<div dir="ltr"><div><div><div><div><div><div><div><div>Hello Marek,<br><br></div>What is the value of onLoad during keycloak init() function?<br></div>I tried both check-sso and login-required, but it still is showing the kc login page.<br><br></div>Heres what I did.<br></div>Using java code I get a direct access grant tokens. I get response from this code as something below.<br><br>{"access_token":"eyJhbGciOiJSUzI1NiJ9blahblah","expires_in":1800,"refresh_expires_in":1800,"refresh_token":"eyJhbGciOiblahblah","token_type":"bearer","id_token":"eyJhbGciblah blah","not-before-policy":1437991554,"session-state":"7afb2db2-6f4f-43a8-a9ad-355d5cc5c8fe"}<br><br></div>Then I am hitting the jsp page. <a href="http://localhost:8080/myapp/index.jsp?tokenJson=">http://localhost:8080/myapp/index.jsp?tokenJson=</a><theabovejsonstring-cut-and-pasted><br><br></div>In index.jsp I extract the tokenJson param and parse the json to further extract the accessToken, idToken and refreshToken.<br><br></div>A code snippet in index.jsp, like the below generates the keycloak init obj.<br><br><pre style="background-color:rgb(255,255,255);color:rgb(0,0,0);font-family:"DejaVu Sans Mono";font-size:9pt"><span style="color:rgb(0,0,128);background-color:rgb(247,250,255);font-weight:bold"><%<br></span><br><span style="background-color:rgb(247,250,255)">String iaJsonStr =request.getParameter(</span><span style="color:rgb(0,128,0);background-color:rgb(247,250,255);font-weight:bold">"tokenJson"</span><span style="background-color:rgb(247,250,255)">);//get the token json from url<br></span><span style="background-color:rgb(247,250,255)">String token=</span><span style="color:rgb(0,128,0);background-color:rgb(247,250,255);font-weight:bold">""</span><span style="background-color:rgb(247,250,255)">,idToken=</span><span style="color:rgb(0,128,0);background-color:rgb(247,250,255);font-weight:bold">""</span><span style="background-color:rgb(247,250,255)">,refreshToken=</span><span style="color:rgb(0,128,0);background-color:rgb(247,250,255);font-weight:bold">""</span><span style="background-color:rgb(247,250,255)">;//init the values<br></span><span style="color:rgb(0,0,128);background-color:rgb(247,250,255);font-weight:bold">if</span><span style="background-color:rgb(247,250,255)">(!StringUtils.</span><span style="background-color:rgb(247,250,255);font-style:italic">isEmpty</span><span style="background-color:rgb(247,250,255)">(iaJsonStr)){<br></span><span style="background-color:rgb(247,250,255)"> JsonObject iaJsonObj = Json.</span><span style="background-color:rgb(247,250,255);font-style:italic">createReader</span><span style="background-color:rgb(247,250,255)">(</span><span style="color:rgb(0,0,128);background-color:rgb(247,250,255);font-weight:bold">new </span><span style="background-color:rgb(247,250,255)">StringReader(iaJsonStr)).readObject();<br></span><span style="background-color:rgb(247,250,255)"> token=iaJsonObj.getString(</span><span style="color:rgb(0,128,0);background-color:rgb(247,250,255);font-weight:bold">"access_token"</span><span style="background-color:rgb(247,250,255)">);//extract access<br></span><span style="background-color:rgb(247,250,255)"> refreshToken=iaJsonObj.getString(</span><span style="color:rgb(0,128,0);background-color:rgb(247,250,255);font-weight:bold">"refresh_token"</span><span style="background-color:rgb(247,250,255)">);//extract refresh<br></span><span style="background-color:rgb(247,250,255)"> idToken=iaJsonObj.getString(</span><span style="color:rgb(0,128,0);background-color:rgb(247,250,255);font-weight:bold">"id_token"</span><span style="background-color:rgb(247,250,255)">);//extract id<br></span><span style="background-color:rgb(247,250,255)">}</span><span style="color:rgb(0,0,128);background-color:rgb(247,250,255);font-weight:bold"><br>if</span><span style="background-color:rgb(247,250,255)">(!StringUtils.</span><span style="background-color:rgb(247,250,255);font-style:italic">isEmpty</span><span style="background-color:rgb(247,250,255)">(token) && !StringUtils.</span><span style="background-color:rgb(247,250,255);font-style:italic">isEmpty</span><span style="background-color:rgb(247,250,255)">(refreshToken) && !StringUtils.