timestamp repo release
by Bill Burke
Stian wanted a timestamp release:
1.0-alpha-1-12062013
Should be in repo now. Source also tagged with same name.
Still working on things, hope to release alpha 1 early next week.
Apologies for the delays.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years
Can a master list of roles be retrieved?
by Matt Casperson
If I wanted my client application's UI to be able to authorise roles to perform certain actions, could I query a KeyCloak server for the master list?
An example might be listing all the roles so I could select those that should be able to edit a particular record. So rather than manually syncing a list of roles between my application and KeyCloak, I would query the KeyCloak server for the current list of roles to ensure that I always have an accurate list.
Regards
Matthew Casperson
RHCE, RHCJA # 111-072-237
Engineering Content Services
Brisbane, Australia
11 years
Keycloak subsystem
by ssilvert@redhat.com
In Thunderlips, we have a requirement that console applications should
not be required to know where the Keycloak server resides at build
time. Furthermore, an administrator should not need to crack open a WAR
to include this information. Instead, the application should learn
about its environment at deploy time.
Picketlink already has this capability, but I think we can go beyond
what it currently offers. The basic idea for the Keycloak subsystem is
that no application should ever need to define anything about
authentication. At development time, the application should not need to
know anything about Keycloak or really anything about authentication at
all. The application should only need to know about authorization and
the roles it wants to define.
So using the Keycloak subsystem, an application will not be required to use:
* keycloak.json
* jboss-web.xml
* jboss-deployment-structure.xml
(Did I leave anything out? It looks like this is what an app currently
needs to work with Keycloak.)
>From the Keycloak admin UI, you will be able to choose an application
and add it to a Keycloak realm. When that application is deployed, the
Keycloak subsystem adds all that used to be defined in keycloak.json,
jboss-web.xml, and jboss-deployment-structure.xml.
The big picture is that a developer never needs to think about
authentication. And an administrators never need to crack open a WAR or
worry about what authentication was built into some WAR he wants to deploy.
WDYT?
Stan
11 years
resteasy dependencies before Alpha 1
by Bill Burke
I'm thnking it might be a good idea to take some time to remove the
Resteasy dependencies from the AS7 adapter. Upgrading to Resteasy 3
would probably be a big deal to many EAP/AS7 users.
I was able to finally figure out the correct exclusion metadata to put
in jboss-deployment-structure.xml so that I could just bundle Resteasy 3
with the Keycloak Server WAR.
Might also want to figure out how to trim down the AS7 distro to make a
smaller download.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years
Getting demo to run
by ssilvert@redhat.com
I'm trying to get the demo to run on WildFly master. I ran into a
compilation problem and submitted this PR so it would compile:
https://github.com/keycloak/keycloak/pull/122
Now it builds OK, but when I do mvn jboss-as:deploy, I get the errors
below on WildFly. Is this what I should be doing to get started?
Should I be trying this on EAP 6 instead?
