Send Aerogear-users mailing list submissions to
aerogear-users@lists.jboss.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.jboss.org/mailman/listinfo/aerogear- users
or, via email, send a message with subject or body 'help' to
aerogear-users-request@lists.jboss.org
You can reach the person managing the list at
aerogear-users-owner@lists.jboss.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Aerogear-users digest..."
Today's Topics:
1. Re: iOS Troubleshooting when server uses a self-signed
certificate Swift 3 (Polina Koleva)
2. Keycloak - validate token on server (Doug Drouillard)
3. Re: Keycloak - validate token on server (Summers Pittman)
4. Re: Keycloak - validate token on server (Doug Drouillard)
5. Re: Keycloak - validate token on server (Summers Pittman)
------------------------------------------------------------ ----------
Message: 1
Date: Mon, 29 May 2017 09:27:59 -0700 (MST)
From: Polina Koleva <polina.n.koleva@gmail.com>
Subject: Re: [Aerogear-users] iOS Troubleshooting when server uses a
self-signed certificate Swift 3
To: aerogear-users@lists.jboss.org
Message-ID: <1496075279116-1117.post@n5.nabble.com >
Content-Type: text/plain; charset=UTF-8
Hey :)
Julio Cesar Sanchez Hernandez wrote
> Hi.
>
> There is something missing on the email you sent.
>
> You said
> I added in my DeviceRegistration.swift file the method:
I have added the code but it is not visible in the email. I place it here
again (hopefully this time it will work). So this is the implementation of
the method:
public func urlSession(_session: URLSession, task: URLSessionTask,
didReceive challenge: URLAuthenticationChallenge, completionHandler:
(URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
if challenge.protectionSpace.authenticationMethod ==
NSURLAuthenticationMethodServerTrust && challenge.protectionSpace.host ==
serverURL.host! {
let credentials = URLCredential(trust:
challenge.protectionSpace.serverTrust!)
completionHandler(Foundation.URLSession. AuthChallengeDisposition. useCredential,
credentials)
} else {
completionHandler(Foundation.URLSession. AuthChallengeDisposition. cancelAuthenticationChallenge,
nil)
}
}
Julio Cesar Sanchez Hernandez wrote
> Do you see any error message on Xcode console? If yes, share them.
Yes, it is written that the server is not trusted because of the self-signed
certificate.
This is the error:
Error Registering with UPS: The certificate for this server is invalid. You
might be connecting to a server that is pretending to be ?x.x.x.x? which
could put your confidential information at risk.
Julio Cesar Sanchez Hernandez wrote
> Do you have a paid Apple developer account?
Yes, I have a developer account.
Julio Cesar Sanchez Hernandez wrote
> Are you testing on a real device?
Yes, I am testing on a real device.
Julio Cesar Sanchez Hernandez wrote
> Is the device asking for the push permissions?
Yes, the app asks for permission to receive push notifications. But it
cannot connect to the server.
Julio Cesar Sanchez Hernandez wrote
> Is your server available online so I can take a look?
No, I am running the ups on my local machine.
Thanks.
On Mon, May 29, 2017 at 2:57 PM, Polina Koleva <polina.n.koleva@>
wrote:
> Hey,
> I am trying to run Swift 3 HelloWorld app ( HelloWorldSwift
> <https://github.com/aerogear/aerogear-ios- cookbook/tree/
> master/UnifiedPushHelloWorld>
> ) but I have a problem with the self-signed certificate.
> Looking at the documentation ( ios troubleshooting
> <https://aerogear.org/docs/unifiedpush/aerogear-push-ios/
> guides/#troubleshooting>
> ) and changing it a little bit for Swift 3 , I added in my
> DeviceRegistration.swift file the method:
>
>
>
> But it still doesn't work. The method is not invoked at all. Do I miss
> something?
>
> Any help will be appreciated.
>
> Polina
>
>
>
> --
> View this message in context: http://aerogear-users.1116366.
> n5.nabble.com/iOS-Troubleshooting-when-server- uses-a-self-signed-
> certificate-Swift-3-tp1115.html
> Sent from the aerogear-users mailing list archive at Nabble.com.
