there, > > >>> > >> > > > > > > > and > > >>> > >> > > > > > > > > > you > > >>> > >> > > > > > > > > > > > can all pitch in > > >>> > >> > > > > > > > > > > > > > >>> > >> > > > > > > > > > > > > > >>> > >> > > > > > > > > > > > On Tue, Jul 8, > > >>> 2014 at 9:55 AM, > > >>> > >> Stian > > >>> > >> Thorgersen < > > >>> > >> > > > > > stian at redhat.com > > >>> > >>> > > > >>> > >> > >>> > >>> >> > > >>> > >> > > >>> > >> > > > > > > > > > > >>> > >> > > > > > > > > > wrote: > > >>> > >> > > > > > > > > > > > > > >>> > >> > > > > > > > > > > >> Ideal way to > > >>> contribute it to > > >>> > >> Keycloak would > > >>> > >> be if you > > >>> > >> > > > fork > > >>> > >> > > > > > the > > >>> > >> > > > > > > > > > Keycloak > > >>> > >> > > > > > > > > > > >> repo, add a > > >>> module and do a PR ;) > > >>> > >> > > > > > > > > > > >> > > >>> > >> > > > > > > > > > > >> ----- Original > > >>> Message ----- > > >>> > >> > > > > > > > > > > >> > From: "Rodrigo > > >>> Sasaki" > > >>> > >> > >>> > > >>> > >> > >>> > > > >>> > >> > >>> __com > > >>> > >> > >>> >>> > > >>> > >> > > > > > > > > > > >> > To: "Juraci > > >>> Paix?o Kr?hling" > > >>> > >> > >>> > >>> > > > >>> > >> > >>> > >>> >>> > > >>> > >> > > > > > > > > > > >> > Cc: > > >>> > >> keycloak-user at lists.jboss.org > > >>> > > >>> > >> > >>> > > > >>> > >> > >>> __jboss.org > > >>> > >> > > >>> > >> > >>> >> > > >>> > >> > > > > > > > > > > >> > Sent: Tuesday, > > >>> 8 July, 2014 > > >>> > >> 1:50:14 PM > > >>> > >> > > > > > > > > > > >> > Subject: Re: > > >>> [keycloak-user] > > >>> > >> Java Keycloak > > >>> > >> REST API > > >>> > >> > > > Wrapper > > >>> > >> > > > > > > > > > > >> > > > >>> > >> > > > > > > > > > > >> > Oh yes, I > > >>> believe it is > > >>> > >> already very usable. > > >>> > >> > > > > > > > > > > >> > > > >>> > >> > > > > > > > > > > >> > All I need now > > >>> is to get my > > >>> > >> manager to > > >>> > >> agree to make > > >>> > >> > > > this > > >>> > >> > > > > > repo > > >>> > >> > > > > > > > > > public, > > >>> > >> > > > > > > > > > > >> > because there > > >>> is a policy > > >>> > >> that all repos > > >>> > >> are private > > >>> > >> > > > > > > > > > > >> > in > > >>> > >> > > > this > > >>> > >> > > > > > > > project > > >>> > >> > > > > > > > > > > >> we're > > >>> > >> > > > > > > > > > > >> > working in, > > >>> > >> > > > > > > > > > > >> > but > > >>> I don't think > > >>> > >> we'll have > > >>> > >> problems with > > >>> > >> > > > > > this. I > > >>> > >> > > > > > > > > > pitched > > >>> > >> > > > > > > > > > > >> him > > >>> > >> > > > > > > > > > > >> > the idea of > > >>> contributing to > > >>> > >> Keycloak and > > >>> > >> he seemed to > > >>> > >> > > > like > > >>> > >> > > > > > it > > >>> > >> > > > > > > > > > > >> > > > >>> > >> > > > > > > > > > > >> > > > >>> > >> > > > > > > > > > > >> > On Tue, Jul 8, > > >>> 2014 at 9:32 > > >>> > >> AM, Juraci > > >>> > >> Paix?o Kr?hling > > >>> > >> > > > > > > > > > > >> > < > > >>> > >> > > > > > > > > > > >> > > >>> juraci at kroehling.de > > >>> > >> > >>> > > >>> > > >>> > >> > > >>> > >> > >>> >> > > >>> > >> > > > > > > > > > > >> > > wrote: > > >>> > >> > > > > > > > > > > >> > > > >>> > >> > > > > > > > > > > >> > > > >>> > >> > > > > > > > > > > >> > -----BEGIN PGP > > >>> SIGNED > > >>> > >> MESSAGE----- > > >>> > >> > > > > > > > > > > >> > Hash: SHA512 > > >>> > >> > > > > > > > > > > >> > > > >>> > >> > > > > > > > > > > >> > Hello Rodrigo, > > >>> > >> > > > > > > > > > > >> > > > >>> > >> > > > > > > > > > > >> > Do you have > > >>> news about this? > > >>> > >> I'm working > > >>> > >> on a task > > >>> > >> > > > > > > > > > > >> > that > > >>> > >> > > > > > would > > >>> > >> > > > > > > > > > require > > >>> > >> > > > > > > > > > > >> > me to do > > >>> something similar, > > >>> > >> so, I think it > > >>> > >> would best > > >>> > >> > > > if we > > >>> > >> > > > > > can > > >>> > >> > > > > > > > > > > >> > collaborate on > > >>> this API :-) > > >>> > >> > > > > > > > > > > >> > > > >>> > >> > > > > > > > > > > >> > If/when you > > >>> have some time, > > >>> > >> we could have > > >>> > >> a chat via > > >>> > >> > > > > > > > > > > >> > IRC > > >>> > >> > > > > > > > > > (jpkroehling > > >>> > >> > > > > > > > > > > >> > at #keycloak > > >>> > >> > > > > > > > > > > >> > on > > >>> freenode). > > >>> > >> > > > > > > > > > > >> > > > >>> > >> > > > > > > > > > > >> > - - Juca. > > >>> > >> > > > > > > > > > > >> > > > >>> > >> > > > > > > > > > > >> > On 06/20/2014 > > >>> 10:00 PM, > > >>> > >> Rodrigo Sasaki wrote: > > >>> > >> > > > > > > > > > > >> > > I'm working > > >>> on a Java-based > > >>> > >> wrapper for > > >>> > >> the REST > > >>> > >> > > > > > > > > > > >> > > API, > > >>> > >> > > > to > > >>> > >> > > > > > make > > >>> > >> > > > > > > > it > > >>> > >> > > > > > > > > > > >> > > look more > > >>> > >> > > > > > > > > > > >> > > OO, > > >>> abstracting > > >>> > >> the access to > > >>> > >> servers. > > >>> > >> > > > > > > > > > > >> > > > > >>> > >> > > > > > > > > > > >> > > It uses > > >>> methods such as > > >>> > >> > > > > > > > > > > >> > > > > >>> > >> > > > > > > > > > > >> > > User bill = > > >>> > > >> > > > > > > > > > -- > > > Rodrigo Sasaki > > > > > > > > > > > -- > > Rodrigo Sasaki > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user From rodrigopsasaki at gmail.com Wed Jul 30 08:37:40 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Wed, 30 Jul 2014 09:37:40 -0300 Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: <2120785185.20359789.1406723306337.JavaMail.zimbra@redhat.com> References: <1703920550.15129364.1406037527645.JavaMail.zimbra@redhat.com> <53CFC211.2020806@redhat.com> <1642862811.19749418.1406634840854.JavaMail.zimbra@redhat.com> <2120785185.20359789.1406723306337.JavaMail.zimbra@redhat.com> Message-ID: I haven't done much testing unfortunately, so I don't really know how to go about it. But if you want, you can do a couple, so I have an idea of how it looks, and I can write the tests for the rest On Wed, Jul 30, 2014 at 9:28 AM, Stian Thorgersen wrote: > It's merged now! > > I added some more tests, will add more soon. Also, I renamed the resources > to remove the Keycloak prefix (so it's now RealmResource instead of > KeycloakRealm). > > Great work, thanks :) > > ----- Original Message ----- > > From: "Stian Thorgersen" > > To: "Rodrigo Sasaki" > > Cc: keycloak-user at lists.jboss.org > > Sent: Tuesday, 29 July, 2014 12:54:00 PM > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > I'll have a look later today or tomorrow morning > > > > ----- Original Message ----- > > > From: "Rodrigo Sasaki" > > > To: "Bill Burke" > > > Cc: "Stian Thorgersen" , > keycloak-user at lists.jboss.org > > > Sent: Tuesday, 29 July, 2014 12:21:30 PM > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > Hello, > > > > > > I was just wondering. What is missing from the admin-client to merge it > > > with the master branch? > > > > > > > > > On Wed, Jul 23, 2014 at 1:04 PM, Rodrigo Sasaki < > rodrigopsasaki at gmail.com> > > > wrote: > > > > > > > So far it's good :) But it's not fully in production. > > > > > > > > We changed a small portion of the application, that only internal > > > > administrative employees have access to, and so far it's holding up > very > > > > well > > > > > > > > But we can't really put it completely in production until we figure > out > > > > those login issues from the other thread > > > > > > > > > > > > On Wed, Jul 23, 2014 at 11:09 AM, Bill Burke > wrote: > > > > > > > >> You are using us in production? I don't know if I should be happy > or > > > >> scared :) How is it going? Are we holding up? > > > >> > > > >> On 7/23/2014 9:50 AM, Rodrigo Sasaki wrote: > > > >> > > > >>> The problem was that the version of keycloak we have in production > is > > > >>> based on the beta-2, and the UserRepresentation there is different, > > > >>> sorry about this. > > > >>> > > > >>> I submitted a PR with the alterations > > > >>> > > > >>> > > > >>> On Tue, Jul 22, 2014 at 11:06 AM, Rodrigo Sasaki > > > >>> > > wrote: > > > >>> > > > >>> The thing is that I simply create an instance and assign an > > > >>> username > > > >>> > > > >>> UserRepresentation userRep = new UserRepresentation(); > > > >>> userRep.setUsername("user1"); > > > >>> realm.users().create(userRep); > > > >>> > > > >>> That create is a proxy of the interface, so I don't really know > > > >>> where I could interfere here with code. > > > >>> > > > >>> > > > >>> On Tue, Jul 22, 2014 at 10:58 AM, Stian Thorgersen > > > >>> > > >>> > wrote: > > > >>> > > > >>> Try removing socialLinks instead of setting the value to > null, > > > >>> or specifying an empty array. > > > >>> > > > >>> ----- Original Message ----- > > > >>> > From: "Rodrigo Sasaki" > > >>> > > > > >>> > To: "Bill Burke" > > >>> > > > >>> >> > > > >>> > Cc: "Stian Thorgersen" > > >>> >, keycloak-user at lists.jboss.org > > > >>> > > > >>> > Sent: Tuesday, 22 July, 2014 2:54:49 PM > > > >>> > Subject: Re: [keycloak-user] Java Keycloak REST API > Wrapper > > > >>> > > > > >>> > I tried creating a user using the API, and I got a 400 > > > >>> > status > > > >>> code, I went > > > >>> > to check everything, and it seems that I can't send > > > >>> "socialLinks", > > > >>> > "realmRoles" and "applicationRoles" as null for some > reason, > > > >>> I get this > > > >>> > exception: > > > >>> > > > > >>> > > org.codehaus.jackson.map.exc.UnrecognizedPropertyException: > > > >>> Unrecognized > > > >>> > field "socialLinks" > > > >>> > (Class > > > >>> org.keycloak.representations.idm.UserRepresentation), not > > > >>> marked > > > >>> > as ignorable > > > >>> > > > > >>> > But I know those values aren't mandatory. Is there a > fix for > > > >>> this? > > > >>> > > > > >>> > > > > >>> > On Fri, Jul 18, 2014 at 1:37 PM, Bill Burke > > > >>> > wrote: > > > >>> > > > > >>> > > String token = getToken(); > > > >>> > > final String authHeader = "Bearer " + token; > > > >>> > > ClientRequestFilter authFilter = new > ClientRequestFilter() > > > >>> > > { > > > >>> > > @Override > > > >>> > > public void filter(ClientRequestContext > requestContext) > > > >>> throws > > > >>> > > IOException { > > > >>> > > > > > >>> > > > requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, > > > >>> authHeader); > > > >>> > > > > > >>> > > } > > > >>> > > }; > > > >>> > > > > > >>> > > > > > >>> > > ResteasyWebTarget target = > > > >>> client.target("http://localhost:8080/auth"); > > > >>> > > target.register(authFilter); > > > >>> > > Admin admin = target.proxy(Admin.class); > > > >>> > > > > > >>> > > > > > >>> > > > > > >>> > > On 7/18/2014 12:26 PM, Rodrigo Sasaki wrote: > > > >>> > > > > > >>> > >> Can you help me with any hint or documentation > regarding > > > >>> that > > > >>> > >> BearerTokenFilter implementation? > > > >>> > >> > > > >>> > >> I understand that I have to create it myself, but I > don't > > > >>> know what I > > > >>> > >> should create. I tried browsing the web, but with no > > > >>> success.. Perhaps > > > >>> > >> I'm missing the right keyword to find what I need > > > >>> > >> > > > >>> > >> > > > >>> > >> On Thu, Jul 17, 2014 at 6:36 PM, Rodrigo Sasaki > > > >>> > >> > > >>> > > > >>> > > >>> >> wrote: > > > >>> > >> > > > >>> > >> That's perfect :) thanks for the help > > > >>> > >> > > > >>> > >> I'll get started on it as soon as I can > > > >>> > >> > > > >>> > >> On Jul 17, 2014 5:55 PM, "Bill Burke" > > > >>> > > > >>> > >> > > >>> > >> >> > > > >>> wrote: > > > >>> > >> > > > >>> > >> @Path("/admin > > > >>> > >> public interface Admin { > > > >>> > >> @Path("realms/{realm}") > > > >>> > >> Realm realm(@PathParameter("realm") > > > >>> > >> realmName); > > > >>> > >> } > > > >>> > >> > > > >>> > >> public interface Realm { > > > >>> > >> @GET > > > >>> > >> @Produces("application/json") > > > >>> > >> RealmRepresentation get(); > > > >>> > >> > > > >>> > >> @DELETE > > > >>> > >> void delete(); > > > >>> > >> > > > >>> > >> @PUT > > > >>> > >> @Consumes("application/json") > > > >>> > >> void update(RealmRepresentation rep); > > > >>> > >> > > > >>> > >> @Path("users") > > > >>> > >> Users users(); > > > >>> > >> } > > > >>> > >> > > > >>> > >> public interface Users { > > > >>> > >> ... > > > >>> > >> } > > > >>> > >> > > > >>> > >> FOllow me? > > > >>> > >> > > > >>> > >> Then its just > > > >>> > >> > > > >>> > >> ResteasyClient client = new > > > >>> ResteasyClientBuilder().build(__); > > > >>> > >> ResteasyWebTarget target = > > > >>> > >> client.target("http://__localhost:8080/auth > > > >>> > >> > > > >>> > >> "); > > > >>> > >> > > > >>> > >> String token = ... get a token ... > > > >>> > >> > > > >>> > >> target.register(new > BearerTokenFilter(token)); // > > > >>> you'd have to > > > >>> > >> implement this > > > >>> > >> > > > >>> > >> Admin admin = target.proxy(Admin.class); > > > >>> > >> > > > >>> > >> admin.realm("master") > > > >>> > >> > > > >>> > >> That's about as much help I can give you > right > > > >>> > >> now. > > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> > > > >>> > >> On 7/17/2014 11:18 AM, Rodrigo Sasaki wrote: > > > >>> > >> > > > >>> > >> OK, will do. > > > >>> > >> > > > >>> > >> Is there a way for me to do it like it is > > > >>> there? I'll > > > >>> > >> explain a little > > > >>> > >> better > > > >>> > >> > > > >>> > >> the class *AdminRoot* has the path set to > > > >>> "/admin", and it > > > >>> > >> has a method > > > >>> > >> getRealmsAdmin, with "realms" on the > path, > > > >>> > >> and > > > >>> on the > > > >>> > >> *RealmsAdminResource* there's the > > > >>> getRealmAdmin mapped to > > > >>> > >> "{realm}", > > > >>> > >> making the full path for it > > > >>> "/admin/realms/{realm}", even > > > >>> > >> though each > > > >>> > >> one is in a different class. > > > >>> > >> > > > >>> > >> Is there a way for me to do it the same > way, > > > >>> > >> I > > > >>> don't know > > > >>> > >> how the Proxy > > > >>> > >> framework would understand that, maybe I > > > >>> > >> would > > > >>> have to set > > > >>> > >> the full path > > > >>> > >> > > > >>> > >> > > > >>> > >> On Thu, Jul 17, 2014 at 12:11 PM, Stian > > > >>> Thorgersen > > > >>> > >> stian at redhat.com> > > > >>> > > > > >>> > >> > > >>> > > >>> >>> wrote: > > > >>> > >> > > > >>> > >> Rodrigo: just create your own > > > >>> > >> interfaces. > > > >>> If you can > > > >>> > >> try to keep > > > >>> > >> them as consistent with jax-rs > classes > > > >>> > >> in > > > >>> services as > > > >>> > >> you can that > > > >>> > >> would be great. > > > >>> > >> > > > >>> > >> ----- Original Message ----- > > > >>> > >> > From: "Stian Thorgersen" > > > >>> > > > >>> > >> > > >>> > > > >>> > > > >>> > >> > > >>> >>> > > > >>> > >> > To: "Rodrigo Sasaki" > > > >>> > > > > >>> > >> > > >>> > > > > >>> > >> > > >>> __com > > > >>> > >> > > >>> >>>, "Bill Burke" > > > >>> > >> bburke at redhat.com> > > > >>> > > > > >>> > >> > > >>> > > >>> >>> > > > >>> > >> > Cc: > keycloak-user at lists.jboss.org > > > >>> > > > >>> > >> > > >>> > > > > >>> > >> > > >>> __jboss.org > > > > >>> > >> > > > >>> > >> > > >>> >> > > > >>> > >> > Sent: Wednesday, 16 July, 2014 > > > >>> > >> > 2:34:44 > > > >>> PM > > > >>> > >> > Subject: Re: [keycloak-user] Java > > > >>> Keycloak REST API > > > >>> > >> Wrapper > > > >>> > >> > > > > >>> > >> > Bill: does it make sense for us > to > > > >>> share interfaces > > > >>> > >> (with jax-rs > > > >>> > >> annotations) > > > >>> > >> > for services and admin-client? > > > >>> > >> > > > > >>> > >> > ----- Original Message ----- > > > >>> > >> > > From: "Rodrigo Sasaki" > > > >>> > > > > >>> > >> > > >>> > > > > >>> > >> > > >>> __com > > > >>> > >> > > >>> >>> > > > >>> > >> > > To: "Stian Thorgersen" > > > >>> > > > >>> > >> > > >>> > > > >>> > > > >>> > >> > > >>> >>> > > > >>> > >> > > Cc: "Juraci Paix?o Kr?hling" > > > >>> > > > >>> > >> > > >>> > > > > >>> > >> > > >>> > > >>> > > > >>> > >> >>>, > > > >>> > >> > > keycloak-user at lists.jboss.org > > > >>> > > > >>> > >> > > >>> > > > > >>> > >> > > >>> __jboss.org > > > > >>> > >> > > > >>> > >> > > >>> >> > > > >>> > >> > > Sent: Wednesday, 16 July, 2014 > > > >>> 2:31:35 PM > > > >>> > >> > > Subject: Re: [keycloak-user] > Java > > > >>> Keycloak REST > > > >>> > >> API Wrapper > > > >>> > >> > > > > > >>> > >> > > I'll get on it for sure. > > > >>> > >> > > > > > >>> > >> > > Just one thing, should I create > > > >>> myself the > > > >>> > >> interfaces for the > > > >>> > >> services? Or > > > >>> > >> > > is there a more integrated way > to > > > >>> > >> > > do > > > >>> that? > > > >>> > >> > > > > > >>> > >> > > > > > >>> > >> > > On Wed, Jul 16, 2014 at 10:27 > AM, > > > >>> Stian Thorgersen > > > >>> > >> > > >>> > > >>> > > > > >>> > >> > > >>> > > >>> >>> > > > >>> > >> > > > >>> > >> > > wrote: > > > >>> > >> > > > > > >>> > >> > > > Great work with the > admin-client. > > > >>> As I commented > > > >>> > >> on GitHub I > > > >>> > >> added it to > > > >>> > >> > > > 'admin-client' branch, and > would > > > >>> like a few > > > >>> > >> changes before > > > >>> > >> merging to > > > >>> > >> > > > master: > > > >>> > >> > > > > > > >>> > >> > > > * Make it use RestEasy client > > > >>> framwork > > > >>> > >> > > > * Tests - I've added a > starting > > > >>> point to > > > >>> > >> > > > > > > >>> > >> https://github.com/keycloak/__ > > > >>> keycloak/blob/admin-client/__ > > > >>> > >> > > > >>> testsuite/integration/src/__test/java/org/keycloak/__ > > > >>> testsuite/admin/__ > > > >>> > >> AdminClientTest.java > > > >>> > >> > > > >>> > >> > > > >>> > > >>> > >> > > > >>> testsuite/integration/src/test/java/org/keycloak/ > > > >>> testsuite/admin/ > > > >>> > >> AdminClientTest.java> > > > >>> > >> > > > * Better error handling - > instead > > > >>> of swallowing > > > >>> > >> exceptions it > > > >>> > >> now throws > > > >>> > >> > > > KeycloakException > > > >>> (RuntimeException), but > > > >>> > >> there's HTTP > > > >>> > >> response codes are > > > >>> > >> > > > not checked (see above test > that > > > >>> tries to create > > > >>> > >> two users > > > >>> > >> with the same > > > >>> > >> > > > username) > > > >>> > >> > > > > > > >>> > >> > > > If you're happy to do this > work > > > >>> that would be > > > >>> > >> awesome! > > > >>> > >> > > > > > > >>> > >> > > > ----- Original Message ----- > > > >>> > >> > > > > From: "Rodrigo Sasaki" > > > >>> > >> > > >>> > > > >>> rodrigopsasaki at gmail. > > > >>> com>> > > > >>> > >> > > >>> __com > > > >>> > >> > > >>> >>> > > > >>> > >> > > > > To: "Stian Thorgersen" > > > >>> > > > >>> > >> > > >>> > > > > >>> > >> > > >>> > > >>> >>> > > > >>> > >> > > > > Cc: "Juraci Paix?o > Kr?hling" > > > >>> > >> > > >>> > > >>> > > > > >>> > >> > > >>> > > >>> > > > >>> > >> >>>, > > > >>> > >> > > > > keycloak-user at lists.jboss.org > > > >>> > > > >>> > >> > > >>> > > > > >>> > >> > > >>> __jboss.org > > > > >>> > >> > > > >>> > >> > > >>> >> > > > >>> > >> > > > > Sent: Monday, 14 July, 2014 > > > >>> 2:44:48 PM > > > >>> > >> > > > > Subject: Re: > [keycloak-user] > > > >>> Java Keycloak > > > >>> > >> REST API Wrapper > > > >>> > >> > > > > > > > >>> > >> > > > > Glad to hear it :) > > > >>> > >> > > > > > > > >>> > >> > > > > I'll be waiting on more > replies > > > >>> and ideas to > > > >>> > >> perhaps make > > > >>> > >> it better. > > > >>> > >> > > > > Thanks! :) > > > >>> > >> > > > > > > > >>> > >> > > > > > > > >>> > >> > > > > On Mon, Jul 14, 2014 at > 10:43 > > > >>> AM, Stian > > > >>> > >> Thorgersen > > > >>> > >> > > >>> > > >>> > > > > >>> > >> > > >>> > > >>> >>> > > > >>> > >> > > > >>> > >> > > > wrote: > > > >>> > >> > > > > > > > >>> > >> > > > > > Great stuff, I'll have a > look > > > >>> at it soon. At > > > >>> > >> first glance > > > >>> > >> it looks > > > >>> > >> > > > really > > > >>> > >> > > > > > good! > > > >>> > >> > > > > > > > > >>> > >> > > > > > Thanks :) > > > >>> > >> > > > > > > > > >>> > >> > > > > > ----- Original Message > ----- > > > >>> > >> > > > > > > From: "Rodrigo Sasaki" > > > >>> > >> > > >>> > > > >>> rodrigopsasaki at gmail. > > > >>> com>> > > > >>> > >> > > >>> __com > > > >>> > >> > > >>> >>> > > > >>> > >> > > > > > > To: "Stian Thorgersen" > > > >>> > > > >>> > >> > > >>> > > > > >>> > >> > > >>> > > >>> >>> > > > >>> > >> > > > > > > Cc: "Juraci Paix?o > > > >>> > >> > > > > > > Kr?hling" > > > >>> > >> > > >>> > > >>> > > > > >>> > >> > > >>> > > >>> > > > >>> > >> >>>, > > > >>> > >> > > > > > > keycloak-user at lists.jboss.org > > > >>> > > > >>> > >> > > >>> > > > > >>> > >> > > >>> __jboss.org > > > > >>> > >> > > > >>> > >> > > >>> >> > > > >>> > >> > > > > > > Sent: Monday, 14 July, > 2014 > > > >>> 2:40:17 PM > > > >>> > >> > > > > > > Subject: Re: > > > >>> > >> > > > > > > [keycloak-user] > > > >>> Java Keycloak > > > >>> > >> REST API Wrapper > > > >>> > >> > > > > > > > > > >>> > >> > > > > > > PR submitted :) > > > >>> > >> > > > > > > > > > >>> > >> > > > > > > > > > >>> > >> > > > > > > On Fri, Jul 11, 2014 at > > > >>> > >> > > > > > > 9:56 > > > >>> AM, Stian > > > >>> > >> Thorgersen > > > >>> > >> > > > > > > > > >>> > > > >>> > >> > > >>> > > > >>> > > > >>> > >> > > > >>> > >> > > >>> >>> > > > >>> > >> > > > > > wrote: > > > >>> > >> > > > > > > > > > >>> > >> > > > > > > > Please change package > > > >>> names to > > > >>> > >> 'org.keycloak.admin.client' > > > >>> > >> > > > > > > > > > > >>> > >> > > > > > > > ----- Original > Message > > > >>> ----- > > > >>> > >> > > > > > > > > From: "Rodrigo > Sasaki" > > > >>> > >> > > >>> > > > >>> rodrigopsasaki at gmail. > > > >>> com>> > > > >>> > >> > > >>> __com > > > >>> > >> > > >>> >>> > > > >>> > >> > > > > > > > > To: "Stian > Thorgersen" > > > >>> > >> stian at redhat.com> > > > >>> > > > > >>> > >> > > >>> > > >>> >>> > > > >>> > >> > > > > > > > > Cc: "Juraci Paix?o > > > >>> Kr?hling" > > > >>> > >> > > >>> > > >>> > > > > >>> > >> > > >>> > > >>> > > > >>> > >> >>>, > > > >>> > >> > > > > > > > > > > >>> keycloak-user at lists.jboss.org > > >>> jboss.org> > > > >>> > >> > > >>> > > > > >>> > >> > > >>> __jboss.org > > > > >>> > >> > > > >>> > >> > > >>> >> > > > >>> > >> > > > > > > > > Sent: Friday, 11 > July, > > > >>> 2014 1:51:41 PM > > > >>> > >> > > > > > > > > Subject: Re: > > > >>> [keycloak-user] Java > > > >>> > >> Keycloak REST API > > > >>> > >> Wrapper > > > >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > Just one more > question, > > > >>> I created it > > > >>> > >> with my > > > >>> > >> companies' name in > > > >>> > >> > > > the > > > >>> > >> > > > > > > > > package, should I > > > >>> replace it? Or just > > > >>> > >> upload it as is? > > > >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > It's > > > >>> br.com.icarros.keycloak.api > > > >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > On Fri, Jul 11, > 2014 at > > > >>> 4:13 AM, Stian > > > >>> > >> Thorgersen < > > > >>> > >> > > > stian at redhat.com > > > >>> > > >>> > > > > >>> > >> > > >>> > > >>> >>> > > > >>> > >> > > > >>> > >> > > > > > > > wrote: > > > >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > > You can create a > new > > > >>> module for it in: > > > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > > > > > >>> integration/admin-client > > > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > > ----- Original > > > >>> > >> > > > > > > > > > Message > > > >>> ----- > > > >>> > >> > > > > > > > > > > From: "Rodrigo > > > >>> Sasaki" > > > >>> > >> > > >>> > > > >>> > >> > > >>> > > > > >>> > >> > > >>> __com > > > >>> > >> > > >>> >>> > > > >>> > >> > > > > > > > > > > To: "Stian > > > >>> Thorgersen" > > > >>> > >> stian at redhat.com> > > > >>> > > > > >>> > >> > > >>> > > >>> >>> > > > >>> > >> > > > > > > > > > > Cc: "Juraci > Paix?o > > > >>> Kr?hling" > > > >>> > >> > > >>> > > >>> > > > > >>> > >> > > >>> > > >>> >>>, > > > >>> > >> > > > > > > > > > > > > >>> keycloak-user at lists.jboss.org > > >>> jboss.org> > > > >>> > >> > > >>> > > > > >>> > >> > > >>> __jboss.org > > > > >>> > >> > > > >>> > >> > > >>> >> > > > >>> > >> > > > > > > > > > > Sent: > Thursday, 10 > > > >>> July, 2014 > > > >>> > >> 8:50:00 PM > > > >>> > >> > > > > > > > > > > Subject: Re: > > > >>> [keycloak-user] Java > > > >>> > >> Keycloak REST > > > >>> > >> API Wrapper > > > >>> > >> > > > > > > > > > > > > > >>> > >> > > > > > > > > > > Stian, how > should I > > > >>> send the code > > > >>> > >> that I made > > > >>> > >> to the > > > >>> > >> > > > > > > > > > > Keycloak > > > >>> > >> > > > > > repo? > > > >>> > >> > > > > > > > > > > > > > >>> > >> > > > > > > > > > > Can you tell me > > > >>> > >> > > > > > > > > > > what > > > >>> module name > > > >>> > >> to use, and > > > >>> > >> where to > > > >>> > >> > > > > > > > > > > create > > > >>> > >> > > > it? > > > >>> > >> > > > > > > > > > > > > > >>> > >> > > > > > > > > > > > > > >>> > >> > > > > > > > > > > On Tue, Jul 8, > 2014 > > > >>> at 10:00 AM, > > > >>> > >> Rodrigo Sasaki < > > > >>> > >> > > > > > > > > > > > > >>> rodrigopsasaki at gmail.com > > > >>> > >> > > >>> > > > > >>> > >> > > >>> __com > > > >>> > >> > > > >>> > >> > > >>> >>> > > > >>> > >> > > > > > > > > > > wrote: > > > >>> > >> > > > > > > > > > > > > > >>> > >> > > > > > > > > > > > I would > really > > > >>> like to do that > > > >>> > >> :) All I'm > > > >>> > >> waiting for is > > > >>> > >> > > > an OK > > > >>> > >> > > > > > to > > > >>> > >> > > > > > > > do > > > >>> > >> > > > > > > > > > it, > > > >>> > >> > > > > > > > > > > > because it > was > > > >>> built inside the > > > >>> > >> company, so I > > > >>> > >> need > > > >>> > >> > > > approval. > > > >>> > >> > > > > > > > > > > > > > > >>> > >> > > > > > > > > > > > But I really > > > >>> believe it'll get a > > > >>> > >> lot better > > > >>> > >> when it's out > > > >>> > >> > > > > > there, > > > >>> > >> > > > > > > > and > > > >>> > >> > > > > > > > > > you > > > >>> > >> > > > > > > > > > > > can all > pitch in > > > >>> > >> > > > > > > > > > > > > > > >>> > >> > > > > > > > > > > > > > > >>> > >> > > > > > > > > > > > On Tue, Jul > 8, > > > >>> 2014 at 9:55 AM, > > > >>> > >> Stian > > > >>> > >> Thorgersen < > > > >>> > >> > > > > > stian at redhat.com > > > >>> > > >>> > > > > >>> > >> > > >>> > > >>> >> > > > >>> > >> > > > >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > > > wrote: > > > >>> > >> > > > > > > > > > > > > > > >>> > >> > > > > > > > > > > >> Ideal way to > > > >>> contribute it to > > > >>> > >> Keycloak would > > > >>> > >> be if you > > > >>> > >> > > > fork > > > >>> > >> > > > > > the > > > >>> > >> > > > > > > > > > Keycloak > > > >>> > >> > > > > > > > > > > >> repo, add a > > > >>> module and do a PR ;) > > > >>> > >> > > > > > > > > > > >> > > > >>> > >> > > > > > > > > > > >> ----- > Original > > > >>> Message ----- > > > >>> > >> > > > > > > > > > > >> > From: > "Rodrigo > > > >>> Sasaki" > > > >>> > >> > > >>> > > > >>> > >> > > >>> > > > > >>> > >> > > >>> __com > > > >>> > >> > > >>> >>> > > > >>> > >> > > > > > > > > > > >> > To: > "Juraci > > > >>> Paix?o Kr?hling" > > > >>> > >> > > >>> > > >>> > > > > >>> > >> > > >>> > > >>> >>> > > > >>> > >> > > > > > > > > > > >> > Cc: > > > >>> > >> keycloak-user at lists.jboss.org > > > >>> > > > >>> > >> > > >>> > > > > >>> > >> > > >>> __jboss.org > > > > >>> > >> > > > >>> > >> > > >>> >> > > > >>> > >> > > > > > > > > > > >> > Sent: > Tuesday, > > > >>> 8 July, 2014 > > > >>> > >> 1:50:14 PM > > > >>> > >> > > > > > > > > > > >> > Subject: > Re: > > > >>> [keycloak-user] > > > >>> > >> Java Keycloak > > > >>> > >> REST API > > > >>> > >> > > > Wrapper > > > >>> > >> > > > > > > > > > > >> > > > > >>> > >> > > > > > > > > > > >> > Oh yes, I > > > >>> believe it is > > > >>> > >> already very usable. > > > >>> > >> > > > > > > > > > > >> > > > > >>> > >> > > > > > > > > > > >> > All I > need now > > > >>> is to get my > > > >>> > >> manager to > > > >>> > >> agree to make > > > >>> > >> > > > this > > > >>> > >> > > > > > repo > > > >>> > >> > > > > > > > > > public, > > > >>> > >> > > > > > > > > > > >> > because > there > > > >>> is a policy > > > >>> > >> that all repos > > > >>> > >> are private > > > >>> > >> > > > > > > > > > > >> > in > > > >>> > >> > > > this > > > >>> > >> > > > > > > > project > > > >>> > >> > > > > > > > > > > >> we're > > > >>> > >> > > > > > > > > > > >> > working > in, > > > >>> > >> > > > > > > > > > > >> > but > > > >>> I don't think > > > >>> > >> we'll have > > > >>> > >> problems with > > > >>> > >> > > > > > this. I > > > >>> > >> > > > > > > > > > pitched > > > >>> > >> > > > > > > > > > > >> him > > > >>> > >> > > > > > > > > > > >> > the idea > of > > > >>> contributing to > > > >>> > >> Keycloak and > > > >>> > >> he seemed to > > > >>> > >> > > > like > > > >>> > >> > > > > > it > > > >>> > >> > > > > > > > > > > >> > > > > >>> > >> > > > > > > > > > > >> > > > > >>> > >> > > > > > > > > > > >> > On Tue, > Jul 8, > > > >>> 2014 at 9:32 > > > >>> > >> AM, Juraci > > > >>> > >> Paix?o Kr?hling > > > >>> > >> > > > > > > > > > > >> > < > > > >>> > >> > > > > > > > > > > >> > > > >>> juraci at kroehling.de > > > >>> > >> > > >>> > > > >>> > > > >>> > >> > > > >>> > >> > > >>> >> > > > >>> > >> > > > > > > > > > > >> > > wrote: > > > >>> > >> > > > > > > > > > > >> > > > > >>> > >> > > > > > > > > > > >> > > > > >>> > >> > > > > > > > > > > >> > > -----BEGIN PGP > > > >>> SIGNED > > > >>> > >> MESSAGE----- > > > >>> > >> > > > > > > > > > > >> > Hash: > SHA512 > > > >>> > >> > > > > > > > > > > >> > > > > >>> > >> > > > > > > > > > > >> > Hello > Rodrigo, > > > >>> > >> > > > > > > > > > > >> > > > > >>> > >> > > > > > > > > > > >> > Do you > have > > > >>> news about this? > > > >>> > >> I'm working > > > >>> > >> on a task > > > >>> > >> > > > > > > > > > > >> > that > > > >>> > >> > > > > > would > > > >>> > >> > > > > > > > > > require > > > >>> > >> > > > > > > > > > > >> > me to do > > > >>> something similar, > > > >>> > >> so, I think it > > > >>> > >> would best > > > >>> > >> > > > if we > > > >>> > >> > > > > > can > > > >>> > >> > > > > > > > > > > >> > > collaborate on > > > >>> this API :-) > > > >>> > >> > > > > > > > > > > >> > > > > >>> > >> > > > > > > > > > > >> > If/when > you > > > >>> have some time, > > > >>> > >> we could have > > > >>> > >> a chat via > > > >>> > >> > > > > > > > > > > >> > IRC > > > >>> > >> > > > > > > > > > (jpkroehling > > > >>> > >> > > > > > > > > > > >> > at > #keycloak > > > >>> > >> > > > > > > > > > > >> > on > > > >>> freenode). > > > >>> > >> > > > > > > > > > > >> > > > > >>> > >> > > > > > > > > > > >> > - - Juca. > > > >>> > >> > > > > > > > > > > >> > > > > >>> > >> > > > > > > > > > > >> > On > 06/20/2014 > > > >>> 10:00 PM, > > > >>> > >> Rodrigo Sasaki wrote: > > > >>> > >> > > > > > > > > > > >> > > I'm > working > > > >>> on a Java-based > > > >>> > >> wrapper for > > > >>> > >> the REST > > > >>> > >> > > > > > > > > > > >> > > API, > > > >>> > >> > > > to > > > >>> > >> > > > > > make > > > >>> > >> > > > > > > > it > > > >>> > >> > > > > > > > > > > >> > > look > more > > > >>> > >> > > > > > > > > > > >> > > OO, > > > >>> abstracting > > > >>> > >> the access to > > > >>> > >> servers. > > > >>> > >> > > > > > > > > > > >> > > > > > >>> > >> > > > > > > > > > > >> > > It uses > > > >>> methods such as > > > >>> > >> > > > > > > > > > > >> > > > > > >>> > >> > > > > > > > > > > >> > > User > bill = > > > >>> > > > >> > > > > > > > > > > > > -- > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > -- > > > Rodrigo Sasaki > > > > > > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140730/f38fd8ec/attachment-0001.html From stian at redhat.com Wed Jul 30 08:52:15 2014 From: stian at redhat.com (Stian Thorgersen) Date: Wed, 30 Jul 2014 08:52:15 -0400 (EDT) Subject: [keycloak-user] Java Keycloak REST API Wrapper In-Reply-To: References: <53CFC211.2020806@redhat.com> <1642862811.19749418.1406634840854.JavaMail.zimbra@redhat.com> <2120785185.20359789.1406723306337.JavaMail.zimbra@redhat.com> Message-ID: <893127571.20374856.1406724735671.JavaMail.zimbra@redhat.com> One more thing I added was the ability to list realms and create/delete realms. Have a look at (ignore AdminAPITest.java): https://github.com/keycloak/keycloak/tree/master/testsuite/integration/src/test/java/org/keycloak/testsuite/admin I added initial tests for realms, apps, oauth clients and users. There's still quite a lot to test. For example updating an application, creating roles, role mappings, role scopes, etc, etc. If you're able to add some more that would be great! You should be able to run those tests directly from your IDE, or from Maven. ----- Original Message ----- > From: "Rodrigo Sasaki" > To: "Stian Thorgersen" > Cc: keycloak-user at lists.jboss.org > Sent: Wednesday, 30 July, 2014 1:37:40 PM > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > I haven't done much testing unfortunately, so I don't really know how to go > about it. > > But if you want, you can do a couple, so I have an idea of how it looks, > and I can write the tests for the rest > > > On Wed, Jul 30, 2014 at 9:28 AM, Stian Thorgersen wrote: > > > It's merged now! > > > > I added some more tests, will add more soon. Also, I renamed the resources > > to remove the Keycloak prefix (so it's now RealmResource instead of > > KeycloakRealm). > > > > Great work, thanks :) > > > > ----- Original Message ----- > > > From: "Stian Thorgersen" > > > To: "Rodrigo Sasaki" > > > Cc: keycloak-user at lists.jboss.org > > > Sent: Tuesday, 29 July, 2014 12:54:00 PM > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > I'll have a look later today or tomorrow morning > > > > > > ----- Original Message ----- > > > > From: "Rodrigo Sasaki" > > > > To: "Bill Burke" > > > > Cc: "Stian Thorgersen" , > > keycloak-user at lists.jboss.org > > > > Sent: Tuesday, 29 July, 2014 12:21:30 PM > > > > Subject: Re: [keycloak-user] Java Keycloak REST API Wrapper > > > > > > > > Hello, > > > > > > > > I was just wondering. What is missing from the admin-client to merge it > > > > with the master branch? > > > > > > > > > > > > On Wed, Jul 23, 2014 at 1:04 PM, Rodrigo Sasaki < > > rodrigopsasaki at gmail.com> > > > > wrote: > > > > > > > > > So far it's good :) But it's not fully in production. > > > > > > > > > > We changed a small portion of the application, that only internal > > > > > administrative employees have access to, and so far it's holding up > > very > > > > > well > > > > > > > > > > But we can't really put it completely in production until we figure > > out > > > > > those login issues from the other thread > > > > > > > > > > > > > > > On Wed, Jul 23, 2014 at 11:09 AM, Bill Burke > > wrote: > > > > > > > > > >> You are using us in production? I don't know if I should be happy > > or > > > > >> scared :) How is it going? Are we holding up? > > > > >> > > > > >> On 7/23/2014 9:50 AM, Rodrigo Sasaki wrote: > > > > >> > > > > >>> The problem was that the version of keycloak we have in production > > is > > > > >>> based on the beta-2, and the UserRepresentation there is different, > > > > >>> sorry about this. > > > > >>> > > > > >>> I submitted a PR with the alterations > > > > >>> > > > > >>> > > > > >>> On Tue, Jul 22, 2014 at 11:06 AM, Rodrigo Sasaki > > > > >>> > > > wrote: > > > > >>> > > > > >>> The thing is that I simply create an instance and assign an > > > > >>> username > > > > >>> > > > > >>> UserRepresentation userRep = new UserRepresentation(); > > > > >>> userRep.setUsername("user1"); > > > > >>> realm.users().create(userRep); > > > > >>> > > > > >>> That create is a proxy of the interface, so I don't really know > > > > >>> where I could interfere here with code. > > > > >>> > > > > >>> > > > > >>> On Tue, Jul 22, 2014 at 10:58 AM, Stian Thorgersen > > > > >>> > > > >>> > wrote: > > > > >>> > > > > >>> Try removing socialLinks instead of setting the value to > > null, > > > > >>> or specifying an empty array. > > > > >>> > > > > >>> ----- Original Message ----- > > > > >>> > From: "Rodrigo Sasaki" > > > >>> > > > > > >>> > To: "Bill Burke" > > > >>> > > > > >>> >> > > > > >>> > Cc: "Stian Thorgersen" > > > >>> >, keycloak-user at lists.jboss.org > > > > >>> > > > > >>> > Sent: Tuesday, 22 July, 2014 2:54:49 PM > > > > >>> > Subject: Re: [keycloak-user] Java Keycloak REST API > > Wrapper > > > > >>> > > > > > >>> > I tried creating a user using the API, and I got a 400 > > > > >>> > status > > > > >>> code, I went > > > > >>> > to check everything, and it seems that I can't send > > > > >>> "socialLinks", > > > > >>> > "realmRoles" and "applicationRoles" as null for some > > reason, > > > > >>> I get this > > > > >>> > exception: > > > > >>> > > > > > >>> > > > org.codehaus.jackson.map.exc.UnrecognizedPropertyException: > > > > >>> Unrecognized > > > > >>> > field "socialLinks" > > > > >>> > (Class > > > > >>> org.keycloak.representations.idm.UserRepresentation), not > > > > >>> marked > > > > >>> > as ignorable > > > > >>> > > > > > >>> > But I know those values aren't mandatory. Is there a > > fix for > > > > >>> this? > > > > >>> > > > > > >>> > > > > > >>> > On Fri, Jul 18, 2014 at 1:37 PM, Bill Burke > > > > >>> > wrote: > > > > >>> > > > > > >>> > > String token = getToken(); > > > > >>> > > final String authHeader = "Bearer " + token; > > > > >>> > > ClientRequestFilter authFilter = new > > ClientRequestFilter() > > > > >>> > > { > > > > >>> > > @Override > > > > >>> > > public void filter(ClientRequestContext > > requestContext) > > > > >>> throws > > > > >>> > > IOException { > > > > >>> > > > > > > >>> > > > > requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, > > > > >>> authHeader); > > > > >>> > > > > > > >>> > > } > > > > >>> > > }; > > > > >>> > > > > > > >>> > > > > > > >>> > > ResteasyWebTarget target = > > > > >>> client.target("http://localhost:8080/auth"); > > > > >>> > > target.register(authFilter); > > > > >>> > > Admin admin = target.proxy(Admin.class); > > > > >>> > > > > > > >>> > > > > > > >>> > > > > > > >>> > > On 7/18/2014 12:26 PM, Rodrigo Sasaki wrote: > > > > >>> > > > > > > >>> > >> Can you help me with any hint or documentation > > regarding > > > > >>> that > > > > >>> > >> BearerTokenFilter implementation? > > > > >>> > >> > > > > >>> > >> I understand that I have to create it myself, but I > > don't > > > > >>> know what I > > > > >>> > >> should create. I tried browsing the web, but with no > > > > >>> success.. Perhaps > > > > >>> > >> I'm missing the right keyword to find what I need > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> On Thu, Jul 17, 2014 at 6:36 PM, Rodrigo Sasaki > > > > >>> > >> > > > >>> > > > > >>> > > > >>> >> wrote: > > > > >>> > >> > > > > >>> > >> That's perfect :) thanks for the help > > > > >>> > >> > > > > >>> > >> I'll get started on it as soon as I can > > > > >>> > >> > > > > >>> > >> On Jul 17, 2014 5:55 PM, "Bill Burke" > > > > >>> > > > > >>> > >> > > > >>> > >> >> > > > > >>> wrote: > > > > >>> > >> > > > > >>> > >> @Path("/admin > > > > >>> > >> public interface Admin { > > > > >>> > >> @Path("realms/{realm}") > > > > >>> > >> Realm realm(@PathParameter("realm") > > > > >>> > >> realmName); > > > > >>> > >> } > > > > >>> > >> > > > > >>> > >> public interface Realm { > > > > >>> > >> @GET > > > > >>> > >> @Produces("application/json") > > > > >>> > >> RealmRepresentation get(); > > > > >>> > >> > > > > >>> > >> @DELETE > > > > >>> > >> void delete(); > > > > >>> > >> > > > > >>> > >> @PUT > > > > >>> > >> @Consumes("application/json") > > > > >>> > >> void update(RealmRepresentation rep); > > > > >>> > >> > > > > >>> > >> @Path("users") > > > > >>> > >> Users users(); > > > > >>> > >> } > > > > >>> > >> > > > > >>> > >> public interface Users { > > > > >>> > >> ... > > > > >>> > >> } > > > > >>> > >> > > > > >>> > >> FOllow me? > > > > >>> > >> > > > > >>> > >> Then its just > > > > >>> > >> > > > > >>> > >> ResteasyClient client = new > > > > >>> ResteasyClientBuilder().build(__); > > > > >>> > >> ResteasyWebTarget target = > > > > >>> > >> client.target("http://__localhost:8080/auth > > > > >>> > >> > > > > >>> > >> "); > > > > >>> > >> > > > > >>> > >> String token = ... get a token ... > > > > >>> > >> > > > > >>> > >> target.register(new > > BearerTokenFilter(token)); // > > > > >>> you'd have to > > > > >>> > >> implement this > > > > >>> > >> > > > > >>> > >> Admin admin = target.proxy(Admin.class); > > > > >>> > >> > > > > >>> > >> admin.realm("master") > > > > >>> > >> > > > > >>> > >> That's about as much help I can give you > > right > > > > >>> > >> now. > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> On 7/17/2014 11:18 AM, Rodrigo Sasaki wrote: > > > > >>> > >> > > > > >>> > >> OK, will do. > > > > >>> > >> > > > > >>> > >> Is there a way for me to do it like it is > > > > >>> there? I'll > > > > >>> > >> explain a little > > > > >>> > >> better > > > > >>> > >> > > > > >>> > >> the class *AdminRoot* has the path set to > > > > >>> "/admin", and it > > > > >>> > >> has a method > > > > >>> > >> getRealmsAdmin, with "realms" on the > > path, > > > > >>> > >> and > > > > >>> on the > > > > >>> > >> *RealmsAdminResource* there's the > > > > >>> getRealmAdmin mapped to > > > > >>> > >> "{realm}", > > > > >>> > >> making the full path for it > > > > >>> "/admin/realms/{realm}", even > > > > >>> > >> though each > > > > >>> > >> one is in a different class. > > > > >>> > >> > > > > >>> > >> Is there a way for me to do it the same > > way, > > > > >>> > >> I > > > > >>> don't know > > > > >>> > >> how the Proxy > > > > >>> > >> framework would understand that, maybe I > > > > >>> > >> would > > > > >>> have to set > > > > >>> > >> the full path > > > > >>> > >> > > > > >>> > >> > > > > >>> > >> On Thu, Jul 17, 2014 at 12:11 PM, Stian > > > > >>> Thorgersen > > > > >>> > >> > stian at redhat.com> > > > > >>> > > > > > >>> > >> > > > >>> > > > >>> >>> wrote: > > > > >>> > >> > > > > >>> > >> Rodrigo: just create your own > > > > >>> > >> interfaces. > > > > >>> If you can > > > > >>> > >> try to keep > > > > >>> > >> them as consistent with jax-rs > > classes > > > > >>> > >> in > > > > >>> services as > > > > >>> > >> you can that > > > > >>> > >> would be great. > > > > >>> > >> > > > > >>> > >> ----- Original Message ----- > > > > >>> > >> > From: "Stian Thorgersen" > > > > >>> > > > > >>> > >> > > > >>> > > > > >>> > > > > >>> > >> > > > >>> >>> > > > > >>> > >> > To: "Rodrigo Sasaki" > > > > >>> > > > > > > >>> > >> > > > >>> > > > > > >>> > >> > > > >>> __com > > > > >>> > >> > > > >>> >>>, "Bill Burke" > > > > >>> > >> > bburke at redhat.com> > > > > >>> > > > > > >>> > >> > > > >>> > > > >>> >>> > > > > >>> > >> > Cc: > > keycloak-user at lists.jboss.org > > > > >>> > > > > >>> > >> > > > >>> > > > > > >>> > >> > > > >>> __jboss.org > > > > > > >>> > >> > > > > >>> > >> > > > >>> >> > > > > >>> > >> > Sent: Wednesday, 16 July, 2014 > > > > >>> > >> > 2:34:44 > > > > >>> PM > > > > >>> > >> > Subject: Re: [keycloak-user] Java > > > > >>> Keycloak REST API > > > > >>> > >> Wrapper > > > > >>> > >> > > > > > >>> > >> > Bill: does it make sense for us > > to > > > > >>> share interfaces > > > > >>> > >> (with jax-rs > > > > >>> > >> annotations) > > > > >>> > >> > for services and admin-client? > > > > >>> > >> > > > > > >>> > >> > ----- Original Message ----- > > > > >>> > >> > > From: "Rodrigo Sasaki" > > > > >>> > > > > > > >>> > >> > > > >>> > > > > > >>> > >> > > > >>> __com > > > > >>> > >> > > > >>> >>> > > > > >>> > >> > > To: "Stian Thorgersen" > > > > >>> > > > > >>> > >> > > > >>> > > > > >>> > > > > >>> > >> > > > >>> >>> > > > > >>> > >> > > Cc: "Juraci Paix?o Kr?hling" > > > > >>> > > > > >>> > >> > > > >>> > > > > > >>> > >> > > > >>> > > > >>> > > > > >>> > >> >>>, > > > > >>> > >> > > keycloak-user at lists.jboss.org > > > > >>> > > > > >>> > >> > > > >>> > > > > > >>> > >> > > > >>> __jboss.org > > > > > > >>> > >> > > > > >>> > >> > > > >>> >> > > > > >>> > >> > > Sent: Wednesday, 16 July, 2014 > > > > >>> 2:31:35 PM > > > > >>> > >> > > Subject: Re: [keycloak-user] > > Java > > > > >>> Keycloak REST > > > > >>> > >> API Wrapper > > > > >>> > >> > > > > > > >>> > >> > > I'll get on it for sure. > > > > >>> > >> > > > > > > >>> > >> > > Just one thing, should I create > > > > >>> myself the > > > > >>> > >> interfaces for the > > > > >>> > >> services? Or > > > > >>> > >> > > is there a more integrated way > > to > > > > >>> > >> > > do > > > > >>> that? > > > > >>> > >> > > > > > > >>> > >> > > > > > > >>> > >> > > On Wed, Jul 16, 2014 at 10:27 > > AM, > > > > >>> Stian Thorgersen > > > > >>> > >> > > > >>> > > > >>> > > > > > >>> > >> > > > >>> > > > >>> >>> > > > > >>> > >> > > > > >>> > >> > > wrote: > > > > >>> > >> > > > > > > >>> > >> > > > Great work with the > > admin-client. > > > > >>> As I commented > > > > >>> > >> on GitHub I > > > > >>> > >> added it to > > > > >>> > >> > > > 'admin-client' branch, and > > would > > > > >>> like a few > > > > >>> > >> changes before > > > > >>> > >> merging to > > > > >>> > >> > > > master: > > > > >>> > >> > > > > > > > >>> > >> > > > * Make it use RestEasy client > > > > >>> framwork > > > > >>> > >> > > > * Tests - I've added a > > starting > > > > >>> point to > > > > >>> > >> > > > > > > > >>> > >> https://github.com/keycloak/__ > > > > >>> keycloak/blob/admin-client/__ > > > > >>> > >> > > > > >>> testsuite/integration/src/__test/java/org/keycloak/__ > > > > >>> testsuite/admin/__ > > > > >>> > >> AdminClientTest.java > > > > >>> > >> > > > > >>> > >> > > > > >>> > > > >>> > >> > > > > >>> testsuite/integration/src/test/java/org/keycloak/ > > > > >>> testsuite/admin/ > > > > >>> > >> AdminClientTest.java> > > > > >>> > >> > > > * Better error handling - > > instead > > > > >>> of swallowing > > > > >>> > >> exceptions it > > > > >>> > >> now throws > > > > >>> > >> > > > KeycloakException > > > > >>> (RuntimeException), but > > > > >>> > >> there's HTTP > > > > >>> > >> response codes are > > > > >>> > >> > > > not checked (see above test > > that > > > > >>> tries to create > > > > >>> > >> two users > > > > >>> > >> with the same > > > > >>> > >> > > > username) > > > > >>> > >> > > > > > > > >>> > >> > > > If you're happy to do this > > work > > > > >>> that would be > > > > >>> > >> awesome! > > > > >>> > >> > > > > > > > >>> > >> > > > ----- Original Message ----- > > > > >>> > >> > > > > From: "Rodrigo Sasaki" > > > > >>> > >> > > > >>> > > > > >>> > rodrigopsasaki at gmail. > > > > >>> com>> > > > > >>> > >> > > > >>> __com > > > > >>> > >> > > > >>> >>> > > > > >>> > >> > > > > To: "Stian Thorgersen" > > > > >>> > > > > >>> > >> > > > >>> > > > > > >>> > >> > > > >>> > > > >>> >>> > > > > >>> > >> > > > > Cc: "Juraci Paix?o > > Kr?hling" > > > > >>> > >> > > > >>> > > > >>> > > > > > >>> > >> > > > >>> > > > >>> > > > > >>> > >> >>>, > > > > >>> > >> > > > > > keycloak-user at lists.jboss.org > > > > >>> > > > > >>> > >> > > > >>> > > > > > >>> > >> > > > >>> __jboss.org > > > > > > >>> > >> > > > > >>> > >> > > > >>> >> > > > > >>> > >> > > > > Sent: Monday, 14 July, 2014 > > > > >>> 2:44:48 PM > > > > >>> > >> > > > > Subject: Re: > > [keycloak-user] > > > > >>> Java Keycloak > > > > >>> > >> REST API Wrapper > > > > >>> > >> > > > > > > > > >>> > >> > > > > Glad to hear it :) > > > > >>> > >> > > > > > > > > >>> > >> > > > > I'll be waiting on more > > replies > > > > >>> and ideas to > > > > >>> > >> perhaps make > > > > >>> > >> it better. > > > > >>> > >> > > > > Thanks! :) > > > > >>> > >> > > > > > > > > >>> > >> > > > > > > > > >>> > >> > > > > On Mon, Jul 14, 2014 at > > 10:43 > > > > >>> AM, Stian > > > > >>> > >> Thorgersen > > > > >>> > >> > > > >>> > > > >>> > > > > > >>> > >> > > > >>> > > > >>> >>> > > > > >>> > >> > > > > >>> > >> > > > wrote: > > > > >>> > >> > > > > > > > > >>> > >> > > > > > Great stuff, I'll have a > > look > > > > >>> at it soon. At > > > > >>> > >> first glance > > > > >>> > >> it looks > > > > >>> > >> > > > really > > > > >>> > >> > > > > > good! > > > > >>> > >> > > > > > > > > > >>> > >> > > > > > Thanks :) > > > > >>> > >> > > > > > > > > > >>> > >> > > > > > ----- Original Message > > ----- > > > > >>> > >> > > > > > > From: "Rodrigo Sasaki" > > > > >>> > >> > > > >>> > > > > >>> > rodrigopsasaki at gmail. > > > > >>> com>> > > > > >>> > >> > > > >>> __com > > > > >>> > >> > > > >>> >>> > > > > >>> > >> > > > > > > To: "Stian Thorgersen" > > > > >>> > > > > >>> > >> > > > >>> > > > > > >>> > >> > > > >>> > > > >>> >>> > > > > >>> > >> > > > > > > Cc: "Juraci Paix?o > > > > >>> > >> > > > > > > Kr?hling" > > > > >>> > >> > > > >>> > > > >>> > > > > > >>> > >> > > > >>> > > > >>> > > > > >>> > >> >>>, > > > > >>> > >> > > > > > > > keycloak-user at lists.jboss.org > > > > >>> > > > > >>> > >> > > > >>> > > > > > >>> > >> > > > >>> __jboss.org > > > > > > >>> > >> > > > > >>> > >> > > > >>> >> > > > > >>> > >> > > > > > > Sent: Monday, 14 July, > > 2014 > > > > >>> 2:40:17 PM > > > > >>> > >> > > > > > > Subject: Re: > > > > >>> > >> > > > > > > [keycloak-user] > > > > >>> Java Keycloak > > > > >>> > >> REST API Wrapper > > > > >>> > >> > > > > > > > > > > >>> > >> > > > > > > PR submitted :) > > > > >>> > >> > > > > > > > > > > >>> > >> > > > > > > > > > > >>> > >> > > > > > > On Fri, Jul 11, 2014 at > > > > >>> > >> > > > > > > 9:56 > > > > >>> AM, Stian > > > > >>> > >> Thorgersen > > > > >>> > >> > > > > > > > > > >>> > > > > >>> > >> > > > >>> > > > > >>> > > > > >>> > >> > > > > >>> > >> > > > >>> >>> > > > > >>> > >> > > > > > wrote: > > > > >>> > >> > > > > > > > > > > >>> > >> > > > > > > > Please change package > > > > >>> names to > > > > >>> > >> 'org.keycloak.admin.client' > > > > >>> > >> > > > > > > > > > > > >>> > >> > > > > > > > ----- Original > > Message > > > > >>> ----- > > > > >>> > >> > > > > > > > > From: "Rodrigo > > Sasaki" > > > > >>> > >> > > > >>> > > > > >>> > rodrigopsasaki at gmail. > > > > >>> com>> > > > > >>> > >> > > > >>> __com > > > > >>> > >> > > > >>> >>> > > > > >>> > >> > > > > > > > > To: "Stian > > Thorgersen" > > > > >>> > >> > stian at redhat.com> > > > > >>> > > > > > >>> > >> > > > >>> > > > >>> >>> > > > > >>> > >> > > > > > > > > Cc: "Juraci Paix?o > > > > >>> Kr?hling" > > > > >>> > >> > > > >>> > > > >>> > > > > > >>> > >> > > > >>> > > > >>> > > > > >>> > >> >>>, > > > > >>> > >> > > > > > > > > > > > >>> keycloak-user at lists.jboss.org > > > >>> jboss.org> > > > > >>> > >> > > > >>> > > > > > >>> > >> > > > >>> __jboss.org > > > > > > >>> > >> > > > > >>> > >> > > > >>> >> > > > > >>> > >> > > > > > > > > Sent: Friday, 11 > > July, > > > > >>> 2014 1:51:41 PM > > > > >>> > >> > > > > > > > > Subject: Re: > > > > >>> [keycloak-user] Java > > > > >>> > >> Keycloak REST API > > > > >>> > >> Wrapper > > > > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > Just one more > > question, > > > > >>> I created it > > > > >>> > >> with my > > > > >>> > >> companies' name in > > > > >>> > >> > > > the > > > > >>> > >> > > > > > > > > package, should I > > > > >>> replace it? Or just > > > > >>> > >> upload it as is? > > > > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > It's > > > > >>> br.com.icarros.keycloak.api > > > > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > On Fri, Jul 11, > > 2014 at > > > > >>> 4:13 AM, Stian > > > > >>> > >> Thorgersen < > > > > >>> > >> > > > stian at redhat.com > > > > >>> > > > >>> > > > > > >>> > >> > > > >>> > > > >>> >>> > > > > >>> > >> > > > > >>> > >> > > > > > > > wrote: > > > > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > > You can create a > > new > > > > >>> module for it in: > > > > >>> > >> > > > > > > > > > > > > > >>> > >> > > > > > > > > > > > > > >>> integration/admin-client > > > > >>> > >> > > > > > > > > > > > > > >>> > >> > > > > > > > > > ----- Original > > > > >>> > >> > > > > > > > > > Message > > > > >>> ----- > > > > >>> > >> > > > > > > > > > > From: "Rodrigo > > > > >>> Sasaki" > > > > >>> > >> > > > >>> > > > > >>> > >> > > > >>> > > > > > >>> > >> > > > >>> __com > > > > >>> > >> > > > >>> >>> > > > > >>> > >> > > > > > > > > > > To: "Stian > > > > >>> Thorgersen" > > > > >>> > >> > stian at redhat.com> > > > > >>> > > > > > >>> > >> > > > >>> > > > >>> >>> > > > > >>> > >> > > > > > > > > > > Cc: "Juraci > > Paix?o > > > > >>> Kr?hling" > > > > >>> > >> > > > >>> > > > >>> > > > > > >>> > >> > > > >>> > > > >>> >>>, > > > > >>> > >> > > > > > > > > > > > > > >>> keycloak-user at lists.jboss.org > > > >>> jboss.org> > > > > >>> > >> > > > >>> > > > > > >>> > >> > > > >>> __jboss.org > > > > > > >>> > >> > > > > >>> > >> > > > >>> >> > > > > >>> > >> > > > > > > > > > > Sent: > > Thursday, 10 > > > > >>> July, 2014 > > > > >>> > >> 8:50:00 PM > > > > >>> > >> > > > > > > > > > > Subject: Re: > > > > >>> [keycloak-user] Java > > > > >>> > >> Keycloak REST > > > > >>> > >> API Wrapper > > > > >>> > >> > > > > > > > > > > > > > > >>> > >> > > > > > > > > > > Stian, how > > should I > > > > >>> send the code > > > > >>> > >> that I made > > > > >>> > >> to the > > > > >>> > >> > > > > > > > > > > Keycloak > > > > >>> > >> > > > > > repo? > > > > >>> > >> > > > > > > > > > > > > > > >>> > >> > > > > > > > > > > Can you tell me > > > > >>> > >> > > > > > > > > > > what > > > > >>> module name > > > > >>> > >> to use, and > > > > >>> > >> where to > > > > >>> > >> > > > > > > > > > > create > > > > >>> > >> > > > it? > > > > >>> > >> > > > > > > > > > > > > > > >>> > >> > > > > > > > > > > > > > > >>> > >> > > > > > > > > > > On Tue, Jul 8, > > 2014 > > > > >>> at 10:00 AM, > > > > >>> > >> Rodrigo Sasaki < > > > > >>> > >> > > > > > > > > > > > > > >>> rodrigopsasaki at gmail.com > > > > >>> > >> > > > >>> > > > > > >>> > >> > > > >>> __com > > > > >>> > >> > > > > >>> > >> > > > >>> >>> > > > > >>> > >> > > > > > > > > > > wrote: > > > > >>> > >> > > > > > > > > > > > > > > >>> > >> > > > > > > > > > > > I would > > really > > > > >>> like to do that > > > > >>> > >> :) All I'm > > > > >>> > >> waiting for is > > > > >>> > >> > > > an OK > > > > >>> > >> > > > > > to > > > > >>> > >> > > > > > > > do > > > > >>> > >> > > > > > > > > > it, > > > > >>> > >> > > > > > > > > > > > because it > > was > > > > >>> built inside the > > > > >>> > >> company, so I > > > > >>> > >> need > > > > >>> > >> > > > approval. > > > > >>> > >> > > > > > > > > > > > > > > > >>> > >> > > > > > > > > > > > But I really > > > > >>> believe it'll get a > > > > >>> > >> lot better > > > > >>> > >> when it's out > > > > >>> > >> > > > > > there, > > > > >>> > >> > > > > > > > and > > > > >>> > >> > > > > > > > > > you > > > > >>> > >> > > > > > > > > > > > can all > > pitch in > > > > >>> > >> > > > > > > > > > > > > > > > >>> > >> > > > > > > > > > > > > > > > >>> > >> > > > > > > > > > > > On Tue, Jul > > 8, > > > > >>> 2014 at 9:55 AM, > > > > >>> > >> Stian > > > > >>> > >> Thorgersen < > > > > >>> > >> > > > > > stian at redhat.com > > > > >>> > > > >>> > > > > > >>> > >> > > > >>> > > > >>> >> > > > > >>> > >> > > > > >>> > >> > > > > > > > > > > > > >>> > >> > > > > > > > > > wrote: > > > > >>> > >> > > > > > > > > > > > > > > > >>> > >> > > > > > > > > > > >> Ideal way to > > > > >>> contribute it to > > > > >>> > >> Keycloak would > > > > >>> > >> be if you > > > > >>> > >> > > > fork > > > > >>> > >> > > > > > the > > > > >>> > >> > > > > > > > > > Keycloak > > > > >>> > >> > > > > > > > > > > >> repo, add a > > > > >>> module and do a PR ;) > > > > >>> > >> > > > > > > > > > > >> > > > > >>> > >> > > > > > > > > > > >> ----- > > Original > > > > >>> Message ----- > > > > >>> > >> > > > > > > > > > > >> > From: > > "Rodrigo > > > > >>> Sasaki" > > > > >>> > >> > > > >>> > > > > >>> > >> > > > >>> > > > > > >>> > >> > > > >>> __com > > > > >>> > >> > > > >>> >>> > > > > >>> > >> > > > > > > > > > > >> > To: > > "Juraci > > > > >>> Paix?o Kr?hling" > > > > >>> > >> > > > >>> > > > >>> > > > > > >>> > >> > > > >>> > > > >>> >>> > > > > >>> > >> > > > > > > > > > > >> > Cc: > > > > >>> > >> keycloak-user at lists.jboss.org > > > > >>> > > > > >>> > >> > > > >>> > > > > > >>> > >> > > > >>> __jboss.org > > > > > > >>> > >> > > > > >>> > >> > > > >>> >> > > > > >>> > >> > > > > > > > > > > >> > Sent: > > Tuesday, > > > > >>> 8 July, 2014 > > > > >>> > >> 1:50:14 PM > > > > >>> > >> > > > > > > > > > > >> > Subject: > > Re: > > > > >>> [keycloak-user] > > > > >>> > >> Java Keycloak > > > > >>> > >> REST API > > > > >>> > >> > > > Wrapper > > > > >>> > >> > > > > > > > > > > >> > > > > > >>> > >> > > > > > > > > > > >> > Oh yes, I > > > > >>> believe it is > > > > >>> > >> already very usable. > > > > >>> > >> > > > > > > > > > > >> > > > > > >>> > >> > > > > > > > > > > >> > All I > > need now > > > > >>> is to get my > > > > >>> > >> manager to > > > > >>> > >> agree to make > > > > >>> > >> > > > this > > > > >>> > >> > > > > > repo > > > > >>> > >> > > > > > > > > > public, > > > > >>> > >> > > > > > > > > > > >> > because > > there > > > > >>> is a policy > > > > >>> > >> that all repos > > > > >>> > >> are private > > > > >>> > >> > > > > > > > > > > >> > in > > > > >>> > >> > > > this > > > > >>> > >> > > > > > > > project > > > > >>> > >> > > > > > > > > > > >> we're > > > > >>> > >> > > > > > > > > > > >> > working > > in, > > > > >>> > >> > > > > > > > > > > >> > but > > > > >>> I don't think > > > > >>> > >> we'll have > > > > >>> > >> problems with > > > > >>> > >> > > > > > this. I > > > > >>> > >> > > > > > > > > > pitched > > > > >>> > >> > > > > > > > > > > >> him > > > > >>> > >> > > > > > > > > > > >> > the idea > > of > > > > >>> contributing to > > > > >>> > >> Keycloak and > > > > >>> > >> he seemed to > > > > >>> > >> > > > like > > > > >>> > >> > > > > > it > > > > >>> > >> > > > > > > > > > > >> > > > > > >>> > >> > > > > > > > > > > >> > > > > > >>> > >> > > > > > > > > > > >> > On Tue, > > Jul 8, > > > > >>> 2014 at 9:32 > > > > >>> > >> AM, Juraci > > > > >>> > >> Paix?o Kr?hling > > > > >>> > >> > > > > > > > > > > >> > < > > > > >>> > >> > > > > > > > > > > >> > > > > >>> juraci at kroehling.de > > > > >>> > >> > > > >>> > > > > >>> > > > > >>> > >> > > > > >>> > >> > > > >>> >> > > > > >>> > >> > > > > > > > > > > >> > > wrote: > > > > >>> > >> > > > > > > > > > > >> > > > > > >>> > >> > > > > > > > > > > >> > > > > > >>> > >> > > > > > > > > > > >> > > > -----BEGIN PGP > > > > >>> SIGNED > > > > >>> > >> MESSAGE----- > > > > >>> > >> > > > > > > > > > > >> > Hash: > > SHA512 > > > > >>> > >> > > > > > > > > > > >> > > > > > >>> > >> > > > > > > > > > > >> > Hello > > Rodrigo, > > > > >>> > >> > > > > > > > > > > >> > > > > > >>> > >> > > > > > > > > > > >> > Do you > > have > > > > >>> news about this? > > > > >>> > >> I'm working > > > > >>> > >> on a task > > > > >>> > >> > > > > > > > > > > >> > that > > > > >>> > >> > > > > > would > > > > >>> > >> > > > > > > > > > require > > > > >>> > >> > > > > > > > > > > >> > me to do > > > > >>> something similar, > > > > >>> > >> so, I think it > > > > >>> > >> would best > > > > >>> > >> > > > if we > > > > >>> > >> > > > > > can > > > > >>> > >> > > > > > > > > > > >> > > > collaborate on > > > > >>> this API :-) > > > > >>> > >> > > > > > > > > > > >> > > > > > >>> > >> > > > > > > > > > > >> > If/when > > you > > > > >>> have some time, > > > > >>> > >> we could have > > > > >>> > >> a chat via > > > > >>> > >> > > > > > > > > > > >> > IRC > > > > >>> > >> > > > > > > > > > (jpkroehling > > > > >>> > >> > > > > > > > > > > >> > at > > #keycloak > > > > >>> > >> > > > > > > > > > > >> > on > > > > >>> freenode). > > > > >>> > >> > > > > > > > > > > >> > > > > > >>> > >> > > > > > > > > > > >> > - - Juca. > > > > >>> > >> > > > > > > > > > > >> > > > > > >>> > >> > > > > > > > > > > >> > On > > 06/20/2014 > > > > >>> 10:00 PM, > > > > >>> > >> Rodrigo Sasaki wrote: > > > > >>> > >> > > > > > > > > > > >> > > I'm > > working > > > > >>> on a Java-based > > > > >>> > >> wrapper for > > > > >>> > >> the REST > > > > >>> > >> > > > > > > > > > > >> > > API, > > > > >>> > >> > > > to > > > > >>> > >> > > > > > make > > > > >>> > >> > > > > > > > it > > > > >>> > >> > > > > > > > > > > >> > > look > > more > > > > >>> > >> > > > > > > > > > > >> > > OO, > > > > >>> abstracting > > > > >>> > >> the access to > > > > >>> > >> servers. > > > > >>> > >> > > > > > > > > > > >> > > > > > > >>> > >> > > > > > > > > > > >> > > It uses > > > > >>> methods such as > > > > >>> > >> > > > > > > > > > > >> > > > > > > >>> > >> > > > > > > > > > > >> > > User > > bill = > > > > >>> > > > > >> > > > > > > > > > > > > > > > -- > > > > > Rodrigo Sasaki > > > > > > > > > > > > > > > > > > > > > -- > > > > Rodrigo Sasaki > > > > > > > > > > _______________________________________________ > > > keycloak-user mailing list > > > keycloak-user at lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > > -- > Rodrigo Sasaki > From stian at redhat.com Wed Jul 30 09:29:10 2014 From: stian at redhat.com (Stian Thorgersen) Date: Wed, 30 Jul 2014 09:29:10 -0400 (EDT) Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: References: <1238071501.18052800.1406294468909.JavaMail.zimbra@redhat.com> <53D25A42.9010604@redhat.com> <455123582.18060022.1406295044131.JavaMail.zimbra@redhat.com> <456387541.18067244.1406295524609.JavaMail.zimbra@redhat.com> Message-ID: <185873083.20441868.1406726950922.JavaMail.zimbra@redhat.com> Added login_hint query param. It can be used with keycloak.js with either: keycloak.login({ loginHint: 'username' }) or keycloak.createLoginUrl({ loginHint: 'username' }) ----- Original Message ----- > From: "Rodrigo Sasaki" > To: "Stian Thorgersen" > Cc: "Bill Burke" , keycloak-user at lists.jboss.org > Sent: Friday, 25 July, 2014 6:11:47 PM > Subject: Re: [keycloak-user] Authenticate user without using login page > > It all worked great with the iframe, if I style it properly and use that > login_hint it should be perfect. > > Now how should I go about developing/using this login_hint? Are there any > tips on this, or is it something that you plan on including yourselves? > > > On Fri, Jul 25, 2014 at 1:21 PM, Rodrigo Sasaki > wrote: > > > Just one more thing that wasn't completely clear to me. > > > > if I add a login page on an iframe, the user will be logged normally? Or > > would I have to get a token and keep managing it? > > > > > > On Fri, Jul 25, 2014 at 10:42 AM, Rodrigo Sasaki > > wrote: > > > >> That idea actually sounds amazing, I didn't look into keycloak.js yet, > >> but I'll see if I can get it working before I think about styling. > >> > >> Thank you very much! > >> > >> > >> On Fri, Jul 25, 2014 at 10:38 AM, Stian Thorgersen > >> wrote: > >> > >>> I think we could quite easily add support for embedding the login page > >>> to keycloak.js. Rough idea: > >>> > >>> 1. Set an option on keycloak.js to use embedded login form. Would also > >>> require setting an id for a div where the form should be embedded. > >>> 2. When clicking on login instead of redirecting it would render an > >>> iframe element inside the configured div with the src of the iframe being > >>> the login page on Keycloak > >>> 3. The redirect-uri would be a special url on Keycloak that renders a > >>> similar page to the iframe session page that allows posting a message > >>> back > >>> to keycloak.js containing the code > >>> 4. Now keycloak.js can swap the code as usual > >>> > >>> One thing is that we'd probably need an additional styling of the login > >>> form, as you would want the login page to display differently when > >>> embedded > >>> compared to when you redirect to it. > >>> > >>> ----- Original Message ----- > >>> > From: "Stian Thorgersen" > >>> > To: "Bill Burke" > >>> > Cc: keycloak-user at lists.jboss.org > >>> > Sent: Friday, 25 July, 2014 2:30:44 PM > >>> > Subject: Re: [keycloak-user] Authenticate user without using login page > >>> > > >>> > The cookies should be set fine, as the iframe would contain the login > >>> page > >>> > directly from Keycloak. > >>> > > >>> > It would redirect to a special page on the app that after extracting > >>> the code > >>> > would close the popup. > >>> > > >>> > ----- Original Message ----- > >>> > > From: "Bill Burke" > >>> > > To: "Stian Thorgersen" , "Rodrigo Sasaki" > >>> > > > >>> > > Cc: keycloak-user at lists.jboss.org > >>> > > Sent: Friday, 25 July, 2014 2:23:14 PM > >>> > > Subject: Re: [keycloak-user] Authenticate user without using login > >>> page > >>> > > > >>> > > not sure this will work with SSO. I'm not sure CORS requests can > >>> deal > >>> > > with cookies. > >>> > > > >>> > > On 7/25/2014 9:21 AM, Stian Thorgersen wrote: > >>> > > > What about using an iframe in the popup to include the login form > >>> from > >>> > > > Keycloak? > >>> > > > > >>> > > > You can send a HTTP POST to > >>> /auth-server//tokens/grants/access > >>> > > > with > >>> > > > client id/secret and username/password and get a token back. With > >>> > > > keycloak.js you can give it this token, not sure how/if this flow > >>> works > >>> > > > with the server-side (Undertow) adapter. > >>> > > > > >>> > > > ----- Original Message ----- > >>> > > >> From: "Rodrigo Sasaki" > >>> > > >> To: "Stian Thorgersen" > >>> > > >> Cc: "Bill Burke" , > >>> keycloak-user at lists.jboss.org > >>> > > >> Sent: Friday, 25 July, 2014 2:08:43 PM > >>> > > >> Subject: Re: [keycloak-user] Authenticate user without using > >>> login page > >>> > > >> > >>> > > >> Actually, the main problem is one of the flows where the password > >>> > > >> request > >>> > > >> appears in a popup, there's no redirect at all, and one of the > >>> things > >>> > > >> that > >>> > > >> were agreed upon when decided to change the authentication > >>> provider, was > >>> > > >> that nothing would be altered in the user experience. > >>> > > >> > >>> > > >> So I really have to try and make keycloak "fit in" in these > >>> particular > >>> > > >> scenarios, they are not used as much as the ones where we'll use > >>> the > >>> > > >> keycloak login page with our own style, but I do have to make > >>> them work. > >>> > > >> > >>> > > >> When you say I could use direct grant to get a token, would that > >>> count > >>> > > >> as > >>> > > >> the same as an user logging in? It's not really clear to me right > >>> now > >>> > > >> > >>> > > >> > >>> > > >> On Fri, Jul 25, 2014 at 9:56 AM, Stian Thorgersen < > >>> stian at redhat.com> > >>> > > >> wrote: > >>> > > >> > >>> > > >>> Yes, but I'm wondering why the following won't work: > >>> > > >>> > >>> > > >>> 1. Ask for users email (in your app, not KC) > >>> > > >>> 2. Once you get to the flow where a user has to login: > >>> > > >>> a) If user doesn't exist in KC (you can use admin endpoints > >>> to > >>> > > >>> check > >>> > > >>> this) redirect to registration page on KC with email already > >>> entered > >>> > > >>> b) If user does exist in KC redirect to login page again > >>> with email > >>> > > >>> already entered > >>> > > >>> 3. Redirect back to app > >>> > > >>> > >>> > > >>> ----- Original Message ----- > >>> > > >>>> From: "Bill Burke" > >>> > > >>>> To: "Stian Thorgersen" , "Rodrigo Sasaki" < > >>> > > >>> rodrigopsasaki at gmail.com> > >>> > > >>>> Cc: keycloak-user at lists.jboss.org > >>> > > >>>> Sent: Friday, 25 July, 2014 1:48:45 PM > >>> > > >>>> Subject: Re: [keycloak-user] Authenticate user without using > >>> login > >>> > > >>>> page > >>> > > >>>> > >>> > > >>>> It is because their first login screen is just something asking > >>> for an > >>> > > >>>> email. If the email doesn't exist as a user, they want a > >>> redirect to > >>> > > >>>> the register page. > >>> > > >>>> > >>> > > >>>> On 