11:22:17,891 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-6)
MSC000001: Failed to start service
jboss.undertow.deployment.default-server.default-host./auth-se
rver.UndertowDeploymentInfoService: org.jboss.msc.service.StartException
in service
jboss.undertow.deployment.default-server.default-host./auth-server.UndertowDeploymentI
nfoService: java.lang.ClassNotFoundException:
org.keycloak.services.listeners.MongoRunnerListener from [Module
"deployment.auth-server.war:main" from Service Module Loade
r]
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService.createServletConfig(UndertowDeploymentInfoService.java:772)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService.start(UndertowDeploymentInfoService.java:217)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
[jboss-msc-1.2.0.CR1.jar:1.2.0.CR1]
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
[jboss-msc-1.2.0.CR1.jar:1.2.0.CR1]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_15]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_15]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_15]
Caused by: java.lang.ClassNotFoundException:
org.keycloak.services.listeners.MongoRunnerListener from [Module
"deployment.auth-server.war:main" from Service Module Loader
]
at
org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:197) [jboss-modules.jar:1.3.0.Final]
at
org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:443)
[jboss-modules.jar:1.3.0.Final]
at
org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:431)
[jboss-modules.jar:1.3.0.Final]
at
org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:373)
[jboss-modules.jar:1.3.0.Final]
at
org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:118)
[jboss-modules.jar:1.3.0.Final]
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService.addListener(UndertowDeploymentInfoService.java:1035)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService.createServletConfig(UndertowDeploymentInfoService.java:640)
... 6 more
11:22:17,936 ERROR [org.jboss.as.controller.management-operation]
(management-handler-thread - 5) JBAS014613: Operation ("deploy") failed
- address: ([("deployment" => "a
uth-server.war")]) - failure description: {"JBAS014671: Failed services"
=>
{"jboss.undertow.deployment.default-server.default-host./auth-server.UndertowDeploymentInfoSer
vice" => "org.jboss.msc.service.StartException in service
jboss.undertow.deployment.default-server.default-host./auth-server.UndertowDeploymentInfoService:
java.lang.Clas
sNotFoundException: org.keycloak.services.listeners.MongoRunnerListener
from [Module \"deployment.auth-server.war:main\" from Service Module Loader]
Caused by: java.lang.ClassNotFoundException:
org.keycloak.services.listeners.MongoRunnerListener from [Module
\"deployment.auth-server.war:main\" from Service Module
Loader]"}}
11:22:17,946 ERROR [org.jboss.as.server] (management-handler-thread - 5)
JBAS015870: Deploy of deployment "auth-server.war" was rolled back with
the following failure mes
sage:
{"JBAS014671: Failed services" =>
{"jboss.undertow.deployment.default-server.default-host./auth-server.UndertowDeploymentInfoService"
=> "org.jboss.msc.service.StartExcep
tion in service
jboss.undertow.deployment.default-server.default-host./auth-server.UndertowDeploymentInfoService:
java.lang.ClassNotFoundException: org.keycloak.services.
listeners.MongoRunnerListener from [Module
\"deployment.auth-server.war:main\" from Service Module Loader]
Caused by: java.lang.ClassNotFoundException:
org.keycloak.services.listeners.MongoRunnerListener from [Module
\"deployment.auth-server.war:main\" from Service Module
Loader]"}}
11 years
Configure password policy for realm
by Stian Thorgersen
I've added an option to configure a password policy for a realm.
The password policy is defined as a single string, for example:
"length and digits and lowerCase and upperCase"
Would require a password of minimum length 8 that contains at least one numerical digit, one lower case and one upper case.
The available policies at the moment are:
* length
* digits
* lowerCase
* upperCase
* specialChars
All take an optional single integer argument, for example:
"length(12) and specialChars(2)"
Would require a password of minimum length 12 that contains at least 2 special characters.
The only operator supported (at least at the moment) is 'and', so you couldn't for example have a policy that is:
"length(24) or ( length(12) and specialChars(4) )"
This is just something minimal for M1 and we can tweak it later. One thing that is quite common is to make sure it doesn't contain words from the dictionary for example.
Villiam is working on improving the way it's defined in the admin console to make it more user friendly (and less error prone).
11 years
M1 progress
by Stian Thorgersen
Keycloak is looking pretty good now, and it looks like we're in good shape to release M1 this week.
One thing I don't like is the realms being looked up based on a generated id. I really don't like urls being '../realms/32450982309/tokens/..' instead of '../realms/myrealm/tokens/..'. We can easily fix this by letting users set the id in the admin console. We should also display the id throughout as well as the name. If there's no objections I'll sort this out tomorrow.
11 years
working on distro and docs
by Bill Burke
I'll be putting together docs today and tomorrow. IN parallel i'll
flesh out the distro more, which will probably uncover a bunch of other
things we haven't thought of.
Its ok if we're not perfect just as long as people don't have problems
installing and running the demo. This *WILL* be an ALPHA release.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years