> _______________________________________________
> Aerogear-users mailing list
> Aerogear-users@.jboss
> https://lists.jboss.org/mailman/listinfo/aerogear- users
>
_______________________________________________
Aerogear-users mailing list
Aerogear-users@.jboss
https://lists.jboss.org/mailman/listinfo/aerogear- users
--
View this message in context: http://aerogear-users.1116366.n5.nabble.com/iOS- Troubleshooting-when-server- uses-a-self-signed- certificate-Swift-3- tp1115p1117.html
Sent from the aerogear-users mailing list archive at Nabble.com.
------------------------------
Message: 2
Date: Wed, 31 May 2017 14:36:45 -0400
From: Doug Drouillard <douglas.drouillard@gmail.com>
Subject: [Aerogear-users] Keycloak - validate token on server
To: aerogear-users@lists.jboss.org
Message-ID:
<CAJSu2J6OZWe2miZ5eHg2Ydo9Vip3RE+vt+5yCAcAHg5xceGPrw@mail. >gmail.com
Content-Type: text/plain; charset="utf-8"
Hello,
I am using Aerogear-iOS and I am able to successfully get a JWT from
keycloak. Say I pass that JWT to a Java web service (that is not wildfly),
is there a way to easily verify the token? The keycloak adapters for
undertow and jetty seem beyond my reach. I am using Ninja Framework and the
undertow integration does not seem feasible in my time frame.
I was hoping to easily validate token on server, but I can't seem to have
come across anything. My concern is that I want to disable a user and
immediately have them disabled, not wait on expiration in token.
I have proposed this question on stack overflow and on the keycloak mailing
list with no answers so I was hoping to have some luck here.
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-users/ attachments/20170531/c2f861b8/ attachment-0001.html
------------------------------
Message: 3
Date: Thu, 1 Jun 2017 07:47:35 -0400
From: Summers Pittman <supittma@redhat.com>
Subject: Re: [Aerogear-users] Keycloak - validate token on server
To: aerogear-users@lists.jboss.org
Message-ID:
<CAEQz2CsFi_rkhDrnzDG9GE0fXxhxw16qj983ueF1 >vy8RLpT2nw@mail.gmail.com
Content-Type: text/plain; charset="utf-8"
Are you thinking something like this :
https://github.com/auth0/java-jwt#verify-a-token ?
On Wed, May 31, 2017 at 2:36 PM, Doug Drouillard <
douglas.drouillard@gmail.com> wrote:
> Hello,
>
> I am using Aerogear-iOS and I am able to successfully get a JWT from
> keycloak. Say I pass that JWT to a Java web service (that is not wildfly),
> is there a way to easily verify the token? The keycloak adapters for
> undertow and jetty seem beyond my reach. I am using Ninja Framework and the
> undertow integration does not seem feasible in my time frame.
> I was hoping to easily validate token on server, but I can't seem to have
> come across anything. My concern is that I want to disable a user and
> immediately have them disabled, not wait on expiration in token.
>
> I have proposed this question on stack overflow and on the keycloak
> mailing list with no answers so I was hoping to have some luck here.
>
> Thanks.
>
> _______________________________________________
> Aerogear-users mailing list
> Aerogear-users@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear- users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-users/ attachments/20170601/34c360c8/ attachment-0001.html
------------------------------
Message: 4
Date: Mon, 5 Jun 2017 09:11:43 -0400
From: Doug Drouillard <douglas.drouillard@gmail.com>
Subject: Re: [Aerogear-users] Keycloak - validate token on server
To: aerogear-users@lists.jboss.org
Message-ID:
<CAJSu2J7YAAh47A57GzLu3hqkYzpfu OLC=SZNaDCKeMpF+AqNbA@mail. gmail.com >
Content-Type: text/plain; charset="utf-8"
I ended up forking aerogear and merging in an unmerged PR that exposed
Safari View Controller (I am targeting iOS 9+) and then also modified to
allow for passing of kc_idp_hint.
https://github.com/drouillard/aerogear-ios-oauth2
It is nice and clean and avoids the user experience issues that motivated
my original question. E.g. embedded views dont work with Google sign-in and
the external safari makes user answer an additional prompt (Open in 'app
name') plus risks leaving them in no-persons land if they cancel.
For my active account question I likely can just use the Admin API can
check outright for if user is enabled.