7/25/2014 5:08 AM, Stian Thorgersen wrote: > >>> > > >>>>> Yes, you can use the direct grant to retrieve a token. > >>> > > >>>>> > >>> > > >>>>> I'd like to know why redirecting to the login form, when > >>> styled to > >>> > > >>> match > >>> > > >>>>> your website, and using login_hint to pre-fill username/email > >>> doesn't > >>> > > >>>>> work. Maybe there's something we can do so that you can still > >>> use the > >>> > > >>>>> "proper" flow? > >>> > > >>>>> > >>> > > >>>>> ----- Original Message ----- > >>> > > >>>>>> From: "Rodrigo Sasaki" > >>> > > >>>>>> To: "Stian Thorgersen" > >>> > > >>>>>> Cc: "Bill Burke" , > >>> keycloak-user at lists.jboss.org > >>> > > >>>>>> Sent: Thursday, 24 July, 2014 6:13:17 PM > >>> > > >>>>>> Subject: Re: [keycloak-user] Authenticate user without using > >>> login > >>> > > >>> page > >>> > > >>>>>> > >>> > > >>>>>> Sorry to keep insisting on this, but since it's being a huge > >>> > > >>> showstopper > >>> > > >>>>>> so > >>> > > >>>>>> far, I just have to ask. > >>> > > >>>>>> > >>> > > >>>>>> If I don't mind trading off SSO and all the other benefits > >>> that the > >>> > > >>>>>> Keycloak login page provides me, would there be a way for me > >>> to do > >>> > > >>> what I > >>> > > >>>>>> want? > >>> > > >>>>>> > >>> > > >>>>>> > >>> > > >>>>>> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen < > >>> stian at redhat.com> > >>> > > >>>>>> wrote: > >>> > > >>>>>> > >>> > > >>>>>>> We could add support for login_hint query param so you can > >>> have the > >>> > > >>>>>>> username/email field on the login form pre-filled for the > >>> user, so > >>> > > >>> once a > >>> > > >>>>>>> user has to authenticate you redirect to login on KC and all > >>> they > >>> > > >>> would > >>> > > >>>>>>> have to do is enter their password. > >>> > > >>>>>>> > >>> > > >>>>>>> If you bypass the login forms you'd loose SSO, multi-factor > >>> > > >>>>>>> support, > >>> > > >>>>>>> required actions, recover password, etc, etc, etc.. > >>> > > >>>>>>> > >>> > > >>>>>>> As Bill mentioned we provide very flexible login forms that > >>> can be > >>> > > >>>>>>> templated using either just css or even FreeMarker templates > >>> if you > >>> > > >>> need > >>> > > >>>>>>> a > >>> > > >>>>>>> lot of customization, so you should be able to make the > >>> login form > >>> > > >>>>>>> integrate well with your website. > >>> > > >>>>>>> > >>> > > >>>>>>> ----- Original Message ----- > >>> > > >>>>>>>> From: "Rodrigo Sasaki" > >>> > > >>>>>>>> To: "Bill Burke" > >>> > > >>>>>>>> Cc: keycloak-user at lists.jboss.org > >>> > > >>>>>>>> Sent: Thursday, 17 July, 2014 6:52:08 PM > >>> > > >>>>>>>> Subject: Re: [keycloak-user] Authenticate user without > >>> using login > >>> > > >>> page > >>> > > >>>>>>>> > >>> > > >>>>>>>> You think there could be a way to do this within keycloak > >>> itself? > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < > >>> > > >>>>>>> rodrigopsasaki at gmail.com > > >>> > > >>>>>>>> wrote: > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> I'll give you an example: > >>> > > >>>>>>>> > >>> > > >>>>>>>> We have a situation in our website where we only ask for the > >>> > > >>>>>>>> user's > >>> > > >>>>>>> e-mail, > >>> > > >>>>>>>> and he can go on with the flow. > >>> > > >>>>>>>> > >>> > > >>>>>>>> On a determined step of the flow, if we identify that this > >>> is an > >>> > > >>> e-mail > >>> > > >>>>>>> that > >>> > > >>>>>>>> we already have in our user database, we ask him for his > >>> password, > >>> > > >>>>>>>> authenticate him, and let him go on, if this e-mail is new, > >>> we > >>> > > >>> redirect > >>> > > >>>>>>> him > >>> > > >>>>>>>> to a page where he can register himself, and after that > >>> continue > >>> > > >>>>>>>> on. > >>> > > >>>>>>>> > >>> > > >>>>>>>> On this specific case and others, we wouldn't like to have > >>> to > >>> > > >>> redirect > >>> > > >>>>>>> him to > >>> > > >>>>>>>> keycloak, because that would interrupt the flow that we > >>> designed. > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < > >>> bburke at redhat.com > > >>> > > >>> wrote: > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ > >>> > > >>>>>>>> userguide/html/direct-access- grants.html > >>> > > >>>>>>>> > >>> > > >>>>>>>> If you have to do it this way, please let us know why. > >>> Maybe we > >>> > > >>>>>>>> can > >>> > > >>>>>>> solve the > >>> > > >>>>>>>> issue within keycloak itself. > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> Just for the sake of conversation, if I did want to handle > >>> my own > >>> > > >>> login > >>> > > >>>>>>>> page, would there be a way for me to do it? > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki > >>> > > >>>>>>>> < rodrigopsasaki at gmail.com >>> com >> > >>> > > >>> wrote: > >>> > > >>>>>>>> > >>> > > >>>>>>>> I don't want to miss out on all of that, which is why we're > >>> mostly > >>> > > >>>>>>>> migrating everything to use keycloak that way. > >>> > > >>>>>>>> > >>> > > >>>>>>>> It's just that we have cases that are so specific, that it > >>> would > >>> > > >>>>>>>> be > >>> > > >>>>>>>> better to authenticate the user in a different manner, > >>> create the > >>> > > >>>>>>>> user session and everything, without redirecting. > >>> > > >>>>>>>> > >>> > > >>>>>>>> I'll have a look at that code. Thanks! > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < > >>> bburke at redhat.com > >>> > > >>>>>>>> > wrote: > >>> > > >>>>>>>> > >>> > > >>>>>>>> If you want to handle your own login pages, IMO, you are > >>> missing > >>> > > >>>>>>>> out on > >>> > > >>>>>>>> a lot of Keycloak features. Specifically: > >>> > > >>>>>>>> > >>> > > >>>>>>>> * SSO > >>> > > >>>>>>>> * forgot password > >>> > > >>>>>>>> * admin forced credential reset/setup > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> Login pages can be styled however you like to look like your > >>> > > >>>>>>>> application. > >>> > > >>>>>>>> > >>> > > >>>>>>>> There is a REST api for obtaining an access token. Here is > >>> an > >>> > > >>>>>>>> example: > >>> > > >>>>>>>> > >>> > > >>>>>>>> https://github.com/keycloak/ keycloak/blob/master/examples/ > >>> > > >>>>>>>> demo-template/admin-access- app/src/main/java/org/ > >>> > > >>>>>>>> keycloak/example/AdminClient. java > >>> > > >>>>>>>> > >>> > > >>>>>>>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: > >>> > > >>>>>>>>> Is there a way to authenticate the user without having to > >>> > > >>>>>>>> input username > >>> > > >>>>>>>>> and password on the login page? > >>> > > >>>>>>>>> > >>> > > >>>>>>>>> For example: > >>> > > >>>>>>>>> > >>> > > >>>>>>>>> Say there's a situation in my application where I request > >>> the > >>> > > >>>>>>>> user for > >>> > > >>>>>>>>> his username and password, and I wouldn't like to redirect > >>> > > >>>>>>>> that to the > >>> > > >>>>>>>>> keycloak login page to authenticate him, would there be a > >>> way > >>> > > >>>>>>>> for me to > >>> > > >>>>>>>>> do that? > >>> > > >>>>>>>>> > >>> > > >>>>>>>>> -- > >>> > > >>>>>>>>> Rodrigo Sasaki > >>> > > >>>>>>>>> > >>> > > >>>>>>>>> > >>> > > >>>>>>>>> ______________________________ _________________ > >>> > > >>>>>>>>> keycloak-user mailing list > >>> > > >>>>>>>>> keycloak-user at lists.jboss.org > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > >>> > > >>>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> -- > >>> > > >>>>>>>> Bill Burke > >>> > > >>>>>>>> JBoss, a division of Red Hat > >>> > > >>>>>>>> http://bill.burkecentral.com > >>> > > >>>>>>>> ______________________________ _________________ > >>> > > >>>>>>>> keycloak-user mailing list > >>> > > >>>>>>>> keycloak-user at lists.jboss.org >>> > > >>> jboss.org > > >>> > > >>>>>>>> > >>> > > >>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> -- > >>> > > >>>>>>>> Rodrigo Sasaki > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> -- > >>> > > >>>>>>>> Rodrigo Sasaki > >>> > > >>>>>>>> > >>> > > >>>>>>>> -- > >>> > > >>>>>>>> Bill Burke > >>> > > >>>>>>>> JBoss, a division of Red Hat > >>> > > >>>>>>>> http://bill.burkecentral.com > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> -- > >>> > > >>>>>>>> Rodrigo Sasaki > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> > >>> > > >>>>>>>> -- > >>> > > >>>>>>>> Rodrigo Sasaki > >>> > > >>>>>>>> > >>> > > >>>>>>>> _______________________________________________ > >>> > > >>>>>>>> keycloak-user mailing list > >>> > > >>>>>>>> keycloak-user at lists.jboss.org > >>> > > >>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user > >>> > > >>>>>>> > >>> > > >>>>>> > >>> > > >>>>>> > >>> > > >>>>>> > >>> > > >>>>>> -- > >>> > > >>>>>> Rodrigo Sasaki > >>> > > >>>>>> > >>> > > >>>> > >>> > > >>>> -- > >>> > > >>>> Bill Burke > >>> > > >>>> JBoss, a division of Red Hat > >>> > > >>>> http://bill.burkecentral.com > >>> > > >>>> > >>> > > >>> > >>> > > >> > >>> > > >> > >>> > > >> > >>> > > >> -- > >>> > > >> Rodrigo Sasaki > >>> > > >> > >>> > > > >>> > > -- > >>> > > Bill Burke > >>> > > JBoss, a division of Red Hat > >>> > > http://bill.burkecentral.com > >>> > > > >>> > _______________________________________________ > >>> > keycloak-user mailing list > >>> > keycloak-user at lists.jboss.org > >>> > https://lists.jboss.org/mailman/listinfo/keycloak-user > >>> > > >>> _______________________________________________ > >>> keycloak-user mailing list > >>> keycloak-user at lists.jboss.org > >>> https://lists.jboss.org/mailman/listinfo/keycloak-user > >>> > >> > >> > >> > >> -- > >> Rodrigo Sasaki > >> > > > > > > > > -- > > Rodrigo Sasaki > > > > > > -- > Rodrigo Sasaki > From rodrigopsasaki at gmail.com Wed Jul 30 09:35:48 2014 From: rodrigopsasaki at gmail.com (Rodrigo Sasaki) Date: Wed, 30 Jul 2014 10:35:48 -0300 Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: <185873083.20441868.1406726950922.JavaMail.zimbra@redhat.com> References: <1238071501.18052800.1406294468909.JavaMail.zimbra@redhat.com> <53D25A42.9010604@redhat.com> <455123582.18060022.1406295044131.JavaMail.zimbra@redhat.com> <456387541.18067244.1406295524609.JavaMail.zimbra@redhat.com> <185873083.20441868.1406726950922.JavaMail.zimbra@redhat.com> Message-ID: Oh, great to hear :) Thank you very much! On Wed, Jul 30, 2014 at 10:29 AM, Stian Thorgersen wrote: > Added login_hint query param. It can be used with keycloak.js with either: > > keycloak.login({ loginHint: 'username' }) > > or > > keycloak.createLoginUrl({ loginHint: 'username' }) > > ----- Original Message ----- > > From: "Rodrigo Sasaki" > > To: "Stian Thorgersen" > > Cc: "Bill Burke" , keycloak-user at lists.jboss.org > > Sent: Friday, 25 July, 2014 6:11:47 PM > > Subject: Re: [keycloak-user] Authenticate user without using login page > > > > It all worked great with the iframe, if I style it properly and use that > > login_hint it should be perfect. > > > > Now how should I go about developing/using this login_hint? Are there any > > tips on this, or is it something that you plan on including yourselves? > > > > > > On Fri, Jul 25, 2014 at 1:21 PM, Rodrigo Sasaki < > rodrigopsasaki at gmail.com> > > wrote: > > > > > Just one more thing that wasn't completely clear to me. > > > > > > if I add a login page on an iframe, the user will be logged normally? > Or > > > would I have to get a token and keep managing it? > > > > > > > > > On Fri, Jul 25, 2014 at 10:42 AM, Rodrigo Sasaki < > rodrigopsasaki at gmail.com > > > > wrote: > > > > > >> That idea actually sounds amazing, I didn't look into keycloak.js yet, > > >> but I'll see if I can get it working before I think about styling. > > >> > > >> Thank you very much! > > >> > > >> > > >> On Fri, Jul 25, 2014 at 10:38 AM, Stian Thorgersen > > >> wrote: > > >> > > >>> I think we could quite easily add support for embedding the login > page > > >>> to keycloak.js. Rough idea: > > >>> > > >>> 1. Set an option on keycloak.js to use embedded login form. Would > also > > >>> require setting an id for a div where the form should be embedded. > > >>> 2. When clicking on login instead of redirecting it would render an > > >>> iframe element inside the configured div with the src of the iframe > being > > >>> the login page on Keycloak > > >>> 3. The redirect-uri would be a special url on Keycloak that renders a > > >>> similar page to the iframe session page that allows posting a message > > >>> back > > >>> to keycloak.js containing the code > > >>> 4. Now keycloak.js can swap the code as usual > > >>> > > >>> One thing is that we'd probably need an additional styling of the > login > > >>> form, as you would want the login page to display differently when > > >>> embedded > > >>> compared to when you redirect to it. > > >>> > > >>> ----- Original Message ----- > > >>> > From: "Stian Thorgersen" > > >>> > To: "Bill Burke" > > >>> > Cc: keycloak-user at lists.jboss.org > > >>> > Sent: Friday, 25 July, 2014 2:30:44 PM > > >>> > Subject: Re: [keycloak-user] Authenticate user without using login > page > > >>> > > > >>> > The cookies should be set fine, as the iframe would contain the > login > > >>> page > > >>> > directly from Keycloak. > > >>> > > > >>> > It would redirect to a special page on the app that after > extracting > > >>> the code > > >>> > would close the popup. > > >>> > > > >>> > ----- Original Message ----- > > >>> > > From: "Bill Burke" > > >>> > > To: "Stian Thorgersen" , "Rodrigo Sasaki" > > >>> > > > > >>> > > Cc: keycloak-user at lists.jboss.org > > >>> > > Sent: Friday, 25 July, 2014 2:23:14 PM > > >>> > > Subject: Re: [keycloak-user] Authenticate user without using > login > > >>> page > > >>> > > > > >>> > > not sure this will work with SSO. I'm not sure CORS requests can > > >>> deal > > >>> > > with cookies. > > >>> > > > > >>> > > On 7/25/2014 9:21 AM, Stian Thorgersen wrote: > > >>> > > > What about using an iframe in the popup to include the login > form > > >>> from > > >>> > > > Keycloak? > > >>> > > > > > >>> > > > You can send a HTTP POST to > > >>> /auth-server//tokens/grants/access > > >>> > > > with > > >>> > > > client id/secret and username/password and get a token back. > With > > >>> > > > keycloak.js you can give it this token, not sure how/if this > flow > > >>> works > > >>> > > > with the server-side (Undertow) adapter. > > >>> > > > > > >>> > > > ----- Original Message ----- > > >>> > > >> From: "Rodrigo Sasaki" > > >>> > > >> To: "Stian Thorgersen" > > >>> > > >> Cc: "Bill Burke" , > > >>> keycloak-user at lists.jboss.org > > >>> > > >> Sent: Friday, 25 July, 2014 2:08:43 PM > > >>> > > >> Subject: Re: [keycloak-user] Authenticate user without using > > >>> login page > > >>> > > >> > > >>> > > >> Actually, the main problem is one of the flows where the > password > > >>> > > >> request > > >>> > > >> appears in a popup, there's no redirect at all, and one of the > > >>> things > > >>> > > >> that > > >>> > > >> were agreed upon when decided to change the authentication > > >>> provider, was > > >>> > > >> that nothing would be altered in the user experience. > > >>> > > >> > > >>> > > >> So I really have to try and make keycloak "fit in" in these > > >>> particular > > >>> > > >> scenarios, they are not used as much as the ones where we'll > use > > >>> the > > >>> > > >> keycloak login page with our own style, but I do have to make > > >>> them work. > > >>> > > >> > > >>> > > >> When you say I could use direct grant to get a token, would > that > > >>> count > > >>> > > >> as > > >>> > > >> the same as an user logging in? It's not really clear to me > right > > >>> now > > >>> > > >> > > >>> > > >> > > >>> > > >> On Fri, Jul 25, 2014 at 9:56 AM, Stian Thorgersen < > > >>> stian at redhat.com> > > >>> > > >> wrote: > > >>> > > >> > > >>> > > >>> Yes, but I'm wondering why the following won't work: > > >>> > > >>> > > >>> > > >>> 1. Ask for users email (in your app, not KC) > > >>> > > >>> 2. Once you get to the flow where a user has to login: > > >>> > > >>> a) If user doesn't exist in KC (you can use admin > endpoints > > >>> to > > >>> > > >>> check > > >>> > > >>> this) redirect to registration page on KC with email already > > >>> entered > > >>> > > >>> b) If user does exist in KC redirect to login page again > > >>> with email > > >>> > > >>> already entered > > >>> > > >>> 3. Redirect back to app > > >>> > > >>> > > >>> > > >>> ----- Original Message ----- > > >>> > > >>>> From: "Bill Burke" > > >>> > > >>>> To: "Stian Thorgersen" , "Rodrigo > Sasaki" < > > >>> > > >>> rodrigopsasaki at gmail.com> > > >>> > > >>>> Cc: keycloak-user at lists.jboss.org > > >>> > > >>>> Sent: Friday, 25 July, 2014 1:48:45 PM > > >>> > > >>>> Subject: Re: [keycloak-user] Authenticate user without using > > >>> login > > >>> > > >>>> page > > >>> > > >>>> > > >>> > > >>>> It is because their first login screen is just something > asking > > >>> for an > > >>> > > >>>> email. If the email doesn't exist as a user, they want a > > >>> redirect to > > >>> > > >>>> the register page. > > >>> > > >>>> > > >>> > > >>>> On 7/25/2014 5:08 AM, Stian Thorgersen wrote: > > >>> > > >>>>> Yes, you can use the direct grant to retrieve a token. > > >>> > > >>>>> > > >>> > > >>>>> I'd like to know why redirecting to the login form, when > > >>> styled to > > >>> > > >>> match > > >>> > > >>>>> your website, and using login_hint to pre-fill > username/email > > >>> doesn't > > >>> > > >>>>> work. Maybe there's something we can do so that you can > still > > >>> use the > > >>> > > >>>>> "proper" flow? > > >>> > > >>>>> > > >>> > > >>>>> ----- Original Message ----- > > >>> > > >>>>>> From: "Rodrigo Sasaki" > > >>> > > >>>>>> To: "Stian Thorgersen" > > >>> > > >>>>>> Cc: "Bill Burke" , > > >>> keycloak-user at lists.jboss.org > > >>> > > >>>>>> Sent: Thursday, 24 July, 2014 6:13:17 PM > > >>> > > >>>>>> Subject: Re: [keycloak-user] Authenticate user without > using > > >>> login > > >>> > > >>> page > > >>> > > >>>>>> > > >>> > > >>>>>> Sorry to keep insisting on this, but since it's being a > huge > > >>> > > >>> showstopper > > >>> > > >>>>>> so > > >>> > > >>>>>> far, I just have to ask. > > >>> > > >>>>>> > > >>> > > >>>>>> If I don't mind trading off SSO and all the other benefits > > >>> that the > > >>> > > >>>>>> Keycloak login page provides me, would there be a way for > me > > >>> to do > > >>> > > >>> what I > > >>> > > >>>>>> want? > > >>> > > >>>>>> > > >>> > > >>>>>> > > >>> > > >>>>>> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen < > > >>> stian at redhat.com> > > >>> > > >>>>>> wrote: > > >>> > > >>>>>> > > >>> > > >>>>>>> We could add support for login_hint query param so you > can > > >>> have the > > >>> > > >>>>>>> username/email field on the login form pre-filled for the > > >>> user, so > > >>> > > >>> once a > > >>> > > >>>>>>> user has to authenticate you redirect to login on KC and > all > > >>> they > > >>> > > >>> would > > >>> > > >>>>>>> have to do is enter their password. > > >>> > > >>>>>>> > > >>> > > >>>>>>> If you bypass the login forms you'd loose SSO, > multi-factor > > >>> > > >>>>>>> support, > > >>> > > >>>>>>> required actions, recover password, etc, etc, etc.. > > >>> > > >>>>>>> > > >>> > > >>>>>>> As Bill mentioned we provide very flexible login forms > that > > >>> can be > > >>> > > >>>>>>> templated using either just css or even FreeMarker > templates > > >>> if you > > >>> > > >>> need > > >>> > > >>>>>>> a > > >>> > > >>>>>>> lot of customization, so you should be able to make the > > >>> login form > > >>> > > >>>>>>> integrate well with your website. > > >>> > > >>>>>>> > > >>> > > >>>>>>> ----- Original Message ----- > > >>> > > >>>>>>>> From: "Rodrigo Sasaki" > > >>> > > >>>>>>>> To: "Bill Burke" > > >>> > > >>>>>>>> Cc: keycloak-user at lists.jboss.org > > >>> > > >>>>>>>> Sent: Thursday, 17 July, 2014 6:52:08 PM > > >>> > > >>>>>>>> Subject: Re: [keycloak-user] Authenticate user without > > >>> using login > > >>> > > >>> page > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> You think there could be a way to do this within > keycloak > > >>> itself? > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < > > >>> > > >>>>>>> rodrigopsasaki at gmail.com > > > >>> > > >>>>>>>> wrote: > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> I'll give you an example: > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> We have a situation in our website where we only ask > for the > > >>> > > >>>>>>>> user's > > >>> > > >>>>>>> e-mail, > > >>> > > >>>>>>>> and he can go on with the flow. > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> On a determined step of the flow, if we identify that > this > > >>> is an > > >>> > > >>> e-mail > > >>> > > >>>>>>> that > > >>> > > >>>>>>>> we already have in our user database, we ask him for his > > >>> password, > > >>> > > >>>>>>>> authenticate him, and let him go on, if this e-mail is > new, > > >>> we > > >>> > > >>> redirect > > >>> > > >>>>>>> him > > >>> > > >>>>>>>> to a page where he can register himself, and after that > > >>> continue > > >>> > > >>>>>>>> on. > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> On this specific case and others, we wouldn't like to > have > > >>> to > > >>> > > >>> redirect > > >>> > > >>>>>>> him to > > >>> > > >>>>>>>> keycloak, because that would interrupt the flow that we > > >>> designed. > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < > > >>> bburke at redhat.com > > > >>> > > >>> wrote: > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ > > >>> > > >>>>>>>> userguide/html/direct-access- grants.html > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> If you have to do it this way, please let us know why. > > >>> Maybe we > > >>> > > >>>>>>>> can > > >>> > > >>>>>>> solve the > > >>> > > >>>>>>>> issue within keycloak itself. > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> Just for the sake of conversation, if I did want to > handle > > >>> my own > > >>> > > >>> login > > >>> > > >>>>>>>> page, would there be a way for me to do it? > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki > > >>> > > >>>>>>>> < rodrigopsasaki at gmail.com rodrigopsasaki at gmail. > > >>> com >> > > >>> > > >>> wrote: > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> I don't want to miss out on all of that, which is why > we're > > >>> mostly > > >>> > > >>>>>>>> migrating everything to use keycloak that way. > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> It's just that we have cases that are so specific, that > it > > >>> would > > >>> > > >>>>>>>> be > > >>> > > >>>>>>>> better to authenticate the user in a different manner, > > >>> create the > > >>> > > >>>>>>>> user