examples/as7-eap6-demo/server files
by Bill Burke
Please don't delete these. I need to move what I've done to your
"server" module. This WAR is a prototype on how to define JBoss Modules
exclusions so that Resteasy 3 can be included directly within the
Keycloak Server WAR. This will allow us to distribute the same WAR for
AS7, EAP, and Wildfly.
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years
removing resteasy from adapter requires:
by Bill Burke
removing resteasy dependencies from adapter dependencies requires:
* Forking and gutting JOSE-JWT module so we can have JSON web signatures
(and maybe JWE later too)
* Forking UriBuilder. There's a lot of functionality there that will
make our code easier.
* Forking some of UriInfo as again, a lot of helper methods there that
will make our coding easier.
* Relying on Apache Http Client APIs compatible with 4.1.2. This
version is compatible with the version that comes in both AS7 and EAP
and Wildfly. Wildfly may upgrade to 4.3 and I don't know if this
version maintains backward compatibility with 4.1.2. I just don't think
using java.net.URL for client HTTP is very feasible and I distinctly
remember having problems with connection caching and things like that.
I thought about using the Resteasy client that comes with AS7, EAP,
Wildfly, but I'm worried that users may upgrade Resteasy to an
incompatible version.
I'm also still going to use Jackson 1.9.x. Jackson 2.x uses an entirely
different package name so we're safe relying on it.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years
started adapter refactor
by Bill Burke
I renamed some files in keycloak-core and also moved some to a new
module keycloak-adapter-core.
This may screw up some of your work so please fetch/merge.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years
Require SSL option
by Marek Posolda
Hi,
I would like to ask what exactly is semantics of realm option "Require
SSL"? My first impression is that if this option is enabled, then access
to URI like "http://localhost:8080/auth-server/rest/realms/demo/..."
should be allowed just with 'https' protocol instead of plain 'http'.
Actually http access to realm is enabled and login works. Option is used
just for securing cookies like KEYCLOAK_IDENTITY, so that SSO
reauthentication with cookies is effectively disabled. But shouldn't we
rename this option to something "Use secured cookie" then? Name "Require
SSL" seems to be confusing IMO.
There is also one more issue
https://issues.jboss.org/browse/KEYCLOAK-227 due to the fact that option
doesn't affect just KEYCLOAK_IDENTITY cookie but also
KEYCLOAK_ACCOUNT_IDENTITY, which means that I am always redirected back
to login form after successful login in case that login has been
triggered for AccountManagement application.
WDYT?
Marek
11 years
View all users for a realm
by Stian Thorgersen
ATM it's only possible to search for users. It should be possible to also view all users for a realm.
I propose that we make the users page show all users when there's no search set. In the future this and all other tables should support pagination, including pagination support on the rest endpoints, so that would solve the issue of loading a huge amount of users.
11 years
Cancel button on login form
by Stian Thorgersen
I added a cancel button to the login form. It results in a redirect to "<redirect_uri>?error=access_denied".
Problem with it is that it doesn't make sense for all applications to have it. This mainly applies to applications that require a login, for example the admin console. Question is what do we do for those? Some alternatives:
* Add an optional query param to login that disables it (.../tokens/login?nocancel)
* Add a config option to the app that's set through admin console
* Leave it and make the app show a sensible error message - "You're required to login blah blah, click here to login"
Thoughts?
11 years
Can KeyCloack be used without any passwords?
by Matt Casperson
I'd just like to say that KeyCloak looks like a great project. It will be nice not to have to reinvent the account management wheel every time you write an app.
I have a couple of questions about KeyCloak:
1. After playing with the demo it looks like first time social logins require a local user account to be created. Is this a fixed requirement, or is it possible for people to log in from Google/Twitter/Facebook without a local user account? Or at least with a local account that has no password? I ask because ideally we would like to never deal with any user passwords whatsoever, and defer all password management to external services.
2. Do you expect the LDAP or AD support to work like a social login i.e. will users with local network accounts be required to create a KeyCloak user account in addition to their network account?
3. Is it possible to associate multiple social logins with a single account? Something like what Stack Exchange does where you can add a Google and a Facebook account to your existing SE account.
Regards
Matthew Casperson
RHCE, RHCJA # 111-072-237
Red Hat Engineering Content Services
Brisbane, Australia
11 years
Cancel button in the login page
by Gabriel Cardoso
What is the reason for a Cancel button in the login page?
Called my attention see a Cancel button when accessing to the login page immediately after opening the browser. Also, clicking on it redirected me to a empty white screen.
--
Gabriel Cardoso
GateIn Portal | User Experience Designer
11 years
Consistency and standards
by Gabriel Cardoso
When adding new elements to the interface, it is important to maintain consistency, using the same standards already used in the interface. Here are two examples:
Standard: main action at the right side
Inconsistency: main action at the left side in the login screen
Standard: dark tooltip
Inconsistency: white tooltip in the credentials page
Could you guys update them to follow the standards?
Also, if you have any doubt when implementing something new, let me know.
Gabriel
--
Gabriel Cardoso
GateIn Portal | User Experience Designer
11 years