</span><span style="background-color:rgb(247,250,255);font-style:italic">isEmpty</span><span style="background-color:rgb(247,250,255)">(idToken)){<br></span><span style="color:rgb(0,0,128);background-color:rgb(247,250,255);font-weight:bold">%></span><span style="color:rgb(0,0,128);font-weight:bold"><br></span><span style="color:rgb(0,0,128);font-weight:bold">var </span><span style="color:rgb(102,14,122);font-weight:bold;font-style:italic">kcInitObj</span>={<br> <span style="color:rgb(102,14,122);font-weight:bold">onLoad</span>:<span style="color:rgb(0,128,0);font-weight:bold">'check-sso'</span>,<br> <span style="color:rgb(102,14,122);font-weight:bold">token</span>:<span style="color:rgb(0,128,0);font-weight:bold">'</span><span style="color:rgb(0,0,128);background-color:rgb(247,250,255);font-weight:bold"><%=</span><span style="background-color:rgb(247,250,255)">token</span><span style="color:rgb(0,0,128);background-color:rgb(247,250,255);font-weight:bold">%></span><span style="color:rgb(0,128,0);font-weight:bold">'</span>,<br> <span style="color:rgb(102,14,122);font-weight:bold">refreshToken</span>:<span style="color:rgb(0,128,0);font-weight:bold">'</span><span style="color:rgb(0,0,128);background-color:rgb(247,250,255);font-weight:bold"><%=</span><span style="background-color:rgb(247,250,255)">refreshToken</span><span style="color:rgb(0,0,128);background-color:rgb(247,250,255);font-weight:bold">%></span><span style="color:rgb(0,128,0);font-weight:bold">'</span>,<br> <span style="color:rgb(102,14,122);font-weight:bold">idToken</span>:<span style="color:rgb(0,128,0);font-weight:bold">'</span><span style="color:rgb(0,0,128);background-color:rgb(247,250,255);font-weight:bold"><%=</span><span style="background-color:rgb(247,250,255)">idToken</span><span style="color:rgb(0,0,128);background-color:rgb(247,250,255);font-weight:bold">%></span><span style="color:rgb(0,128,0);font-weight:bold">'<br></span>};<br><span style="color:rgb(0,0,128);background-color:rgb(247,250,255);font-weight:bold"><%<br></span><span style="background-color:rgb(247,250,255)">}</span><span style="color:rgb(0,0,128);background-color:rgb(247,250,255);font-weight:bold">else</span><span style="background-color:rgb(247,250,255)">{<br></span><span style="color:rgb(0,0,128);background-color:rgb(247,250,255);font-weight:bold">%></span><span style="color:rgb(0,0,128);font-weight:bold"><br></span><span style="color:rgb(0,0,128);font-weight:bold">var </span><span style="color:rgb(102,14,122);font-weight:bold;font-style:italic">kcInitObj</span>={<br> <span style="color:rgb(102,14,122);font-weight:bold">onLoad</span>:<span style="color:rgb(0,128,0);font-weight:bold">'check-sso'<br></span>};<br><span style="color:rgb(0,0,128);background-color:rgb(247,250,255);font-weight:bold"><%<br></span><span style="background-color:rgb(247,250,255)">}<br></span><span style="color:rgb(0,0,128);background-color:rgb(247,250,255);font-weight:bold">%></span></pre>.......<br>.....<br></div><div><pre style="background-color:rgb(255,255,255);color:rgb(0,0,0);font-family:"DejaVu Sans Mono";font-size:9pt"><span style="background-color:rgb(239,239,239)"><</span><span style="color:rgb(0,0,128);background-color:rgb(239,239,239);font-weight:bold">script</span><span style="background-color:rgb(239,239,239)">></span><br> <span style="color:rgb(0,0,128);font-weight:bold">var </span><span style="color:rgb(102,14,122);font-weight:bold;font-style:italic">keycloak </span>= Keycloak(<span style="color:rgb(0,128,0);font-weight:bold">'/myapp/keycloak-dev</span><span style="color:rgb(0,0,128);background-color:rgb(247,250,255);font-weight:bold"></span><span style="color:rgb(0,128,0);font-weight:bold">.json'</span>);<br> <span style="color:rgb(102,14,122);font-weight:bold;font-style:italic">keycloak</span>.<span style="color:rgb(122,122,67)">init</span>(<span style="color:rgb(102,14,122);font-weight:bold;font-style:italic">kcInitObj</span>).<span style="color:rgb(122,122,67)">success(</span><span style="color:rgb(122,122,67)"><span style="color:rgb(0,0,128);font-weight:bold">function</span>(authenticated) {<br> <span style="color:rgb(0,0,128);font-weight:bold">if</span>(!authenticated){<br> <span style="color:rgb(102,14,122);font-weight:bold;font-style:italic">keycloak</span>.login();<br> }<span style="color:rgb(0,0,128);font-weight:bold">else</span>{<br></span></pre><pre style="background-color:rgb(255,255,255);color:rgb(0,0,0);font-family:"DejaVu Sans Mono";font-size:9pt"><span style="color:rgb(122,122,67)"> //call loadProfile and get the user details.