session and everything, without redirecting. > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> I'll have a look at that code. Thanks! > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < > > >>> bburke at redhat.com > > >>> > > >>>>>>>> > wrote: > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> If you want to handle your own login pages, IMO, you are > > >>> missing > > >>> > > >>>>>>>> out on > > >>> > > >>>>>>>> a lot of Keycloak features. Specifically: > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> * SSO > > >>> > > >>>>>>>> * forgot password > > >>> > > >>>>>>>> * admin forced credential reset/setup > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> Login pages can be styled however you like to look like > your > > >>> > > >>>>>>>> application. > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> There is a REST api for obtaining an access token. Here > is > > >>> an > > >>> > > >>>>>>>> example: > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> https://github.com/keycloak/ > keycloak/blob/master/examples/ > > >>> > > >>>>>>>> demo-template/admin-access- app/src/main/java/org/ > > >>> > > >>>>>>>> keycloak/example/AdminClient. java > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: > > >>> > > >>>>>>>>> Is there a way to authenticate the user without having > to > > >>> > > >>>>>>>> input username > > >>> > > >>>>>>>>> and password on the login page? > > >>> > > >>>>>>>>> > > >>> > > >>>>>>>>> For example: > > >>> > > >>>>>>>>> > > >>> > > >>>>>>>>> Say there's a situation in my application where I > request > > >>> the > > >>> > > >>>>>>>> user for > > >>> > > >>>>>>>>> his username and password, and I wouldn't like to > redirect > > >>> > > >>>>>>>> that to the > > >>> > > >>>>>>>>> keycloak login page to authenticate him, would there > be a > > >>> way > > >>> > > >>>>>>>> for me to > > >>> > > >>>>>>>>> do that? > > >>> > > >>>>>>>>> > > >>> > > >>>>>>>>> -- > > >>> > > >>>>>>>>> Rodrigo Sasaki > > >>> > > >>>>>>>>> > > >>> > > >>>>>>>>> > > >>> > > >>>>>>>>> ______________________________ _________________ > > >>> > > >>>>>>>>> keycloak-user mailing list > > >>> > > >>>>>>>>> keycloak-user at lists.jboss.org > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>>> https://lists.jboss.org/ > mailman/listinfo/keycloak-user > > >>> > > >>>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> -- > > >>> > > >>>>>>>> Bill Burke > > >>> > > >>>>>>>> JBoss, a division of Red Hat > > >>> > > >>>>>>>> http://bill.burkecentral.com > > >>> > > >>>>>>>> ______________________________ _________________ > > >>> > > >>>>>>>> keycloak-user mailing list > > >>> > > >>>>>>>> keycloak-user at lists.jboss.org keycloak-user at lists. > > >>> > > >>> jboss.org > > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> -- > > >>> > > >>>>>>>> Rodrigo Sasaki > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> -- > > >>> > > >>>>>>>> Rodrigo Sasaki > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> -- > > >>> > > >>>>>>>> Bill Burke > > >>> > > >>>>>>>> JBoss, a division of Red Hat > > >>> > > >>>>>>>> http://bill.burkecentral.com > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> -- > > >>> > > >>>>>>>> Rodrigo Sasaki > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> -- > > >>> > > >>>>>>>> Rodrigo Sasaki > > >>> > > >>>>>>>> > > >>> > > >>>>>>>> _______________________________________________ > > >>> > > >>>>>>>> keycloak-user mailing list > > >>> > > >>>>>>>> keycloak-user at lists.jboss.org > > >>> > > >>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user > > >>> > > >>>>>>> > > >>> > > >>>>>> > > >>> > > >>>>>> > > >>> > > >>>>>> > > >>> > > >>>>>> -- > > >>> > > >>>>>> Rodrigo Sasaki > > >>> > > >>>>>> > > >>> > > >>>> > > >>> > > >>>> -- > > >>> > > >>>> Bill Burke > > >>> > > >>>> JBoss, a division of Red Hat > > >>> > > >>>> http://bill.burkecentral.com > > >>> > > >>>> > > >>> > > >>> > > >>> > > >> > > >>> > > >> > > >>> > > >> > > >>> > > >> -- > > >>> > > >> Rodrigo Sasaki > > >>> > > >> > > >>> > > > > >>> > > -- > > >>> > > Bill Burke > > >>> > > JBoss, a division of Red Hat > > >>> > > http://bill.burkecentral.com > > >>> > > > > >>> > _______________________________________________ > > >>> > keycloak-user mailing list > > >>> > keycloak-user at lists.jboss.org > > >>> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > >>> > > > >>> _______________________________________________ > > >>> keycloak-user mailing list > > >>> keycloak-user at lists.jboss.org > > >>> https://lists.jboss.org/mailman/listinfo/keycloak-user > > >>> > > >> > > >> > > >> > > >> -- > > >> Rodrigo Sasaki > > >> > > > > > > > > > > > > -- > > > Rodrigo Sasaki > > > > > > > > > > > -- > > Rodrigo Sasaki > > > -- Rodrigo Sasaki -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140730/ea3c3366/attachment-0001.html From bburke at redhat.com Wed Jul 30 09:38:32 2014 From: bburke at redhat.com (Bill Burke) Date: Wed, 30 Jul 2014 09:38:32 -0400 Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: <185873083.20441868.1406726950922.JavaMail.zimbra@redhat.com> References: <1238071501.18052800.1406294468909.JavaMail.zimbra@redhat.com> <53D25A42.9010604@redhat.com> <455123582.18060022.1406295044131.JavaMail.zimbra@redhat.com> <456387541.18067244.1406295524609.JavaMail.zimbra@redhat.com> <185873083.20441868.1406726950922.JavaMail.zimbra@redhat.com> Message-ID: <53D8F558.5050902@redhat.com> OpenID Connect protocol is used to implement this? On 7/30/2014 9:29 AM, Stian Thorgersen wrote: > Added login_hint query param. It can be used with keycloak.js with either: > > keycloak.login({ loginHint: 'username' }) > > or > > keycloak.createLoginUrl({ loginHint: 'username' }) > > ----- Original Message ----- >> From: "Rodrigo Sasaki" >> To: "Stian Thorgersen" >> Cc: "Bill Burke" , keycloak-user at lists.jboss.org >> Sent: Friday, 25 July, 2014 6:11:47 PM >> Subject: Re: [keycloak-user] Authenticate user without using login page >> >> It all worked great with the iframe, if I style it properly and use that >> login_hint it should be perfect. >> >> Now how should I go about developing/using this login_hint? Are there any >> tips on this, or is it something that you plan on including yourselves? >> >> >> On Fri, Jul 25, 2014 at 1:21 PM, Rodrigo Sasaki >> wrote: >> >>> Just one more thing that wasn't completely clear to me. >>> >>> if I add a login page on an iframe, the user will be logged normally? Or >>> would I have to get a token and keep managing it? >>> >>> >>> On Fri, Jul 25, 2014 at 10:42 AM, Rodrigo Sasaki >>> wrote: >>> >>>> That idea actually sounds amazing, I didn't look into keycloak.js yet, >>>> but I'll see if I can get it working before I think about styling. >>>> >>>> Thank you very much! >>>> >>>> >>>> On Fri, Jul 25, 2014 at 10:38 AM, Stian Thorgersen >>>> wrote: >>>> >>>>> I think we could quite easily add support for embedding the login page >>>>> to keycloak.js. Rough idea: >>>>> >>>>> 1. Set an option on keycloak.js to use embedded login form. Would also >>>>> require setting an id for a div where the form should be embedded. >>>>> 2. When clicking on login instead of redirecting it would render an >>>>> iframe element inside the configured div with the src of the iframe being >>>>> the login page on Keycloak >>>>> 3. The redirect-uri would be a special url on Keycloak that renders a >>>>> similar page to the iframe session page that allows posting a message >>>>> back >>>>> to keycloak.js containing the code >>>>> 4. Now keycloak.js can swap the code as usual >>>>> >>>>> One thing is that we'd probably need an additional styling of the login >>>>> form, as you would want the login page to display differently when >>>>> embedded >>>>> compared to when you redirect to it. >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Stian Thorgersen" >>>>>> To: "Bill Burke" >>>>>> Cc: keycloak-user at lists.jboss.org >>>>>> Sent: Friday, 25 July, 2014 2:30:44 PM >>>>>> Subject: Re: [keycloak-user] Authenticate user without using login page >>>>>> >>>>>> The cookies should be set fine, as the iframe would contain the login >>>>> page >>>>>> directly from Keycloak. >>>>>> >>>>>> It would redirect to a special page on the app that after extracting >>>>> the code >>>>>> would close the popup. >>>>>> >>>>>> ----- Original Message ----- >>>>>>> From: "Bill Burke" >>>>>>> To: "Stian Thorgersen" , "Rodrigo Sasaki" >>>>>>> >>>>>>> Cc: keycloak-user at lists.jboss.org >>>>>>> Sent: Friday, 25 July, 2014 2:23:14 PM >>>>>>> Subject: Re: [keycloak-user] Authenticate user without using login >>>>> page >>>>>>> >>>>>>> not sure this will work with SSO. I'm not sure CORS requests can >>>>> deal >>>>>>> with cookies. >>>>>>> >>>>>>> On 7/25/2014 9:21 AM, Stian Thorgersen wrote: >>>>>>>> What about using an iframe in the popup to include the login form >>>>> from >>>>>>>> Keycloak? >>>>>>>> >>>>>>>> You can send a HTTP POST to >>>>> /auth-server//tokens/grants/access >>>>>>>> with >>>>>>>> client id/secret and username/password and get a token back. With >>>>>>>> keycloak.js you can give it this token, not sure how/if this flow >>>>> works >>>>>>>> with the server-side (Undertow) adapter. >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>>> From: "Rodrigo Sasaki" >>>>>>>>> To: "Stian Thorgersen" >>>>>>>>> Cc: "Bill Burke" , >>>>> keycloak-user at lists.jboss.org >>>>>>>>> Sent: Friday, 25 July, 2014 2:08:43 PM >>>>>>>>> Subject: Re: [keycloak-user] Authenticate user without using >>>>> login page >>>>>>>>> >>>>>>>>> Actually, the main problem is one of the flows where the password >>>>>>>>> request >>>>>>>>> appears in a popup, there's no redirect at all, and one of the >>>>> things >>>>>>>>> that >>>>>>>>> were agreed upon when decided to change the authentication >>>>> provider, was >>>>>>>>> that nothing would be altered in the user experience. >>>>>>>>> >>>>>>>>> So I really have to try and make keycloak "fit in" in these >>>>> particular >>>>>>>>> scenarios, they are not used as much as the ones where we'll use >>>>> the >>>>>>>>> keycloak login page with our own style, but I do have to make >>>>> them work. >>>>>>>>> >>>>>>>>> When you say I could use direct grant to get a token, would that >>>>> count >>>>>>>>> as >>>>>>>>> the same as an user logging in? It's not really clear to me right >>>>> now >>>>>>>>> >>>>>>>>> >>>>>>>>> On Fri, Jul 25, 2014 at 9:56 AM, Stian Thorgersen < >>>>> stian at redhat.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Yes, but I'm wondering why the following won't work: >>>>>>>>>> >>>>>>>>>> 1. Ask for users email (in your app, not KC) >>>>>>>>>> 2. Once you get to the flow where a user has to login: >>>>>>>>>> a) If user doesn't exist in KC (you can use admin endpoints >>>>> to >>>>>>>>>> check >>>>>>>>>> this) redirect to registration page on KC with email already >>>>> entered >>>>>>>>>> b) If user does exist in KC redirect to login page again >>>>> with email >>>>>>>>>> already entered >>>>>>>>>> 3. Redirect back to app >>>>>>>>>> >>>>>>>>>> ----- Original Message ----- >>>>>>>>>>> From: "Bill Burke" >>>>>>>>>>> To: "Stian Thorgersen" , "Rodrigo Sasaki" < >>>>>>>>>> rodrigopsasaki at gmail.com> >>>>>>>>>>> Cc: keycloak-user at lists.jboss.org >>>>>>>>>>> Sent: Friday, 25 July, 2014 1:48:45 PM >>>>>>>>>>> Subject: Re: [keycloak-user] Authenticate user without using >>>>> login >>>>>>>>>>> page >>>>>>>>>>> >>>>>>>>>>> It is because their first login screen is just something asking >>>>> for an >>>>>>>>>>> email. If the email doesn't exist as a user, they want a >>>>> redirect to >>>>>>>>>>> the register page. >>>>>>>>>>> >>>>>>>>>>> On 7/25/2014 5:08 AM, Stian Thorgersen wrote: >>>>>>>>>>>> Yes, you can use the direct grant to retrieve a token. >>>>>>>>>>>> >>>>>>>>>>>> I'd like to know why redirecting to the login form, when >>>>> styled to >>>>>>>>>> match >>>>>>>>>>>> your website, and using login_hint to pre-fill username/email >>>>> doesn't >>>>>>>>>>>> work. Maybe there's something we can do so that you can still >>>>> use the >>>>>>>>>>>> "proper" flow? >>>>>>>>>>>> >>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>> From: "Rodrigo Sasaki" >>>>>>>>>>>>> To: "Stian Thorgersen" >>>>>>>>>>>>> Cc: "Bill Burke" , >>>>> keycloak-user at lists.jboss.org >>>>>>>>>>>>> Sent: Thursday, 24 July, 2014 6:13:17 PM >>>>>>>>>>>>> Subject: Re: [keycloak-user] Authenticate user without using >>>>> login >>>>>>>>>> page >>>>>>>>>>>>> >>>>>>>>>>>>> Sorry to keep insisting on this, but since it's being a huge >>>>>>>>>> showstopper >>>>>>>>>>>>> so >>>>>>>>>>>>> far, I just have to ask. >>>>>>>>>>>>> >>>>>>>>>>>>> If I don't mind trading off SSO and all the other benefits >>>>> that the >>>>>>>>>>>>> Keycloak login page provides me, would there be a way for me >>>>> to do >>>>>>>>>> what I >>>>>>>>>>>>> want? >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen < >>>>> stian at redhat.com> >>>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> We could add support for login_hint query param so you can >>>>> have the >>>>>>>>>>>>>> username/email field on the login form pre-filled for the >>>>> user, so >>>>>>>>>> once a >>>>>>>>>>>>>> user has to authenticate you redirect to login on KC and all >>>>> they >>>>>>>>>> would >>>>>>>>>>>>>> have to do is enter their password. >>>>>>>>>>>>>> >>>>>>>>>>>>>> If you bypass the login forms you'd loose SSO, multi-factor >>>>>>>>>>>>>> support, >>>>>>>>>>>>>> required actions, recover password, etc, etc, etc.. >>>>>>>>>>>>>> >>>>>>>>>>>>>> As Bill mentioned we provide very flexible login forms that >>>>> can be >>>>>>>>>>>>>> templated using either just css or even FreeMarker templates >>>>> if you >>>>>>>>>> need >>>>>>>>>>>>>> a >>>>>>>>>>>>>> lot of customization, so you should be able to make the >>>>> login form >>>>>>>>>>>>>> integrate well with your website. >>>>>>>>>>>>>> >>>>>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>>>>> From: "Rodrigo Sasaki" >>>>>>>>>>>>>>> To: "Bill Burke" >>>>>>>>>>>>>>> Cc: keycloak-user at lists.jboss.org >>>>>>>>>>>>>>> Sent: Thursday, 17 July, 2014 6:52:08 PM >>>>>>>>>>>>>>> Subject: Re: [keycloak-user] Authenticate user without >>>>> using login >>>>>>>>>> page >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> You think there could be a way to do this within keycloak >>>>> itself? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < >>>>>>>>>>>>>> rodrigopsasaki at gmail.com > >>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I'll give you an example: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> We have a situation in our website where we only ask for the >>>>>>>>>>>>>>> user's >>>>>>>>>>>>>> e-mail, >>>>>>>>>>>>>>> and he can go on with the flow. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On a determined step of the flow, if we identify that this >>>>> is an >>>>>>>>>> e-mail >>>>>>>>>>>>>> that >>>>>>>>>>>>>>> we already have in our user database, we ask him for his >>>>> password, >>>>>>>>>>>>>>> authenticate him, and let him go on, if this e-mail is new, >>>>> we >>>>>>>>>> redirect >>>>>>>>>>>>>> him >>>>>>>>>>>>>>> to a page where he can register himself, and after that >>>>> continue >>>>>>>>>>>>>>> on. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On this specific case and others, we wouldn't like to have >>>>> to >>>>>>>>>> redirect >>>>>>>>>>>>>> him to >>>>>>>>>>>>>>> keycloak, because that would interrupt the flow that we >>>>> designed. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < >>>>> bburke at redhat.com > >>>>>>>>>> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ >>>>>>>>>>>>>>> userguide/html/direct-access- grants.html >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> If you have to do it this way, please let us know why. >>>>> Maybe we >>>>>>>>>>>>>>> can >>>>>>>>>>>>>> solve the >>>>>>>>>>>>>>> issue within keycloak itself. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Just for the sake of conversation, if I did want to handle >>>>> my own >>>>>>>>>> login >>>>>>>>>>>>>>> page, would there be a way for me to do it? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki >>>>>>>>>>>>>>> < rodrigopsasaki at gmail.com >>>> com >> >>>>>>>>>> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I don't want to miss out on all of that, which is why we're >>>>> mostly >>>>>>>>>>>>>>> migrating everything to use keycloak that way. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> It's just that we have cases that are so specific, that it >>>>> would >>>>>>>>>>>>>>> be >>>>>>>>>>>>>>> better to authenticate the user in a different manner, >>>>> create the >>>>>>>>>>>>>>> user session and everything, without redirecting. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I'll have a look at that code. Thanks! >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < >>>>> bburke at redhat.com >>>>>>>>>>>>>>> > wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> If you want to handle your own login pages, IMO, you are >>>>> missing >>>>>>>>>>>>>>> out on >>>>>>>>>>>>>>> a lot of Keycloak features. Specifically: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> * SSO >>>>>>>>>>>>>>> * forgot password >>>>>>>>>>>>>>> * admin forced credential reset/setup >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Login pages can be styled however you like to look like your >>>>>>>>>>>>>>> application. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> There is a REST api for obtaining an access token. Here is >>>>> an >>>>>>>>>>>>>>> example: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> https://github.com/keycloak/ keycloak/blob/master/examples/ >>>>>>>>>>>>>>> demo-template/admin-access- app/src/main/java/org/ >>>>>>>>>>>>>>> keycloak/example/AdminClient. java >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: >>>>>>>>>>>>>>>> Is there a way to authenticate the user without having to >>>>>>>>>>>>>>> input username >>>>>>>>>>>>>>>> and password on the login page? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> For example: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Say there's a situation in my application where I request >>>>> the >>>>>>>>>>>>>>> user for >>>>>>>>>>>>>>>> his username and password, and I wouldn't like to redirect >>>>>>>>>>>>>>> that to the >>>>>>>>>>>>>>>> keycloak login page to authenticate him, would there be a >>>>> way >>>>>>>>>>>>>>> for me to >>>>>>>>>>>>>>>> do that? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> Rodrigo Sasaki >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> ______________________________ _________________ >>>>>>>>>>>>>>>> keycloak-user mailing list >>>>>>>>>>>>>>>> keycloak-user at lists.jboss.org >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> Bill Burke >>>>>>>>>>>>>>> JBoss, a division of Red Hat >>>>>>>>>>>>>>> http://bill.burkecentral.com >>>>>>>>>>>>>>> ______________________________ _________________ >>>>>>>>>>>>>>> keycloak-user mailing list >>>>>>>>>>>>>>> keycloak-user at lists.jboss.org >>>>>>>>> jboss.org > >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> Rodrigo Sasaki >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> Rodrigo Sasaki >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> Bill Burke >>>>>>>>>>>>>>> JBoss, a division of Red Hat >>>>>>>>>>>>>>> http://bill.burkecentral.com >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> Rodrigo Sasaki >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> Rodrigo Sasaki >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>>> keycloak-user mailing list >>>>>>>>>>>>>>> keycloak-user at lists.jboss.org >>>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Rodrigo Sasaki >>>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Bill Burke >>>>>>>>>>> JBoss, a division of Red Hat >>>>>>>>>>> http://bill.burkecentral.com >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Rodrigo Sasaki >>>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Bill Burke >>>>>>> JBoss, a division of Red Hat >>>>>>> http://bill.burkecentral.com >>>>>>> >>>>>> _______________________________________________ >>>>>> keycloak-user mailing list >>>>>> keycloak-user at lists.jboss.org >>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>> >>>>> _______________________________________________ >>>>> keycloak-user mailing list >>>>> keycloak-user at lists.jboss.org >>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>> >>>> >>>> >>>> >>>> -- >>>> Rodrigo Sasaki >>>> >>> >>> >>> >>> -- >>> Rodrigo Sasaki >>> >> >> >> >> -- >> Rodrigo Sasaki >> -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From stian at redhat.com Wed Jul 30 09:48:45 2014 From: stian at redhat.com (Stian Thorgersen) Date: Wed, 30 Jul 2014 09:48:45 -0400 (EDT) Subject: [keycloak-user] Authenticate user without using login page In-Reply-To: <53D8F558.5050902@redhat.com> References: <455123582.18060022.1406295044131.JavaMail.zimbra@redhat.com> <456387541.18067244.1406295524609.JavaMail.zimbra@redhat.com> <185873083.20441868.1406726950922.JavaMail.zimbra@redhat.com> <53D8F558.5050902@redhat.com> Message-ID: <2092751170.20453860.1406728125335.JavaMail.zimbra@redhat.com> Yes, login_hint is one of the optional request parameters supported by OpenID Connect ----- Original Message ----- > From: "Bill Burke" > To: "Stian Thorgersen" , "Rodrigo Sasaki" > Cc: keycloak-user at lists.jboss.org > Sent: Wednesday, 30 July, 2014 2:38:32 PM > Subject: Re: [keycloak-user] Authenticate user without using login page > > OpenID Connect protocol is used to implement this? > > On 7/30/2014 9:29 AM, Stian Thorgersen wrote: > > Added login_hint query param. It can be used with keycloak.js with either: > > > > keycloak.login({ loginHint: 'username' }) > > > > or > > > > keycloak.createLoginUrl({ loginHint: 'username' }) > > > > ----- Original Message ----- > >> From: "Rodrigo Sasaki" > >> To: "Stian Thorgersen" > >> Cc: "Bill Burke" , keycloak-user at lists.jboss.org > >> Sent: Friday, 25 July, 2014 6:11:47 PM > >> Subject: Re: [keycloak-user] Authenticate user without using login page > >> > >> It all worked great with the iframe, if I style it properly and use that > >> login_hint it should be perfect. > >> > >> Now how should I go about developing/using this login_hint? Are there any > >> tips on this, or is it something that you plan on including yourselves? > >> > >> > >> On Fri, Jul 25, 2014 at 1:21 PM, Rodrigo Sasaki > >> wrote: > >> > >>> Just one more thing that wasn't completely clear to me. > >>> > >>> if I add a login page on an iframe, the user will be logged normally? Or > >>> would I have to get a token and keep managing it? > >>> > >>> > >>> On Fri, Jul 