[keycloak-user] Keycloak sp filter
Chen Keong Yap
chenkeong.yap at izeno.com
Sun Mar 8 21:53:22 EDT 2015
hi bill,
can you advise regarding the global sign out issue?
On Thu, Mar 5, 2015 at 9:29 AM, Chen Keong Yap <chenkeong.yap at izeno.com>
wrote:
> hi bill,
>
> Thanks for the solution given and it has resolved the first issue ( login
> to the app via pl sp filter but the login session cannot be seen in
> keycloak admin console)
>
> However now there are few more issues with single sign out.
>
> a) When i click on the global logout link (
> http://localhost:8080/employee/?GLO=true), the page just did a self
> refresh and it's not redirected to keycloak login page. I can see the
> keycloak session was gone from the keycloak admin console but the sample
> employee session still there.
>
> b) When i click on the local logout link (
> http://localhost:8080/employee/?LLO=true), the page just did a self
> refresh and it's not redirected to keycloak login page. I can see the
> keycloak session still in the keycloak admin console but the sample
> employee session still there.
>
> c) When i click on the logout link (
> http://localhost:8080/employee/logout.jsp), the page just did a self
> refresh and it's not redirected to keycloak login page. I noticed the
> keycloak session still in the keycloak admin console but the sample
> employee session still there. Just wondering do i need to implement
> session.invalidate() in the logout,jsp but how to invalidate the keycloak
> session?
>
>
> On Wed, Mar 4, 2015 at 11:12 PM, Bill Burke <bburke at redhat.com> wrote:
>
>> Ok, I may have diagnosed the problem. Go to the admin console. Go to
>> the definition of your application. Look at the Admin Url. Does it have a
>> "/" at the end of the URL? If not, add a '/' at the end of this.
>>
>> i.e.
>>
>> http://somhere.com/app/
>>
>> If that solves the issue, let me know and I'll explain what is going on.
>> FYI, I ran into the same problem running the SAML example in the distro and
>> this fixed the problem.
>>
>>
>>
>>
>> On 3/4/2015 9:07 AM, Chen Keong Yap wrote:
>>
>>> Hi bill,
>>>
>>> If i understand from you correctly,
>>> PL SAML SP and keycloak adapters are the same and referring to below
>>> items.
>>>
>>> Tomcat 6, 7, 8
>>> Jetty 8, 9
>>> EAP 6.x
>>> Wildfly
>>> Node.js
>>> Browser Javascript adapter.
>>>
>>> So far i have tested PL SAML SP filter using the following libs and it
>>> got the same 2 issues that was mentioned in the previous email.
>>>
>>> Picketlink lib : Picketlink 2.70 cr2, picketlink 2.5.3 (commercial)
>>>
>>> keycloak lib : keycloak 1.1.0 final, keycloak 1.1.0 beta 2
>>>
>>> On Mar 4, 2015 9:44 PM, "Bill Burke" <bburke at redhat.com
>>> <mailto:bburke at redhat.com>> wrote:
>>>
>>> Our testsuite uses PL SAML SP, not the filter though, and it works
>>> fine. I'd have to recreate the problem using the PL SAML SP filter.
>>>
>>> On 3/4/2015 8:04 AM, Chen Keong Yap wrote:
>>>
>>> Hi bill,
>>>
>>> Yup. I have configured the app in keycloak admin console.
>>> However i
>>> encountered 2 issues.
>>>
>>> First issue is that i was able to login to the app via pl sp
>>> filter but
>>> the login session cannot be seen in keycloak admin console
>>>
>>> Second issue is that global logout was not working and the
>>> landing page
>>> just did a self refresh.
>>>
>>> On Mar 4, 2015 8:55 PM, "Bill Burke" <bburke at redhat.com
>>> <mailto:bburke at redhat.com>
>>> <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>> wrote:
>>>
>>> You can still use the PL Filter SP. Just configure the
>>> application
>>> in the admin console to use SAML.
>>>
>>> On 3/3/2015 11:36 PM, Chen Keong Yap wrote:
>>>
>>> Hi bill,
>>>
>>> the existing adapters cannot support jboss eap 5.0.2 and
>>> websphere 8.5
>>> and we are not allowed to use keycloak proxy.
>>>
>>> can you suggest any other alternative similar to
>>> picketlink sp
>>> filter?
>>>
>>> On Tue, Mar 3, 2015 at 11:45 PM, Bill Burke
>>> <bburke at redhat.com <mailto:bburke at redhat.com>
>>> <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>
>>> <mailto:bburke at redhat.com <mailto:bburke at redhat.com>
>>> <mailto:bburke at redhat.com <mailto:bburke at redhat.com>>>> wrote:
>>>
>>> There is no Keycloak SP filter. We have various
>>> adapters
>>> for different
>>> platforms that hook into servlet security to make
>>> integration seamless:
>>>
>>> Tomcat 6, 7, 8
>>> Jetty 8, 9
>>> EAP 6.x
>>> Wildfly
>>> Node.js
>>> Browser Javascript adapter.
>>>
>>> On 3/2/2015 10:22 PM, Chen Keong Yap wrote:
>>> > Hi,
>>> >
>>> > Please share some lights for implementing
>>> Keycloak sp
>>> filter which is
>>> > similar to picketlink sp filter.
>>> >
>>> >
>>> org.picketlink.identity.____federation.web.filters.____SPFilter
>>> >
>>> >
>>> > ______________________________
>>> _____________________
>>> > keycloak-user mailing list
>>> > keycloak-user at lists.jboss.org
>>> <mailto:keycloak-user at lists.jboss.org>
>>> <mailto:keycloak-user at lists.__jboss.org
>>> <mailto:keycloak-user at lists.jboss.org>>
>>> <mailto:keycloak-user at lists.
>>> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>>> <mailto:keycloak-user at lists.__jboss.org
>>> <mailto:keycloak-user at lists.jboss.org>>>
>>> >
>>> https://lists.jboss.org/____mailman/listinfo/keycloak-user
>>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>
>>>
>>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user
>>> <https://lists.jboss.org/mailman/listinfo/keycloak-user>__>
>>> >
>>>
>>> --
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>> http://bill.burkecentral.com
>>> ______________________________
>>> _____________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.
>>> jboss.org>
>>> <mailto:keycloak-user at lists.__jboss.org
>>> <mailto:keycloak-user at lists.jboss.org>>
>>> <mailto:keycloak-user at lists.
>>> <mailto:keycloak-user at lists.>____jboss.org <http://jboss.org>
>>> <mailto:keycloak-user at lists.__jboss.org
>>> <mailto:keycloak-user at lists.jboss.org>>>
>>> https://lists.jboss.org/____mailman/listinfo/keycloak-user
>>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user>
>>>
>>> <https://lists.jboss.org/__mailman/listinfo/keycloak-user
>>> <https://lists.jboss.org/mailman/listinfo/keycloak-user>__>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>> http://bill.burkecentral.com
>>>
>>>
>>> --
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>> http://bill.burkecentral.com
>>>
>>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>
>
>
>
>
>
>
--
Best Regards,
CK Yap
Technology Consultant
Tel: +65 6100 2788
Fax:+65 6233 9376
iZeno Pte Ltd
72 Bendemeer Road
Luzerne #05-28
Singapore 339941
This communication contains information which may be confidential or
privileged. The information is intended solely for the use of the
individual or entity named above. If you are not the intended recipient,be
aware that any disclosure, copying, distribution or use of the contents of
this information is prohibited.If you have received this communication in
error, please notify me by telephone immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150309/7dd76090/attachment-0001.html
More information about the keycloak-user
mailing list