<br></span></pre><pre style="background-color:rgb(255,255,255);color:rgb(0,0,0);font-family:"DejaVu Sans Mono";font-size:9pt"><span style="color:rgb(122,122,67)"> ).error(....)<br></span></pre><pre style="background-color:rgb(255,255,255);color:rgb(0,0,0);font-family:"DejaVu Sans Mono";font-size:9pt"><span style="background-color:rgb(239,239,239)"></</span><span style="color:rgb(0,0,128);background-color:rgb(239,239,239);font-weight:bold">script</span><span style="background-color:rgb(239,239,239)">></span><br></pre><br></div><div>This is still redirecting me to the login page. Do I have to do something in the client setup? <br><br></div><div>So close,, yet so far... Please help.. <br><br></div><div>Thanks and lot for your attention.<br></div><div>Subhro.<br></div><div><div><div><div><br></div></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 7, 2016 at 8:35 AM, Subhrajyoti Moitra <span dir="ltr"><<a href="mailto:subhrajyotim@gmail.com" target="_blank">subhrajyotim@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div><div><div>Thanks a million Marek for setting us in the right direction.<br><br>"...application is able to access the javascript state from embedded
IE"- this is not possible currently, hence 1st solution wont work.<br><br></div>We will follow the 2nd way to do this. <br></div></div><br>So using "<a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/direct-access-grants.html" target="_blank">direct access grant</a>" i get the required JSON token data as mentioned.<br></div>Then I pass this data to the jsp page (embedded in IE), using URL params.<br></div>The JSP page pulls out the required data from the URL params, and then inits keycloak.js.<br></div>in keycloak init function i pass the token, idToken and refreshToken values.<br></div><div><br></div><div>Hopefully this works, trying it now!<br><br></div><div>Thanks a lot again for the pointers.<br><br></div><div>Subhro.<br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 7, 2016 at 2:33 AM, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Do you have the "control" under the
application? Is it possible to propagate security contexts from
application to embedded IE or viceversa?<br>
<br>
In theory what can work is either:<br>
- You will skip step1 and don't popup username/password box.
Instead you will just authenticate in step2 inside IE and then
propagate the context ( token ) to step1. This is possible just if
application is able to access the javascript state from embedded
IE.<br>
<br>
- If you can propagate just from desktop to IE, then in step1 you
wwill configure your application to send the request for
username/password authentication to Keycloak via direct access
grant (instead of sending username+password directly to AD/LDAP).
Once you receive token from direct access grant, you can use it
inside IE in step2 ( keycloak.js has possibility to be initialized
with token. You just need to pass the token and refreshToken as
arguments to keycloak.init . Then keycloak.js won't redirect you
to login screen )<br>
<br>
Marek<div><div><br>
<br>
On 06/04/16 11:24, Subhrajyoti Moitra wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div>
<div dir="ltr">
<div>
<div>
<div>Hello Team, <br>
<br>
I have a standalone windows desktop application, that
authenticates against an AD/LDAP server. The application
popups a username/password box, and submits it to the LDAP
for authentication.<br>
The same AD/LDAP server is also synced with a Keycloak
installation.<br>
<br>
The windows application embeds the IE browser control and
shows a jsp page.<br>
This jsp page is protected using keycloak js adapter.
Obviously the user is re-directed to the keycloak login
page. So the user has to login twice, once using the
application popup and other in the embedded jsp, after
getting redirected to the keycloak login page.<br>
<br>
I dont want to re-prompt the user for relogin, since he
has already authenticated against the AD server.<br>
Is there a way to not re-prompt the user, when the
embedded IE requests the secure JSP?<br>
<br>
</div>
Please help, as we are not able to come up with a solution
for the same.<br>
</div>
<div>Any pointers how we can avoid the 2nd authentication.<br>
</div>
<div><br>
</div>
Thanks,<br>
</div>
Subhro.<br>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>