25, 2014 at 10:42 AM, Rodrigo Sasaki > >>> >>>> wrote: > >>> > >>>> That idea actually sounds amazing, I didn't look into keycloak.js yet, > >>>> but I'll see if I can get it working before I think about styling. > >>>> > >>>> Thank you very much! > >>>> > >>>> > >>>> On Fri, Jul 25, 2014 at 10:38 AM, Stian Thorgersen > >>>> wrote: > >>>> > >>>>> I think we could quite easily add support for embedding the login page > >>>>> to keycloak.js. Rough idea: > >>>>> > >>>>> 1. Set an option on keycloak.js to use embedded login form. Would also > >>>>> require setting an id for a div where the form should be embedded. > >>>>> 2. When clicking on login instead of redirecting it would render an > >>>>> iframe element inside the configured div with the src of the iframe > >>>>> being > >>>>> the login page on Keycloak > >>>>> 3. The redirect-uri would be a special url on Keycloak that renders a > >>>>> similar page to the iframe session page that allows posting a message > >>>>> back > >>>>> to keycloak.js containing the code > >>>>> 4. Now keycloak.js can swap the code as usual > >>>>> > >>>>> One thing is that we'd probably need an additional styling of the login > >>>>> form, as you would want the login page to display differently when > >>>>> embedded > >>>>> compared to when you redirect to it. > >>>>> > >>>>> ----- Original Message ----- > >>>>>> From: "Stian Thorgersen" > >>>>>> To: "Bill Burke" > >>>>>> Cc: keycloak-user at lists.jboss.org > >>>>>> Sent: Friday, 25 July, 2014 2:30:44 PM > >>>>>> Subject: Re: [keycloak-user] Authenticate user without using login > >>>>>> page > >>>>>> > >>>>>> The cookies should be set fine, as the iframe would contain the login > >>>>> page > >>>>>> directly from Keycloak. > >>>>>> > >>>>>> It would redirect to a special page on the app that after extracting > >>>>> the code > >>>>>> would close the popup. > >>>>>> > >>>>>> ----- Original Message ----- > >>>>>>> From: "Bill Burke" > >>>>>>> To: "Stian Thorgersen" , "Rodrigo Sasaki" > >>>>>>> > >>>>>>> Cc: keycloak-user at lists.jboss.org > >>>>>>> Sent: Friday, 25 July, 2014 2:23:14 PM > >>>>>>> Subject: Re: [keycloak-user] Authenticate user without using login > >>>>> page > >>>>>>> > >>>>>>> not sure this will work with SSO. I'm not sure CORS requests can > >>>>> deal > >>>>>>> with cookies. > >>>>>>> > >>>>>>> On 7/25/2014 9:21 AM, Stian Thorgersen wrote: > >>>>>>>> What about using an iframe in the popup to include the login form > >>>>> from > >>>>>>>> Keycloak? > >>>>>>>> > >>>>>>>> You can send a HTTP POST to > >>>>> /auth-server//tokens/grants/access > >>>>>>>> with > >>>>>>>> client id/secret and username/password and get a token back. With > >>>>>>>> keycloak.js you can give it this token, not sure how/if this flow > >>>>> works > >>>>>>>> with the server-side (Undertow) adapter. > >>>>>>>> > >>>>>>>> ----- Original Message ----- > >>>>>>>>> From: "Rodrigo Sasaki" > >>>>>>>>> To: "Stian Thorgersen" > >>>>>>>>> Cc: "Bill Burke" , > >>>>> keycloak-user at lists.jboss.org > >>>>>>>>> Sent: Friday, 25 July, 2014 2:08:43 PM > >>>>>>>>> Subject: Re: [keycloak-user] Authenticate user without using > >>>>> login page > >>>>>>>>> > >>>>>>>>> Actually, the main problem is one of the flows where the password > >>>>>>>>> request > >>>>>>>>> appears in a popup, there's no redirect at all, and one of the > >>>>> things > >>>>>>>>> that > >>>>>>>>> were agreed upon when decided to change the authentication > >>>>> provider, was > >>>>>>>>> that nothing would be altered in the user experience. > >>>>>>>>> > >>>>>>>>> So I really have to try and make keycloak "fit in" in these > >>>>> particular > >>>>>>>>> scenarios, they are not used as much as the ones where we'll use > >>>>> the > >>>>>>>>> keycloak login page with our own style, but I do have to make > >>>>> them work. > >>>>>>>>> > >>>>>>>>> When you say I could use direct grant to get a token, would that > >>>>> count > >>>>>>>>> as > >>>>>>>>> the same as an user logging in? It's not really clear to me right > >>>>> now > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> On Fri, Jul 25, 2014 at 9:56 AM, Stian Thorgersen < > >>>>> stian at redhat.com> > >>>>>>>>> wrote: > >>>>>>>>> > >>>>>>>>>> Yes, but I'm wondering why the following won't work: > >>>>>>>>>> > >>>>>>>>>> 1. Ask for users email (in your app, not KC) > >>>>>>>>>> 2. Once you get to the flow where a user has to login: > >>>>>>>>>> a) If user doesn't exist in KC (you can use admin endpoints > >>>>> to > >>>>>>>>>> check > >>>>>>>>>> this) redirect to registration page on KC with email already > >>>>> entered > >>>>>>>>>> b) If user does exist in KC redirect to login page again > >>>>> with email > >>>>>>>>>> already entered > >>>>>>>>>> 3. Redirect back to app > >>>>>>>>>> > >>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>> From: "Bill Burke" > >>>>>>>>>>> To: "Stian Thorgersen" , "Rodrigo Sasaki" < > >>>>>>>>>> rodrigopsasaki at gmail.com> > >>>>>>>>>>> Cc: keycloak-user at lists.jboss.org > >>>>>>>>>>> Sent: Friday, 25 July, 2014 1:48:45 PM > >>>>>>>>>>> Subject: Re: [keycloak-user] Authenticate user without using > >>>>> login > >>>>>>>>>>> page > >>>>>>>>>>> > >>>>>>>>>>> It is because their first login screen is just something asking > >>>>> for an > >>>>>>>>>>> email. If the email doesn't exist as a user, they want a > >>>>> redirect to > >>>>>>>>>>> the register page. > >>>>>>>>>>> > >>>>>>>>>>> On 7/25/2014 5:08 AM, Stian Thorgersen wrote: > >>>>>>>>>>>> Yes, you can use the direct grant to retrieve a token. > >>>>>>>>>>>> > >>>>>>>>>>>> I'd like to know why redirecting to the login form, when > >>>>> styled to > >>>>>>>>>> match > >>>>>>>>>>>> your website, and using login_hint to pre-fill username/email > >>>>> doesn't > >>>>>>>>>>>> work. Maybe there's something we can do so that you can still > >>>>> use the > >>>>>>>>>>>> "proper" flow? > >>>>>>>>>>>> > >>>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>>>> From: "Rodrigo Sasaki" > >>>>>>>>>>>>> To: "Stian Thorgersen" > >>>>>>>>>>>>> Cc: "Bill Burke" , > >>>>> keycloak-user at lists.jboss.org > >>>>>>>>>>>>> Sent: Thursday, 24 July, 2014 6:13:17 PM > >>>>>>>>>>>>> Subject: Re: [keycloak-user] Authenticate user without using > >>>>> login > >>>>>>>>>> page > >>>>>>>>>>>>> > >>>>>>>>>>>>> Sorry to keep insisting on this, but since it's being a huge > >>>>>>>>>> showstopper > >>>>>>>>>>>>> so > >>>>>>>>>>>>> far, I just have to ask. > >>>>>>>>>>>>> > >>>>>>>>>>>>> If I don't mind trading off SSO and all the other benefits > >>>>> that the > >>>>>>>>>>>>> Keycloak login page provides me, would there be a way for me > >>>>> to do > >>>>>>>>>> what I > >>>>>>>>>>>>> want? > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> On Fri, Jul 18, 2014 at 5:44 AM, Stian Thorgersen < > >>>>> stian at redhat.com> > >>>>>>>>>>>>> wrote: > >>>>>>>>>>>>> > >>>>>>>>>>>>>> We could add support for login_hint query param so you can > >>>>> have the > >>>>>>>>>>>>>> username/email field on the login form pre-filled for the > >>>>> user, so > >>>>>>>>>> once a > >>>>>>>>>>>>>> user has to authenticate you redirect to login on KC and all > >>>>> they > >>>>>>>>>> would > >>>>>>>>>>>>>> have to do is enter their password. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> If you bypass the login forms you'd loose SSO, multi-factor > >>>>>>>>>>>>>> support, > >>>>>>>>>>>>>> required actions, recover password, etc, etc, etc.. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> As Bill mentioned we provide very flexible login forms that > >>>>> can be > >>>>>>>>>>>>>> templated using either just css or even FreeMarker templates > >>>>> if you > >>>>>>>>>> need > >>>>>>>>>>>>>> a > >>>>>>>>>>>>>> lot of customization, so you should be able to make the > >>>>> login form > >>>>>>>>>>>>>> integrate well with your website. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>>>>>> From: "Rodrigo Sasaki" > >>>>>>>>>>>>>>> To: "Bill Burke" > >>>>>>>>>>>>>>> Cc: keycloak-user at lists.jboss.org > >>>>>>>>>>>>>>> Sent: Thursday, 17 July, 2014 6:52:08 PM > >>>>>>>>>>>>>>> Subject: Re: [keycloak-user] Authenticate user without > >>>>> using login > >>>>>>>>>> page > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> You think there could be a way to do this within keycloak > >>>>> itself? > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> On Wed, Jul 16, 2014 at 4:41 PM, Rodrigo Sasaki < > >>>>>>>>>>>>>> rodrigopsasaki at gmail.com > > >>>>>>>>>>>>>>> wrote: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> I'll give you an example: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> We have a situation in our website where we only ask for the > >>>>>>>>>>>>>>> user's > >>>>>>>>>>>>>> e-mail, > >>>>>>>>>>>>>>> and he can go on with the flow. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> On a determined step of the flow, if we identify that this > >>>>> is an > >>>>>>>>>> e-mail > >>>>>>>>>>>>>> that > >>>>>>>>>>>>>>> we already have in our user database, we ask him for his > >>>>> password, > >>>>>>>>>>>>>>> authenticate him, and let him go on, if this e-mail is new, > >>>>> we > >>>>>>>>>> redirect > >>>>>>>>>>>>>> him > >>>>>>>>>>>>>>> to a page where he can register himself, and after that > >>>>> continue > >>>>>>>>>>>>>>> on. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> On this specific case and others, we wouldn't like to have > >>>>> to > >>>>>>>>>> redirect > >>>>>>>>>>>>>> him to > >>>>>>>>>>>>>>> keycloak, because that would interrupt the flow that we > >>>>> designed. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> On Wed, Jul 16, 2014 at 4:39 PM, Bill Burke < > >>>>> bburke at redhat.com > > >>>>>>>>>> wrote: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> http://docs.jboss.org/ keycloak/docs/1.0-beta-3/ > >>>>>>>>>>>>>>> userguide/html/direct-access- grants.html > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> If you have to do it this way, please let us know why. > >>>>> Maybe we > >>>>>>>>>>>>>>> can > >>>>>>>>>>>>>> solve the > >>>>>>>>>>>>>>> issue within keycloak itself. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> On 7/16/2014 3:35 PM, Rodrigo Sasaki wrote: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Just for the sake of conversation, if I did want to handle > >>>>> my own > >>>>>>>>>> login > >>>>>>>>>>>>>>> page, would there be a way for me to do it? > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> On Tue, Jul 15, 2014 at 2:35 PM, Rodrigo Sasaki > >>>>>>>>>>>>>>> < rodrigopsasaki at gmail.com >>>>> com >> > >>>>>>>>>> wrote: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> I don't want to miss out on all of that, which is why we're > >>>>> mostly > >>>>>>>>>>>>>>> migrating everything to use keycloak that way. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> It's just that we have cases that are so specific, that it > >>>>> would > >>>>>>>>>>>>>>> be > >>>>>>>>>>>>>>> better to authenticate the user in a different manner, > >>>>> create the > >>>>>>>>>>>>>>> user session and everything, without redirecting. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> I'll have a look at that code. Thanks! > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> On Tue, Jul 15, 2014 at 2:19 PM, Bill Burke < > >>>>> bburke at redhat.com > >>>>>>>>>>>>>>> > wrote: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> If you want to handle your own login pages, IMO, you are > >>>>> missing > >>>>>>>>>>>>>>> out on > >>>>>>>>>>>>>>> a lot of Keycloak features. Specifically: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> * SSO > >>>>>>>>>>>>>>> * forgot password > >>>>>>>>>>>>>>> * admin forced credential reset/setup > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Login pages can be styled however you like to look like your > >>>>>>>>>>>>>>> application. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> There is a REST api for obtaining an access token. Here is > >>>>> an > >>>>>>>>>>>>>>> example: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> https://github.com/keycloak/ keycloak/blob/master/examples/ > >>>>>>>>>>>>>>> demo-template/admin-access- app/src/main/java/org/ > >>>>>>>>>>>>>>> keycloak/example/AdminClient. java > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> On 7/15/2014 12:36 PM, Rodrigo Sasaki wrote: > >>>>>>>>>>>>>>>> Is there a way to authenticate the user without having to > >>>>>>>>>>>>>>> input username > >>>>>>>>>>>>>>>> and password on the login page? > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> For example: > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Say there's a situation in my application where I request > >>>>> the > >>>>>>>>>>>>>>> user for > >>>>>>>>>>>>>>>> his username and password, and I wouldn't like to redirect > >>>>>>>>>>>>>>> that to the > >>>>>>>>>>>>>>>> keycloak login page to authenticate him, would there be a > >>>>> way > >>>>>>>>>>>>>>> for me to > >>>>>>>>>>>>>>>> do that? > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> -- > >>>>>>>>>>>>>>>> Rodrigo Sasaki > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> ______________________________ _________________ > >>>>>>>>>>>>>>>> keycloak-user mailing list > >>>>>>>>>>>>>>>> keycloak-user at lists.jboss.org > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> -- > >>>>>>>>>>>>>>> Bill Burke > >>>>>>>>>>>>>>> JBoss, a division of Red Hat > >>>>>>>>>>>>>>> http://bill.burkecentral.com > >>>>>>>>>>>>>>> ______________________________ _________________ > >>>>>>>>>>>>>>> keycloak-user mailing list > >>>>>>>>>>>>>>> keycloak-user at lists.jboss.org >>>>>>>>>> jboss.org > > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> https://lists.jboss.org/ mailman/listinfo/keycloak-user > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> -- > >>>>>>>>>>>>>>> Rodrigo Sasaki > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> -- > >>>>>>>>>>>>>>> Rodrigo Sasaki > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> -- > >>>>>>>>>>>>>>> Bill Burke > >>>>>>>>>>>>>>> JBoss, a division of Red Hat > >>>>>>>>>>>>>>> http://bill.burkecentral.com > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> -- > >>>>>>>>>>>>>>> Rodrigo Sasaki > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> -- > >>>>>>>>>>>>>>> Rodrigo Sasaki > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> _______________________________________________ > >>>>>>>>>>>>>>> keycloak-user mailing list > >>>>>>>>>>>>>>> keycloak-user at lists.jboss.org > >>>>>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user > >>>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> -- > >>>>>>>>>>>>> Rodrigo Sasaki > >>>>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> -- > >>>>>>>>>>> Bill Burke > >>>>>>>>>>> JBoss, a division of Red Hat > >>>>>>>>>>> http://bill.burkecentral.com > >>>>>>>>>>> > >>>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> -- > >>>>>>>>> Rodrigo Sasaki > >>>>>>>>> > >>>>>>> > >>>>>>> -- > >>>>>>> Bill Burke > >>>>>>> JBoss, a division of Red Hat > >>>>>>> http://bill.burkecentral.com > >>>>>>> > >>>>>> _______________________________________________ > >>>>>> keycloak-user mailing list > >>>>>> keycloak-user at lists.jboss.org > >>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user > >>>>>> > >>>>> _______________________________________________ > >>>>> keycloak-user mailing list > >>>>> keycloak-user at lists.jboss.org > >>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user > >>>>> > >>>> > >>>> > >>>> > >>>> -- > >>>> Rodrigo Sasaki > >>>> > >>> > >>> > >>> > >>> -- > >>> Rodrigo Sasaki > >>> > >> > >> > >> > >> -- > >> Rodrigo Sasaki > >> > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > From vivsriva at cisco.com Wed Jul 30 14:24:37 2014 From: vivsriva at cisco.com (Vivek Srivastav (vivsriva)) Date: Wed, 30 Jul 2014 18:24:37 +0000 Subject: [keycloak-user] Implicit client login problem In-Reply-To: <1600374303.20275923.1406711064147.JavaMail.zimbra@redhat.com> References: <1600374303.20275923.1406711064147.JavaMail.zimbra@redhat.com> Message-ID: Hi Stian, Thanks. I got it working. A new cli client with META-INF/keycloak.json file fixed the problem. I manually created the realm. Appreciate your help. Kind Regards, Vivek On 7/30/14, 5:04 AM, "Stian Thorgersen" wrote: >Looks like the pub-key in customer-portal-cli doesn't match the pub-key >for the realm. > >Did you import the testrealm.json from the example, or manually create >the realm? > >----- Original Message ----- >> From: "Vivek Srivastav (vivsriva)" >> To: keycloak-user at lists.jboss.org >> Sent: Tuesday, 29 July, 2014 8:05:14 PM >> Subject: [keycloak-user] Implicit client login problem >> >> I am trying to get the customer-portal-cli to work >> >> customer-portal-cli has the following configuration: >> >> access type: public >> redirect URL: http://localhost >> >> Keycloak Environment: >> >> >> 1.0-beta-3 >> >> The app is able to launch a browser, obtain the code, but I am getting >> invalid token signature. Following is the jboss log: >> >> >> >> 14:53:40,883 INFO [org.keycloak.services.resources.TokenService] >> (http-/127.0.0.1:8080-8) no authorization header >> >> 14:53:40,891 INFO [org.keycloak.audit] (http-/127.0.0.1:8080-8) >> event=CODE_TO_TOKEN, realmId=bd1320b5-7601-4056-8e30-4839f5bfdf8b, >> clientId=customer-portal-cli, >>userId=13598dc1-61d5-42e8-a6b1-86595548b384, >> ipAddress=127.0.0.1, >>refresh_token_id=784df1b7-8d6e-44de-80d7-b3ce44317007, >> code_id=d0ae1bc2-f66c-4d44-9a48-72059f5463f81406660020834, >> token_id=8170b67d-888f-4770-a4fd-691ece674214 >> >> >> >> >> Commands: >> >> login - login with desktop browser if available, otherwise do manual >>login >> >> login-manual - manual login >> >> login-desktop - desktop login >> >> token - show token details >> >> id-token - show ID token details >> >> profile - retrieve user profile >> >> customers - retrieve customers listing >> >> refresh - refresh token >> >> exit - exit >> >> >> >> >> $ login >> >> >> >> >> Invalid token signature. >> >> Appreciate any help. >> >> Kind Regards, >> Vivek >> >> >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user From viniciusnaka at gmail.com Wed Jul 30 14:26:38 2014 From: viniciusnaka at gmail.com (Vinicius Nakayama) Date: Wed, 30 Jul 2014 15:26:38 -0300 Subject: [keycloak-user] Keycloak - Create Theme Message-ID: Hello guys, I'm developer and I am using the keycloak in my project. I'd like use my layout. I saw in documentation that is necessary create folder in the Jboss(.../standalone/configuration/themes/). That's all right, but I noticed that in selection themes(My Realm -> General -> Settings -> Optional Settings) the option from my theme not appear. It is correct? Or the option it should show? I'd also like know what is the best practice to create a new theme? Thanks in advance. Kind regards, Vinicius Nakayama -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140730/8e1ac552/attachment.html From vivsriva at cisco.com Wed Jul 30 15:35:41 2014 From: vivsriva at cisco.com (Vivek Srivastav (vivsriva)) Date: Wed, 30 Jul 2014 19:35:41 +0000 Subject: [keycloak-user] Disabling totp Message-ID: Hi, I enabled the totp for my realm but unable to remove the config. Even when I have removed the ?totp? from Realm Credential Settings, the login process keeps asking for OTP. How do I disable it. Kind Regards, Vivek -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140730/9e99c96c/attachment.html From stian at redhat.com Thu Jul 31 05:17:55 2014 From: stian at redhat.com (Stian Thorgersen) Date: Thu, 31 Jul 2014 05:17:55 -0400 (EDT) Subject: [keycloak-user] Disabling totp In-Reply-To: References: Message-ID: <270330203.21167958.1406798275732.JavaMail.zimbra@redhat.com> Hi Vivek, At login if totp is required for a realm the users account is checked to see if totp is configured. If it's not configured a required-action to enable totp is added to the account. After you remove the totp requirement for the realm any users that have previously tried to login while it was on will still have this required-action associated with their account. This can be removed in two ways: 1. Through the admin console you can remove the totp required action from each user 2. A user can enable totp, then remove it again afterwards ----- Original Message ----- > From: "Vivek Srivastav (vivsriva)" > To: keycloak-user at lists.jboss.org > Sent: Wednesday, 30 July, 2014 8:35:41 PM > Subject: [keycloak-user] Disabling totp > > Hi, > I enabled the totp for my realm but unable to remove the config. Even when I > have removed the ?totp? from Realm Credential Settings, the login process > keeps asking for OTP. > How do I disable it. > Kind Regards, > Vivek > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user From stian at redhat.com Thu Jul 31 05:26:41 2014 From: stian at redhat.com (Stian Thorgersen) Date: Thu, 31 Jul 2014 05:26:41 -0400 (EDT) Subject: [keycloak-user] Keycloak - Create Theme In-Reply-To: References: Message-ID: <2070128413.21173365.1406798801218.JavaMail.zimbra@redhat.com> There are several different types of themes (for example login forms and emails). If you're creating a login theme (to style the login and registration screens) you need to create the theme in standalone/configuration/themes/login. It also needs a theme.properties file. The simplest way to get started would be to look at the example sunrise theme and modify this theme. First step is to copy the theme to a new folder in themes/login: cp /examples/themes/login/sunrise /standalone/configuration/themes/login/ We have tried to keep our html templates as stylable as possible so hopefully you'll be able to achieve what you want with just css. You can also change individual labels by adding a messages.properties file (you don't need to override all labels, you can just add those you want to change, look at standalone/configuration/themes/login/base/messages/messages.properties for a reference). Beyond that we do have the capability of overriding the html templates as well (look at standalone/configuration/themes/login/base/*.ftl for a reference, you can override individual files by copying them to your theme and changing there). ----- Original Message ----- > From: "Vinicius Nakayama" > To: keycloak-user at lists.jboss.org > Sent: Wednesday, 30 July, 2014 7:26:38 PM > Subject: [keycloak-user] Keycloak - Create Theme > > Hello guys, > > I'm developer and I am using the keycloak in my project. > I'd like use my layout. I saw in documentation that is necessary create > folder in the Jboss(.../standalone/configuration/themes/). That's all right, > but I noticed that in selection