Still researching best Java client to use in my case as it seems like i am
in a bearer-only situation. The aerogear code is easier to follow as there
is not intermixing of session/server logic like the servlet examples I have
seen.
Verifying the JWT on local server is easy and likely good enough but I
believe there should be a way to verify it with the keycloak server if
desired using certificates/possibly open-id end points. I am working in a
high fraud situation so need all options available.
Will update this thread as they appear in Google search results.
On Wed, May 31, 2017 at 2:36 PM, Doug Drouillard <
douglas.drouillard@gmail.com> wrote:
> Hello,
>
> I am using Aerogear-iOS and I am able to successfully get a JWT from
> keycloak. Say I pass that JWT to a Java web service (that is not wildfly),
> is there a way to easily verify the token? The keycloak adapters for
> undertow and jetty seem beyond my reach. I am using Ninja Framework and the
> undertow integration does not seem feasible in my time frame.
> I was hoping to easily validate token on server, but I can't seem to have
> come across anything. My concern is that I want to disable a user and
> immediately have them disabled, not wait on expiration in token.
>
> I have proposed this question on stack overflow and on the keycloak
> mailing list with no answers so I was hoping to have some luck here.
>
> Thanks.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-users/ attachments/20170605/42fca23f/ attachment-0001.html
------------------------------
Message: 5
Date: Mon, 5 Jun 2017 14:42:36 -0400
From: Summers Pittman <supittma@redhat.com>
Subject: Re: [Aerogear-users] Keycloak - validate token on server
To: aerogear-users@lists.jboss.org
Message-ID:
<CAEQz2Cs7_Nc9SYaPNmVhe3kRfx=6mWBdC4o58zX9jRgXt_Wknw@mail. >gmail.com
Content-Type: text/plain; charset="utf-8"
On Mon, Jun 5, 2017 at 9:11 AM, Doug Drouillard <
douglas.drouillard@gmail.com> wrote:
> I ended up forking aerogear and merging in an unmerged PR that exposed
> Safari View Controller (I am targeting iOS 9+) and then also modified to
> allow for passing of kc_idp_hint.
>
> https://github.com/drouillard/aerogear-ios-oauth2
>
> It is nice and clean and avoids the user experience issues that motivated
> my original question. E.g. embedded views dont work with Google sign-in and
> the external safari makes user answer an additional prompt (Open in 'app
> name') plus risks leaving them in no-persons land if they cancel.
>
> For my active account question I likely can just use the Admin API can
> check outright for if user is enabled.
>
> Still researching best Java client to use in my case as it seems like i am
> in a bearer-only situation. The aerogear code is easier to follow as there
> is not intermixing of session/server logic like the servlet examples I have
> seen.
> Verifying the JWT on local server is easy and likely good enough but I
> believe there should be a way to verify it with the keycloak server if
> desired using certificates/possibly open-id end points. I am working in a
> high fraud situation so need all options available.
>
> Will update this thread as they appear in Google search results.
>
+1 Thanks for the feedback, and I will keep an eye out for your updates.
>
> On Wed, May 31, 2017 at 2:36 PM, Doug Drouillard <
> douglas.drouillard@gmail.com> wrote:
>
>> Hello,
>>
>> I am using Aerogear-iOS and I am able to successfully get a JWT from
>> keycloak. Say I pass that JWT to a Java web service (that is not wildfly),
>> is there a way to easily verify the token? The keycloak adapters for
>> undertow and jetty seem beyond my reach. I am using Ninja Framework and the
>> undertow integration does not seem feasible in my time frame.
>> I was hoping to easily validate token on server, but I can't seem to have
>> come across anything. My concern is that I want to disable a user and
>> immediately have them disabled, not wait on expiration in token.
>>
>> I have proposed this question on stack overflow and on the keycloak
>> mailing list with no answers so I was hoping to have some luck here.
>>
>> Thanks.
>>
>
>
> _______________________________________________
> Aerogear-users mailing list
> Aerogear-users@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear- users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-users/ attachments/20170605/882e972c/ attachment.html
------------------------------
_______________________________________________
Aerogear-users mailing list
Aerogear-users@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear- users
End of Aerogear-users Digest, Vol 33, Issue 1
*********************************************