themes(My Realm -> General -> Settings -> > Optional Settings) the option from my theme not appear. It is correct? Or > the option it should show? > I'd also like know what is the best practice to create a new theme? > > Thanks in advance. > > Kind regards, > > Vinicius Nakayama > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user From stian at redhat.com Thu Jul 31 05:49:41 2014 From: stian at redhat.com (Stian Thorgersen) Date: Thu, 31 Jul 2014 05:49:41 -0400 (EDT) Subject: [keycloak-user] Bower for keycloak.js In-Reply-To: References: <1190102066.2999055.1404392919878.JavaMail.zimbra@redhat.com> <992945221.9491639.1405336255468.JavaMail.zimbra@redhat.com> Message-ID: <1530746411.21182105.1406800181152.JavaMail.zimbra@redhat.com> I think you got the 403 due to it already being registered. There should be two versions available 1.0-beta3 and 1.0-beta4-pre. Once we release 1.0.final it'll be tagged as 1.0. The 1.0-beta3 syntax should work as jQuery uses it ;) ----- Original Message ----- > From: "Joshua Bellamy-Henn" > To: "Stian Thorgersen" > Cc: "Josh" , keycloak-user at lists.jboss.org > Sent: Wednesday, 30 July, 2014 9:13:21 PM > Subject: Re: [keycloak-user] Bower for keycloak.js > > So I've tried to register this package for you guys using bower: > > ~/play/keycloak-js-bower master 14:08:22 > > $ bower register keycloak git://github.com/keycloak/keycloak-js-bower.git > > bower keycloak#* resolve git:// > github.com/keycloak/keycloak-js-bower.git#* > > bower keycloak#* checkout master > > bower keycloak#* resolved git:// > github.com/keycloak/keycloak-js-bower.git#923dccb251 > > [?] Registering a package will make it installable via the registry ( > https://bower.herokuapp.com), continue? Yes > > bower keycloak register git:// > github.com/keycloak/keycloak-js-bower.git > > bower EUNKNOWN Unknown error: 403 > > > I am afraid this could be due to the version number possibly being in an > incorrect format. > > > On Mon, Jul 14, 2014 at 10:46 AM, Joshua Bellamy-Henn > wrote: > > > I removed the "keycloak" package, the name should be open for registration > > now. > > > > Still bit skeptical it will accept anything other than "x.x.x" notation > > for versioning but give it a try. :) > > > > - Josh > > > > > > On Mon, Jul 14, 2014 at 5:10 AM, Stian Thorgersen > > wrote: > > > >> Have you contacted the Bower guys to get this changed yet? > >> > >> By the way we're going to stick with the same versioning that we use for > >> Keycloak except we'll remove -final from the final release. So versions > >> would be: > >> > >> 1.0-beta4 > >> 1.0-rc1 > >> 1.0 > >> > >> That should mean that versions such as ">=1.0" will work, and will only > >> use stable versions, while if someone wants to use a beta or rc they can > >> explicitly specify the version. > >> > >> ----- Original Message ----- > >> > From: "Josh" > >> > To: "Stian Thorgersen" > >> > Cc: keycloak-user at lists.jboss.org > >> > Sent: Thursday, 3 July, 2014 4:46:09 PM > >> > Subject: Re: [keycloak-user] Bower for keycloak.js > >> > > >> > I do think there is a problem using that version format, I think I > >> tried it > >> > originally and bower was having none of it. This could be because they > >> use > >> > version for auto upgrade purposes, where one can use a "~" character to > >> > prefix the version to allow upgrades in version minors in the bower.json > >> > file. > >> > > >> > eg. > >> > "dependencies": { > >> > "keycloak": "~0.3.12" > >> > }, > >> > > >> > > >> > I have to admit I've been pulled to the dark side a little bit, it do > >> enjoy > >> > npm / bower for doing javascript type build processes (sometimes a > >> > necessary evil). I was never a a fan of 'grunt' but found that 'gulp' > >> is > >> > much better. I have a hybrid build process in my java apps where I > >> > sometimes break out of maven to execute some gulp build processes. > >> > > >> > But I understand for project like keycloak 'npm / gulp' adds a lot of > >> > complexity to build process and is not desirable. > >> > > >> > I'll talk to the bower guys to get keycloak switched over to your fork > >> :D > >> > > >> > > >> > > >> > On Thu, Jul 3, 2014 at 7:08 AM, Stian Thorgersen > >> wrote: > >> > > >> > > I've pulled in your stuff to > >> https://github.com/keycloak/keycloak-js-bower > >> > > > >> > > I'd prefer the versions to match with Keycloak versions (1.0-beta-2, > >> > > 1.0-beta-3, 1.0-final). Do you know if that'll be a problem? > >> > > > >> > > Also, I'm going to add minification of keycloak.js to our Maven build. > >> > > We'll need it there as well + we're mainly Java/Maven guys ;) > >> > > > >> > > ----- Original Message ----- > >> > > > From: "Josh" > >> > > > To: "Stian Thorgersen" > >> > > > Cc: keycloak-user at lists.jboss.org > >> > > > Sent: Monday, 23 June, 2014 10:38:44 PM > >> > > > Subject: Re: [keycloak-user] Bower for keycloak.js > >> > > > > >> > > > Looks like it's a manual process at the moment to get registry > >> moved to a > >> > > > different github endpont. Let me know when you have the project > >> setup > >> > > and > >> > > > I'll contact the bower guys. > >> > > > > >> > > > - Josh > >> > > > > >> > > > > >> > > > On Mon, Jun 23, 2014 at 12:56 PM, Josh wrote: > >> > > > > >> > > > > You bet, I actually had the thought that it would be better as > >> part of > >> > > the > >> > > > > release cycle. I'll have to figure out how to transfer bower > >> > > repositories > >> > > > > because there was no login required to register a bower repo and > >> > > currently > >> > > > > I have taken "keycloak" which would be optimal for the project. > >> > > > > > >> > > > > > >> > > > > On Mon, Jun 23, 2014 at 2:40 AM, Stian Thorgersen < > >> stian at redhat.com> > >> > > > > wrote: > >> > > > > > >> > > > >> Hi Josh, > >> > > > >> > >> > > > >> That's great - thanks for contributing this. I would like to > >> transfer > >> > > > >> this to https://github.com/keycloak though, I hope your happy > >> with > >> > > that. > >> > > > >> > >> > > > >> Thanks, > >> > > > >> Stian > >> > > > >> > >> > > > >> ----- Original Message ----- > >> > > > >> > From: "Josh" > >> > > > >> > To: keycloak-user at lists.jboss.org > >> > > > >> > Sent: Friday, 20 June, 2014 6:30:02 PM > >> > > > >> > Subject: [keycloak-user] Bower for keycloak.js > >> > > > >> > > >> > > > >> > Hi guys, > >> > > > >> > > >> > > > >> > I have created a little github project to make keycloak.js > >> > > available to > >> > > > >> bower > >> > > > >> > package manager . > >> > > > >> > > >> > > > >> > Project here: > >> > > > >> > https://github.com/smysnk/keycloak-adapter-bower > >> > > > >> > > >> > > > >> > Usage: > >> > > > >> > $ bower install keycloak > >> > > > >> > > >> > > > >> > - Josh > >> > > > >> > > >> > > > >> > > >> > > > >> > _______________________________________________ > >> > > > >> > keycloak-user mailing list > >> > > > >> > keycloak-user at lists.jboss.org > >> > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > >> > > > >> > >> > > > > > >> > > > > > >> > > > > >> > > > >> > > >> > > > > > From vivsriva at cisco.com Thu Jul 31 07:53:16 2014 From: vivsriva at cisco.com (Vivek Srivastav (vivsriva)) Date: Thu, 31 Jul 2014 11:53:16 +0000 Subject: [keycloak-user] Disabling totp In-Reply-To: <270330203.21167958.1406798275732.JavaMail.zimbra@redhat.com> References: <270330203.21167958.1406798275732.JavaMail.zimbra@redhat.com> Message-ID: Hi Stian, Thanks. Yes that makes sense that totp is a user level setting. I have it working. Kind Regards, Vivek On 7/31/14, 5:17 AM, "Stian Thorgersen" wrote: >Hi Vivek, > >At login if totp is required for a realm the users account is checked to >see if totp is configured. If it's not configured a required-action to >enable totp is added to the account. > >After you remove the totp requirement for the realm any users that have >previously tried to login while it was on will still have this >required-action associated with their account. This can be removed in two >ways: > >1. Through the admin console you can remove the totp required action from >each user >2. A user can enable totp, then remove it again afterwards > >----- Original Message ----- >> From: "Vivek Srivastav (vivsriva)" >> To: keycloak-user at lists.jboss.org >> Sent: Wednesday, 30 July, 2014 8:35:41 PM >> Subject: [keycloak-user] Disabling totp >> >> Hi, >> I enabled the totp for my realm but unable to remove the config. Even >>when I >> have removed the ?totp? from Realm Credential Settings, the login >>process >> keeps asking for OTP. >> How do I disable it. >> Kind Regards, >> Vivek >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user From josh at psidox.com Thu Jul 31 11:29:49 2014 From: josh at psidox.com (Joshua Bellamy-Henn) Date: Thu, 31 Jul 2014 09:29:49 -0600 Subject: [keycloak-user] Bower for keycloak.js In-Reply-To: <1530746411.21182105.1406800181152.JavaMail.zimbra@redhat.com> References: <1190102066.2999055.1404392919878.JavaMail.zimbra@redhat.com> <992945221.9491639.1405336255468.JavaMail.zimbra@redhat.com> <1530746411.21182105.1406800181152.JavaMail.zimbra@redhat.com> Message-ID: I went through the deletion process so shouldn't be registered anymore. On Thu, Jul 31, 2014 at 3:49 AM, Stian Thorgersen wrote: > I think you got the 403 due to it already being registered. > > There should be two versions available 1.0-beta3 and 1.0-beta4-pre. Once > we release 1.0.final it'll be tagged as 1.0. The 1.0-beta3 syntax should > work as jQuery uses it ;) > > ----- Original Message ----- > > From: "Joshua Bellamy-Henn" > > To: "Stian Thorgersen" > > Cc: "Josh" , keycloak-user at lists.jboss.org > > Sent: Wednesday, 30 July, 2014 9:13:21 PM > > Subject: Re: [keycloak-user] Bower for keycloak.js > > > > So I've tried to register this package for you guys using bower: > > > > ~/play/keycloak-js-bower master 14:08:22 > > > > $ bower register keycloak git:// > github.com/keycloak/keycloak-js-bower.git > > > > bower keycloak#* resolve git:// > > github.com/keycloak/keycloak-js-bower.git#* > > > > bower keycloak#* checkout master > > > > bower keycloak#* resolved git:// > > github.com/keycloak/keycloak-js-bower.git#923dccb251 > > > > [?] Registering a package will make it installable via the registry ( > > https://bower.herokuapp.com), continue? Yes > > > > bower keycloak register git:// > > github.com/keycloak/keycloak-js-bower.git > > > > bower EUNKNOWN Unknown error: 403 > > > > > > I am afraid this could be due to the version number possibly being in an > > incorrect format. > > > > > > On Mon, Jul 14, 2014 at 10:46 AM, Joshua Bellamy-Henn > > wrote: > > > > > I removed the "keycloak" package, the name should be open for > registration > > > now. > > > > > > Still bit skeptical it will accept anything other than "x.x.x" notation > > > for versioning but give it a try. :) > > > > > > - Josh > > > > > > > > > On Mon, Jul 14, 2014 at 5:10 AM, Stian Thorgersen > > > wrote: > > > > > >> Have you contacted the Bower guys to get this changed yet? > > >> > > >> By the way we're going to stick with the same versioning that we use > for > > >> Keycloak except we'll remove -final from the final release. So > versions > > >> would be: > > >> > > >> 1.0-beta4 > > >> 1.0-rc1 > > >> 1.0 > > >> > > >> That should mean that versions such as ">=1.0" will work, and will > only > > >> use stable versions, while if someone wants to use a beta or rc they > can > > >> explicitly specify the version. > > >> > > >> ----- Original Message ----- > > >> > From: "Josh" > > >> > To: "Stian Thorgersen" > > >> > Cc: keycloak-user at lists.jboss.org > > >> > Sent: Thursday, 3 July, 2014 4:46:09 PM > > >> > Subject: Re: [keycloak-user] Bower for keycloak.js > > >> > > > >> > I do think there is a problem using that version format, I think I > > >> tried it > > >> > originally and bower was having none of it. This could be because > they > > >> use > > >> > version for auto upgrade purposes, where one can use a "~" > character to > > >> > prefix the version to allow upgrades in version minors in the > bower.json > > >> > file. > > >> > > > >> > eg. > > >> > "dependencies": { > > >> > "keycloak": "~0.3.12" > > >> > }, > > >> > > > >> > > > >> > I have to admit I've been pulled to the dark side a little bit, it > do > > >> enjoy > > >> > npm / bower for doing javascript type build processes (sometimes a > > >> > necessary evil). I was never a a fan of 'grunt' but found that > 'gulp' > > >> is > > >> > much better. I have a hybrid build process in my java apps where I > > >> > sometimes break out of maven to execute some gulp build processes. > > >> > > > >> > But I understand for project like keycloak 'npm / gulp' adds a lot > of > > >> > complexity to build process and is not desirable. > > >> > > > >> > I'll talk to the bower guys to get keycloak switched over to your > fork > > >> :D > > >> > > > >> > > > >> > > > >> > On Thu, Jul 3, 2014 at 7:08 AM, Stian Thorgersen > > >> wrote: > > >> > > > >> > > I've pulled in your stuff to > > >> https://github.com/keycloak/keycloak-js-bower > > >> > > > > >> > > I'd prefer the versions to match with Keycloak versions > (1.0-beta-2, > > >> > > 1.0-beta-3, 1.0-final). Do you know if that'll be a problem? > > >> > > > > >> > > Also, I'm going to add minification of keycloak.js to our Maven > build. > > >> > > We'll need it there as well + we're mainly Java/Maven guys ;) > > >> > > > > >> > > ----- Original Message ----- > > >> > > > From: "Josh" > > >> > > > To: "Stian Thorgersen" > > >> > > > Cc: keycloak-user at lists.jboss.org > > >> > > > Sent: Monday, 23 June, 2014 10:38:44 PM > > >> > > > Subject: Re: [keycloak-user] Bower for keycloak.js > > >> > > > > > >> > > > Looks like it's a manual process at the moment to get registry > > >> moved to a > > >> > > > different github endpont. Let me know when you have the project > > >> setup > > >> > > and > > >> > > > I'll contact the bower guys. > > >> > > > > > >> > > > - Josh > > >> > > > > > >> > > > > > >> > > > On Mon, Jun 23, 2014 at 12:56 PM, Josh > wrote: > > >> > > > > > >> > > > > You bet, I actually had the thought that it would be better as > > >> part of > > >> > > the > > >> > > > > release cycle. I'll have to figure out how to transfer bower > > >> > > repositories > > >> > > > > because there was no login required to register a bower repo > and > > >> > > currently > > >> > > > > I have taken "keycloak" which would be optimal for the > project. > > >> > > > > > > >> > > > > > > >> > > > > On Mon, Jun 23, 2014 at 2:40 AM, Stian Thorgersen < > > >> stian at redhat.com> > > >> > > > > wrote: > > >> > > > > > > >> > > > >> Hi Josh, > > >> > > > >> > > >> > > > >> That's great - thanks for contributing this. I would like to > > >> transfer > > >> > > > >> this to https://github.com/keycloak though, I hope your > happy > > >> with > > >> > > that. > > >> > > > >> > > >> > > > >> Thanks, > > >> > > > >> Stian > > >> > > > >> > > >> > > > >> ----- Original Message ----- > > >> > > > >> > From: "Josh" > > >> > > > >> > To: keycloak-user at lists.jboss.org > > >> > > > >> > Sent: Friday, 20 June, 2014 6:30:02 PM > > >> > > > >> > Subject: [keycloak-user] Bower for keycloak.js > > >> > > > >> > > > >> > > > >> > Hi guys, > > >> > > > >> > > > >> > > > >> > I have created a little github project to make keycloak.js > > >> > > available to > > >> > > > >> bower > > >> > > > >> > package manager . > > >> > > > >> > > > >> > > > >> > Project here: > > >> > > > >> > https://github.com/smysnk/keycloak-adapter-bower > > >> > > > >> > > > >> > > > >> > Usage: > > >> > > > >> > $ bower install keycloak > > >> > > > >> > > > >> > > > >> > - Josh > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > _______________________________________________ > > >> > > > >> > keycloak-user mailing list > > >> > > > >> > keycloak-user at lists.jboss.org > > >> > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > >> > > > >> > > >> > > > > > > >> > > > > > > >> > > > > > >> > > > > >> > > > >> > > > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140731/86de9573/attachment.html From stian at redhat.com Thu Jul 31 12:36:07 2014 From: stian at redhat.com (Stian Thorgersen) Date: Thu, 31 Jul 2014 12:36:07 -0400 (EDT) Subject: [keycloak-user] Bower for keycloak.js In-Reply-To: References: <1190102066.2999055.1404392919878.JavaMail.zimbra@redhat.com> <992945221.9491639.1405336255468.JavaMail.zimbra@redhat.com> <1530746411.21182105.1406800181152.JavaMail.zimbra@redhat.com> Message-ID: <247430225.21537460.1406824567593.JavaMail.zimbra@redhat.com> I re-registered it after that though ----- Original Message ----- > From: "Joshua Bellamy-Henn" > To: "Stian Thorgersen" > Cc: "Josh" , keycloak-user at lists.jboss.org > Sent: Thursday, 31 July, 2014 4:29:49 PM > Subject: Re: [keycloak-user] Bower for keycloak.js > > I went through the deletion process so shouldn't be registered anymore. > > > On Thu, Jul 31, 2014 at 3:49 AM, Stian Thorgersen wrote: > > > I think you got the 403 due to it already being registered. > > > > There should be two versions available 1.0-beta3 and 1.0-beta4-pre. Once > > we release 1.0.final it'll be tagged as 1.0. The 1.0-beta3 syntax should > > work as jQuery uses it ;) > > > > ----- Original Message ----- > > > From: "Joshua Bellamy-Henn" > > > To: "Stian Thorgersen" > > > Cc: "Josh" , keycloak-user at lists.jboss.org > > > Sent: Wednesday, 30 July, 2014 9:13:21 PM > > > Subject: Re: [keycloak-user] Bower for keycloak.js > > > > > > So I've tried to register this package for you guys using bower: > > > > > > ~/play/keycloak-js-bower master 14:08:22 > > > > > > $ bower register keycloak git:// > > github.com/keycloak/keycloak-js-bower.git > > > > > > bower keycloak#* resolve git:// > > > github.com/keycloak/keycloak-js-bower.git#* > > > > > > bower keycloak#* checkout master > > > > > > bower keycloak#* resolved git:// > > > github.com/keycloak/keycloak-js-bower.git#923dccb251 > > > > > > [?] Registering a package will make it installable via the registry ( > > > https://bower.herokuapp.com), continue? Yes > > > > > > bower keycloak register git:// > > > github.com/keycloak/keycloak-js-bower.git > > > > > > bower EUNKNOWN Unknown error: 403 > > > > > > > > > I am afraid this could be due to the version number possibly being in an > > > incorrect format. > > > > > > > > > On Mon, Jul 14, 2014 at 10:46 AM, Joshua Bellamy-Henn > > > wrote: > > > > > > > I removed the "keycloak" package, the name should be open for > > registration > > > > now. > > > > > > > > Still bit skeptical it will accept anything other than "x.x.x" notation > > > > for versioning but give it a try. :) > > > > > > > > - Josh > > > > > > > > > > > > On Mon, Jul 14, 2014 at 5:10 AM, Stian Thorgersen > > > > wrote: > > > > > > > >> Have you contacted the Bower guys to get this changed yet? > > > >> > > > >> By the way we're going to stick with the same versioning that we use > > for > > > >> Keycloak except we'll remove -final from the final release. So > > versions > > > >> would be: > > > >> > > > >> 1.0-beta4 > > > >> 1.0-rc1 > > > >> 1.0 > > > >> > > > >> That should mean that versions such as ">=1.0" will work, and will > > only > > > >> use stable versions, while if someone wants to use a beta or rc they > > can > > > >> explicitly specify the version. > > > >> > > > >> ----- Original Message ----- > > > >> > From: "Josh" > > > >> > To: "Stian Thorgersen" > > > >> > Cc: keycloak-user at lists.jboss.org > > > >> > Sent: Thursday, 3 July, 2014 4:46:09 PM > > > >> > Subject: Re: [keycloak-user] Bower for keycloak.js > > > >> > > > > >> > I do think there is a problem using that version format, I think I > > > >> tried it > > > >> > originally and bower was having none of it. This could be because > > they > > > >> use > > > >> > version for auto upgrade purposes, where one can use a "~" > > character to > > > >> > prefix the version to allow upgrades in version minors in the > > bower.json > > > >> > file. > > > >> > > > > >> > eg. > > > >> > "dependencies": { > > > >> > "keycloak": "~0.3.12" > > > >> > }, > > > >> > > > > >> > > > > >> > I have to admit I've been pulled to the dark side a little bit, it > > do > > > >> enjoy > > > >> > npm / bower for doing javascript type build processes (sometimes a > > > >> > necessary evil). I was never a a fan of 'grunt' but found that > > 'gulp' > > > >> is > > > >> > much better. I have a hybrid build process in my java apps where I > > > >> > sometimes break out of maven to execute some gulp build processes. > > > >> > > > > >> > But I understand for project like keycloak 'npm / gulp' adds a lot > > of > > > >> > complexity to build process and is not desirable. > > > >> > > > > >> > I'll talk to the bower guys to get keycloak switched over to your > > fork > > > >> :D > > > >> > > > > >> > > > > >> > > > > >> > On Thu, Jul 3, 2014 at 7:08 AM, Stian Thorgersen > > > >> wrote: > > > >> > > > > >> > > I've pulled in your stuff to > > > >> https://github.com/keycloak/keycloak-js-bower > > > >> > > > > > >> > > I'd prefer the versions to match with Keycloak versions > > (1.0-beta-2, > > > >> > > 1.0-beta-3, 1.0-final). Do you know if that'll be a problem? > > > >> > > > > > >> > > Also, I'm going to add minification of keycloak.js to our Maven > > build. > > > >> > > We'll need it there as well + we're mainly Java/Maven guys ;) > > > >> > > > > > >> > > ----- Original Message ----- > > > >> > > > From: "Josh" > > > >> > > > To: "Stian Thorgersen" > > > >> > > > Cc: keycloak-user at lists.jboss.org > > > >> > > > Sent: Monday, 23 June, 2014 10:38:44 PM > > > >> > > > Subject: Re: [keycloak-user] Bower for keycloak.js > > > >> > > > > > > >> > > > Looks like it's a manual process at the moment to get registry > > > >> moved to a > > > >> > > > different github endpont. Let me know when you have the project > > > >> setup > > > >> > > and > > > >> > > > I'll contact the bower guys. > > > >> > > > > > > >> > > > - Josh > > > >> > > > > > > >> > > > > > > >> > > > On Mon, Jun 23, 2014 at 12:56 PM, Josh > > wrote: > > > >> > > > > > > >> > > > > You bet, I actually had the thought that it would be better as > > > >> part of > > > >> > > the > > > >> > > > > release cycle. I'll have to figure out how to transfer bower > > > >> > > repositories > > > >> > > > > because there was no login required to register a bower repo > > and > > > >> > > currently > > > >> > > > > I have taken "keycloak" which would be optimal for the > > project. > > > >> > > > > > > > >> > > > > > > > >> > > > > On Mon, Jun 23, 2014 at 2:40 AM, Stian Thorgersen < > > > >> stian at redhat.com> > > > >> > > > > wrote: > > > >> > > > > > > > >> > > > >> Hi Josh, > > > >> > > > >> > > > >> > > > >> That's great - thanks for contributing this. I would like to > > > >> transfer > > > >> > > > >> this to https://github.com/keycloak though, I hope your > > happy > > > >> with > > > >> > > that. > > > >> > > > >> > > > >> > > > >> Thanks, > > > >> > > > >> Stian > > > >> > > > >> > > > >> > > > >> ----- Original Message ----- > > > >> > > > >> > From: "Josh" > > > >> > > > >> > To: keycloak-user at lists.jboss.org > > > >> > > > >> > Sent: Friday, 20 June, 2014 6:30:02 PM > > > >> > > > >> > Subject: [keycloak-user] Bower for keycloak.js > > > >> > > > >> > > > > >> > > > >> > Hi guys, > > > >> > > > >> > > > > >> > > > >> > I have created a little github project to make keycloak.js > > > >> > > available to > > > >> > > > >> bower > > > >> > > > >> > package manager . > > > >> > > > >> > > > > >> > > > >> > Project here: > > > >> > > > >> > https://github.com/smysnk/keycloak-adapter-bower > > > >> > > > >> > > > > >> > > > >> > Usage: > > > >> > > > >> > $ bower install keycloak > > > >> > > > >> > > > > >> > > > >> > - Josh > > > >> > > > >> > > > > >> > > > >> > > > > >> > > > >> > _______________________________________________ > > > >> > > > >> > keycloak-user mailing list > > > >> > > > >> > keycloak-user at lists.jboss.org > > > >> > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > >> > > > >> > > > >> > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > >> > > > > > > > > > > > > > > From josh at psidox.com Thu Jul 31 14:10:18 2014 From: josh at psidox.com (Joshua Bellamy-Henn) Date: Thu, 31 Jul 2014 12:10:18 -0600 Subject: [keycloak-user] Bower for keycloak.js In-Reply-To: <247430225.21537460.1406824567593.JavaMail.zimbra@redhat.com> References: <1190102066.2999055.1404392919878.JavaMail.zimbra@redhat.com> <992945221.9491639.1405336255468.JavaMail.zimbra@redhat.com> <1530746411.21182105.1406800181152.JavaMail.zimbra@redhat.com> <247430225.21537460.1406824567593.JavaMail.zimbra@redhat.com> Message-ID: Woot, okay.. just making sure it's working. On Thu, Jul 31, 2014 at 10:36 AM, Stian Thorgersen wrote: > I re-registered it after that though > > ----- Original Message ----- > > From: "Joshua Bellamy-Henn" > > To: "Stian Thorgersen" > > Cc: "Josh" , keycloak-user at lists.jboss.org > > Sent: Thursday, 31 July, 2014 4:29:49 PM > > Subject: Re: [keycloak-user] Bower for keycloak.js > > > > I went through the deletion process so shouldn't be registered anymore. > > > > > > On Thu, Jul 31, 2014 at 3:49 AM, Stian Thorgersen > wrote: > > > > > I think you got the 403 due to it already being registered. > > > > > > There should be two versions available 1.0-beta3 and 1.0-beta4-pre. > Once > > > we release 1.0.final it'll be tagged as 1.0. The 1.0-beta3 syntax > should > > > work as jQuery uses it ;) > > > > > > ----- Original Message ----- > > > > From: "Joshua Bellamy-Henn" > > > > To: "Stian Thorgersen" > > > > Cc: "Josh" , keycloak-user at lists.jboss.org > > > > Sent: Wednesday, 30 July, 2014 9:13:21 PM > > > > Subject: Re: [keycloak-user] Bower for keycloak.js > > > > > > > > So I've tried to register this package for you guys using bower: > > > > > > > > ~/play/keycloak-js-bower master 14:08:22 > > > > > > > > $ bower register keycloak git:// > > > github.com/keycloak/keycloak-js-bower.git > > > > > > > > bower keycloak#* resolve git:// > > > > github.com/keycloak/keycloak-js-bower.git#* > > > > > > > > bower keycloak#* checkout master > > > > > > > > bower keycloak#* resolved git:// > > > > github.com/keycloak/keycloak-js-bower.git#923dccb251 > > > > > > > > [?] Registering a package will make it installable via the registry ( > > > > https://bower.herokuapp.com), continue? Yes > > > > > > > > bower keycloak register git:// > > > > github.com/keycloak/keycloak-js-bower.git > > > > > > > > bower EUNKNOWN Unknown error: 403 > > > > > > > > > > > > I am afraid this could be due to the version number possibly being > in an > > > > incorrect format. > > > > > > > > > > > > On Mon, Jul 14, 2014 at 10:46 AM, Joshua Bellamy-Henn < > josh at psidox.com> > > > > wrote: > > > > > > > > > I removed the "keycloak" package, the name should be open for > > > registration > > > > > now. > > > > > > > > > > Still bit skeptical it will accept anything other than "x.x.x" > notation > > > > > for versioning but give it a try. :) > > > > > > > > > > - Josh > > > > > > > > > > > > > > > On Mon, Jul 14, 2014 at 5:10 AM, Stian Thorgersen < > stian at redhat.com> > > > > > wrote: > > > > > > > > > >> Have you contacted the Bower guys to get this changed yet? > > > > >> > > > > >> By the way we're going to stick with the same versioning that we > use > > > for > > > > >> Keycloak except we'll remove -final from the final release. So > > > versions > > > > >> would be: > > > > >> > > > > >> 1.0-beta4 > > > > >> 1.0-rc1 > > > > >> 1.0 > > > > >> > > > > >> That should mean that versions such as ">=1.0" will work, and will > > > only > > > > >> use stable versions, while if someone wants to use a beta or rc > they > > > can > > > > >> explicitly specify the version. > > > > >> > > > > >> ----- Original Message ----- > > > > >> > From: "Josh" > > > > >> > To: "Stian Thorgersen" > > > > >> > Cc: keycloak-user at lists.jboss.org > > > > >> > Sent: Thursday, 3 July, 2014 4:46:09 PM > > > > >> > Subject: Re: [keycloak-user] Bower for keycloak.js > > > > >> > > > > > >> > I do think there is a problem using that version format, I > think I > > > > >> tried it > > > > >> > originally and bower was having none of it. This could be > because > > > they > > > > >> use > > > > >> > version for auto upgrade purposes, where one can use a "~" > > > character to > > > > >> > prefix the version to allow upgrades in version minors in the > > > bower.json > > > > >> > file. > > > > >> > > > > > >> > eg. > > > > >> > "dependencies": { > > > > >> > "keycloak": "~0.3.12" > > > > >> > }, > > > > >> > > > > > >> > > > > > >> > I have to admit I've been pulled to the dark side a little bit, > it > > > do > > > > >> enjoy > > > > >> > npm / bower for doing javascript type build processes > (sometimes a > > > > >> > necessary evil). I was never a a fan of 'grunt' but found that > > > 'gulp' > > > > >> is > > > > >> > much better. I have a hybrid build process in my java apps > where I > > > > >> > sometimes break out of maven to execute some gulp build > processes. > > > > >> > > > > > >> > But I understand for project like keycloak 'npm / gulp' adds a > lot > > > of > > > > >> > complexity to build process and is not desirable. > > > > >> > > > > > >> > I'll talk to the bower guys to get keycloak switched over to > your > > > fork > > > > >> :D > > > > >> > > > > > >> > > > > > >> > > > > > >> > On Thu, Jul 3, 2014 at 7:08 AM, Stian Thorgersen < > stian at redhat.com> > > > > >> wrote: > > > > >> > > > > > >> > > I've pulled in your stuff to > > > > >> https://github.com/keycloak/keycloak-js-bower > > > > >> > > > > > > >> > > I'd prefer the versions to match with Keycloak versions > > > (1.0-beta-2, > > > > >> > > 1.0-beta-3, 1.0-final). Do you know if that'll be a problem? > > > > >> > > > > > > >> > > Also, I'm going to add minification of keycloak.js to our > Maven > > > build. > > > > >> > > We'll need it there as well + we're mainly Java/Maven guys ;) > > > > >> > > > > > > >> > > ----- Original Message ----- > > > > >> > > > From: "Josh" > > > > >> > > > To: "Stian Thorgersen" > > > > >> > > > Cc: keycloak-user at lists.jboss.org > > > > >> > > > Sent: Monday, 23 June, 2014 10:38:44 PM > > > > >> > > > Subject: Re: [keycloak-user] Bower for keycloak.js > > > > >> > > > > > > > >> > > > Looks like it's a manual process at the moment to get > registry > > > > >> moved to a > > > > >> > > > different github endpont. Let me know when you have the > project > > > > >> setup > > > > >> > > and > > > > >> > > > I'll contact the bower guys. > > > > >> > > > > > > > >> > > > - Josh > > > > >> > > > > > > > >> > > > > > > > >> > > > On Mon, Jun 23, 2014 at 12:56 PM, Josh > > > wrote: > > > > >> > > > > > > > >> > > > > You bet, I actually had the thought that it would be > better as > > > > >> part of > > > > >> > > the > > > > >> > > > > release cycle. I'll have to figure out how to transfer > bower > > > > >> > > repositories > > > > >> > > > > because there was no login required to register a bower > repo > > > and > > > > >> > > currently > > > > >> > > > > I have taken "keycloak" which would be optimal for the > > > project. > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > On Mon, Jun 23, 2014 at 2:40 AM, Stian Thorgersen < > > > > >> stian at redhat.com> > > > > >> > > > > wrote: > > > > >> > > > > > > > > >> > > > >> Hi Josh, > > > > >> > > > >> > > > > >> > > > >> That's great - thanks for contributing this. I would > like to > > > > >> transfer > > > > >> > > > >> this to https://github.com/keycloak though, I hope your > > > happy > > > > >> with > > > > >> > > that. > > > > >> > > > >> > > > > >> > > > >> Thanks, > > > > >> > > > >> Stian > > > > >> > > > >> > > > > >> > > > >> ----- Original Message ----- > > > > >> > > > >> > From: "Josh" > > > > >> > > > >> > To: keycloak-user at lists.jboss.org > > > > >> > > > >> > Sent: Friday, 20 June, 2014 6:30:02 PM > > > > >> > > > >> > Subject: [keycloak-user] Bower for keycloak.js > > > > >> > > > >> > > > > > >> > > > >> > Hi guys, > > > > >> > > > >> > > > > > >> > > > >> > I have created a little github project to make > keycloak.js > > > > >> > > available to > > > > >> > > > >> bower > > > > >> > > > >> > package manager . > > > > >> > > > >> > > > > > >> > > > >> > Project here: > > > > >> > > > >> > https://github.com/smysnk/keycloak-adapter-bower > > > > >> > > > >> > > > > > >> > > > >> > Usage: > > > > >> > > > >> > $ bower install keycloak > > > > >> > > > >> > > > > > >> > > > >> > - Josh > > > > >> > > > >> > > > > > >> > > > >> > > > > > >> > > > >> > _______________________________________________ > > > > >> > > > >> > keycloak-user mailing list > > > > >> > > > >> > keycloak-user at lists.jboss.org > > > > >> > > > >> > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > >> > > > >> > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > > >> > > > > > > >> > > > > > >> > > > > > > > > > > > > > > > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140731/725716d2/attachment.html From josh at psidox.com Thu Jul 31 14:10:52 2014 From: josh at psidox.com (Joshua Bellamy-Henn) Date: Thu, 31 Jul 2014 12:10:52 -0600 Subject: [keycloak-user] Bower for keycloak.js In-Reply-To: References: <1190102066.2999055.1404392919878.JavaMail.zimbra@redhat.com> <992945221.9491639.1405336255468.JavaMail.zimbra@redhat.com> <1530746411.21182105.1406800181152.JavaMail.zimbra@redhat.com> <247430225.21537460.1406824567593.JavaMail.zimbra@redhat.com> Message-ID: I never heard back :P On Thu, Jul 31, 2014 at 12:10 PM, Joshua Bellamy-Henn wrote: > Woot, okay.. just making sure it's working. > > > On Thu, Jul 31, 2014 at 10:36 AM, Stian Thorgersen > wrote: > >> I re-registered it after that though >> >> ----- Original Message ----- >> > From: "Joshua Bellamy-Henn" >> > To: "Stian Thorgersen" >> > Cc: "Josh" , keycloak-user at lists.jboss.org >> > Sent: Thursday, 31 July, 2014 4:29:49 PM >> > Subject: Re: [keycloak-user] Bower for keycloak.js >> > >> > I went through the deletion process so shouldn't be registered anymore. >> > >> > >> > On Thu, Jul 31, 2014 at 3:49 AM, Stian Thorgersen >> wrote: >> > >> > > I think you got the 403 due to it already being registered. >> > > >> > > There should be two versions available 1.0-beta3 and 1.0-beta4-pre. >> Once >> > > we release 1.0.final it'll be tagged as 1.0. The 1.0-beta3 syntax >> should >> > > work as jQuery uses it ;) >> > > >> > > ----- Original Message ----- >> > > > From: "Joshua Bellamy-Henn" >> > > > To: "Stian Thorgersen" >> > > > Cc: "Josh" , keycloak-user at lists.jboss.org >> > > > Sent: Wednesday, 30 July, 2014 9:13:21 PM >> > > > Subject: Re: [keycloak-user] Bower for keycloak.js >> > > > >> > > > So I've tried to register this package for you guys using bower: >> > > > >> > > > ~/play/keycloak-js-bower master 14:08:22 >> > > > >> > > > $ bower register keycloak git:// >> > > github.com/keycloak/keycloak-js-bower.git >> > > > >> > > > bower keycloak#* resolve git:// >> > > > github.com/keycloak/keycloak-js-bower.git#* >> > > > >> > > > bower keycloak#* checkout master >> > > > >> > > > bower keycloak#* resolved git:// >> > > > github.com/keycloak/keycloak-js-bower.git#923dccb251 >> > > > >> > > > [?] Registering a package will make it installable via the registry >> ( >> > > > https://bower.herokuapp.com), continue? Yes >> > > > >> > > > bower keycloak register git:// >> > > > github.com/keycloak/keycloak-js-bower.git >> > > > >> > > > bower EUNKNOWN Unknown error: 403 >> > > > >> > > > >> > > > I am afraid this could be due to the version number possibly being >> in an >> > > > incorrect format. >> > > > >> > > > >> > > > On Mon, Jul 14, 2014 at 10:46 AM, Joshua Bellamy-Henn < >> josh at psidox.com> >> > > > wrote: >> > > > >> > > > > I removed the "keycloak" package, the name should be open for >> > > registration >> > > > > now. >> > > > > >> > > > > Still bit skeptical it will accept anything other than "x.x.x" >> notation >> > > > > for versioning but give it a try. :) >> > > > > >> > > > > - Josh >> > > > > >> > > > > >> > > > > On Mon, Jul 14, 2014 at 5:10 AM, Stian Thorgersen < >> stian at redhat.com> >> > > > > wrote: >> > > > > >> > > > >> Have you contacted the Bower guys to get this changed yet? >> > > > >> >> > > > >> By the way we're going to stick with the same versioning that we >> use >> > > for >> > > > >> Keycloak except we'll remove -final from the final release. So >> > > versions >> > > > >> would be: >> > > > >> >> > > > >> 1.0-beta4 >> > > > >> 1.0-rc1 >> > > > >> 1.0 >> > > > >> >> > > > >> That should mean that versions such as ">=1.0" will work, and >> will >> > > only >> > > > >> use stable versions, while if someone wants to use a beta or rc >> they >> > > can >> > > > >> explicitly specify the version. >> > > > >> >> > > > >> ----- Original Message ----- >> > > > >> > From: "Josh" >> > > > >> > To: "Stian Thorgersen" >> > > > >> > Cc: keycloak-user at lists.jboss.org >> > > > >> > Sent: Thursday, 3 July, 2014 4:46:09 PM >> > > > >> > Subject: Re: [keycloak-user] Bower for keycloak.js >> > > > >> > >> > > > >> > I do think there is a problem using that version format, I >> think I >> > > > >> tried it >> > > > >> > originally and bower was having none of it. This could be >> because >> > > they >> > > > >> use >> > > > >> > version for auto upgrade purposes, where one can use a "~" >> > > character to >> > > > >> > prefix the version to allow upgrades in version minors in the >> > > bower.json >> > > > >> > file. >> > > > >> > >> > > > >> > eg. >> > > > >> > "dependencies": { >> > > > >> > "keycloak": "~0.3.12" >> > > > >> > }, >> > > > >> > >> > > > >> > >> > > > >> > I have to admit I've been pulled to the dark side a little >> bit, it >> > > do >> > > > >> enjoy >> > > > >> > npm / bower for doing javascript type build processes >> (sometimes a >> > > > >> > necessary evil). I was never a a fan of 'grunt' but found that >> > > 'gulp' >> > > > >> is >> > > > >> > much better. I have a hybrid build process in my java apps >> where I >> > > > >> > sometimes break out of maven to execute some gulp build >> processes. >> > > > >> > >> > > > >> > But I understand for project like keycloak 'npm / gulp' adds a >> lot >> > > of >> > > > >> > complexity to build process and is not desirable. >> > > > >> > >> > > > >> > I'll talk to the bower guys to get keycloak switched over to >> your >> > > fork >> > > > >> :D >> > > > >> > >> > > > >> > >> > > > >> > >> > > > >> > On Thu, Jul 3, 2014 at 7:08 AM, Stian Thorgersen < >> stian at redhat.com> >> > > > >> wrote: >> > > > >> > >> > > > >> > > I've pulled in your stuff to >> > > > >> https://github.com/keycloak/keycloak-js-bower >> > > > >> > > >> > > > >> > > I'd prefer the versions to match with Keycloak versions >> > > (1.0-beta-2, >> > > > >> > > 1.0-beta-3, 1.0-final). Do you know if that'll be a problem? >> > > > >> > > >> > > > >> > > Also, I'm going to add minification of keycloak.js to our >> Maven >> > > build. >> > > > >> > > We'll need it there as well + we're mainly Java/Maven guys ;) >> > > > >> > > >> > > > >> > > ----- Original Message ----- >> > > > >> > > > From: "Josh" >> > > > >> > > > To: "Stian Thorgersen" >> > > > >> > > > Cc: keycloak-user at lists.jboss.org >> > > > >> > > > Sent: Monday, 23 June, 2014 10:38:44 PM >> > > > >> > > > Subject: Re: [keycloak-user] Bower for keycloak.js >> > > > >> > > > >> > > > >> > > > Looks like it's a manual process at the moment to get >> registry >> > > > >> moved to a >> > > > >> > > > different github endpont. Let me know when you have the >> project >> > > > >> setup >> > > > >> > > and >> > > > >> > > > I'll contact the bower guys. >> > > > >> > > > >> > > > >> > > > - Josh >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > On Mon, Jun 23, 2014 at 12:56 PM, Josh >> > > wrote: >> > > > >> > > > >> > > > >> > > > > You bet, I actually had the thought that it would be >> better as >> > > > >> part of >> > > > >> > > the >> > > > >> > > > > release cycle. I'll have to figure out how to transfer >> bower >> > > > >> > > repositories >> > > > >> > > > > because there was no login required to register a bower >> repo >> > > and >> > > > >> > > currently >> > > > >> > > > > I have taken "keycloak" which would be optimal for the >> > > project. >> > > > >> > > > > >> > > > >> > > > > >> > > > >> > > > > On Mon, Jun 23, 2014 at 2:40 AM, Stian Thorgersen < >> > > > >> stian at redhat.com> >> > > > >> > > > > wrote: >> > > > >> > > > > >> > > > >> > > > >> Hi Josh, >> > > > >> > > > >> >> > > > >> > > > >> That's great - thanks for contributing this. I would >> like to >> > > > >> transfer >> > > > >> > > > >> this to https://github.com/keycloak though, I hope your >> > > happy >> > > > >> with >> > > > >> > > that. >> > > > >> > > > >> >> > > > >> > > > >> Thanks, >> > > > >> > > > >> Stian >> > > > >> > > > >> >> > > > >> > > > >> ----- Original Message ----- >> > > > >> > > > >> > From: "Josh" >> > > > >> > > > >> > To: keycloak-user at lists.jboss.org >> > > > >> > > > >> > Sent: Friday, 20 June, 2014 6:30:02 PM >> > > > >> > > > >> > Subject: [keycloak-user] Bower for keycloak.js >> > > > >> > > > >> > >> > > > >> > > > >> > Hi guys, >> > > > >> > > > >> > >> > > > >> > > > >> > I have created a little github project to make >> keycloak.js >> > > > >> > > available to >> > > > >> > > > >> bower >> > > > >> > > > >> > package manager . >> > > > >> > > > >> > >> > > > >> > > > >> > Project here: >> > > > >> > > > >> > https://github.com/smysnk/keycloak-adapter-bower >> > > > >> > > > >> > >> > > > >> > > > >> > Usage: >> > > > >> > > > >> > $ bower install keycloak >> > > > >> > > > >> > >> > > > >> > > > >> > - Josh >> > > > >> > > > >> > >> > > > >> > > > >> > >> > > > >> > > > >> > _______________________________________________ >> > > > >> > > > >> > keycloak-user mailing list >> > > > >> > > > >> > keycloak-user at lists.jboss.org >> > > > >> > > > >> > >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > > > >> > > > >> >> > > > >> > > > > >> > > > >> > > > > >> > > > >> > > > >> > > > >> > > >> > > > >> > >> > > > >> >> > > > > >> > > > > >> > > > >> > > >> > >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140731/5397db96/attachment-0001.html From pmadden at tomsawyer.com Thu Jul 31 15:13:20 2014 From: pmadden at tomsawyer.com (Patrick V. Madden) Date: Thu, 31 Jul 2014 12:13:20 -0700 (PDT) Subject: [keycloak-user] Domain vs Standalone In-Reply-To: <762695429.996945.1406833855143.JavaMail.zimbra@tomsawyer.com> Message-ID: <848885178.996999.1406834000837.JavaMail.zimbra@tomsawyer.com> Hi, I'm just curious if there are any limitations to deploying Keycloak in a Wildfly domain? I see most of the documentation mentions the standalone configuration. Would installing Keycloak on the domain node be a good or bad idea? Thanks in advance, Patrick -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140731/df46ca00/attachment.html From bburke at redhat.com Thu Jul 31 15:15:48 2014 From: bburke at redhat.com (Bill Burke) Date: Thu, 31 Jul 2014 15:15:48 -0400 Subject: [keycloak-user] Domain vs Standalone In-Reply-To: <848885178.996999.1406834000837.JavaMail.zimbra@tomsawyer.com> References: <848885178.996999.1406834000837.JavaMail.zimbra@tomsawyer.com> Message-ID: <53DA95E4.4060102@redhat.com> Would be ok for adapter configurations I think, not for the server itself. Right now we're just crossing our fingers that the server works in a cluster. We don't have time to test this until later this year. On 7/31/2014 3:13 PM, Patrick V. Madden wrote: > Hi, > > I'm just curious if there are any limitations to deploying Keycloak in a > Wildfly domain? I see most of the documentation mentions the standalone > configuration. > > Would installing Keycloak on the domain node be a good or bad idea? > > Thanks in advance, > > Patrick > > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com From pmadden at tomsawyer.com Thu Jul 31 15:20:20 2014 From: pmadden at tomsawyer.com (Patrick V. Madden) Date: Thu, 31 Jul 2014 12:20:20 -0700 (PDT) Subject: [keycloak-user] Domain vs Standalone In-Reply-To: <53DA95E4.4060102@redhat.com> References: <848885178.996999.1406834000837.JavaMail.zimbra@tomsawyer.com> <53DA95E4.4060102@redhat.com> Message-ID: <818463508.997192.1406834420322.JavaMail.zimbra@tomsawyer.com> Thanks you Bill, I understand. Regards, Patrick. ----- Original Message ----- From: "Bill Burke" To: keycloak-user at lists.jboss.org Sent: Thursday, July 31, 2014 3:15:48 PM Subject: Re: [keycloak-user] Domain vs Standalone Would be ok for adapter configurations I think, not for the server itself. Right now we're just crossing our fingers that the server works in a cluster. We don't have time to test this until later this year. On 7/31/2014 3:13 PM, Patrick V. Madden wrote: > Hi, > > I'm just curious if there are any limitations to deploying Keycloak in a > Wildfly domain? I see most of the documentation mentions the standalone > configuration. > > Would installing Keycloak on the domain node be a good or bad idea? > > Thanks in advance, > > Patrick > > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-user mailing list keycloak-user at lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140731/7fce377b/attachment.html