LDAP integration
by Stian Thorgersen
For the first round of LDAP integration we will only focus on authenticating with LDAP.
This will work by adding an Authentication SPI. It will provide two methods, verify user password and update user password. We'll have two implementations of this, Keycloak Model and LDAP (via PicketLink).
It should be possible to configure which Authentication SPI provider is used by a Realm through the admin console. This will include setting up configuration for the LDAP server.
Second round (which will have a low priority for beta1, so will most likely be postponed to after the 1.0.Final) will be to add a Sync SPI. This will support one-way and two-way of syncing data from an external resource into the Keycloak model. It will support resource that allows registering listeners for events (for near real-time syncing) as well as interval based pulling when this is not possible.
JIRA issue for this is: https://issues.jboss.org/browse/KEYCLOAK-316
9 years, 8 months
Audit
by Stian Thorgersen
I plan to start work on the audit log tomorrow. Including some support for admins to view recent log, users to view recent activity for their accounts, and email notifications during certain events.
9 years, 8 months
Updates to keycloak.js including support for Cordova
by Stian Thorgersen
I've polished keycloak.js and also added a few more features to it:
* Cordova support
* Account management support
* Load config from keycloak.json
* Added a bunch of events (onAuthSuccess, onAuthError, onAuthRefreshSuccess, onAuthRefreshError, onReady)
* Async methods now return promise (init, updateToken, loadProfile)
I need to update the documentation, but there's two new examples:
* example/js-console - exposes pretty much all functionality in the js lib
* example/cordova - basic Cordova example (tested with Android phone and emulator)
9 years, 8 months
Re: [keycloak-dev] [aerogear-dev] Keycloak adapters for iOS and Android
by Corinne Krych
Hello Stian
KC adapter is planned for our iOS 1.6 release (end of June) as pointed out by abstract, it’s in our roadmap. Once 1.5 is out (end of this week), we’ll start 1.6 and work this adapter.
As for Android, we have our ios-cookbook[1], we can find a sample that fit close to your sample app. No worries. We also have a JIRA ticket to track progress[2].
++
Corinne
[1] https://github.com/aerogear/aerogear-ios-cookbook
[2] https://issues.jboss.org/browse/AGIOS-178
On 18 Mar 2014, at 12:29, Daniel Passos <daniel(a)passos.me> wrote:
> Hi Stian,
>
> Answers inline
>
> On Tue, Mar 18, 2014 at 7:53 AM, Stian Thorgersen <stian(a)redhat.com> wrote:
> We're aiming to release beta1 of Keycloak in beginning of May. It would be great to have basic iOS and Android examples added to our demo. With that in mind I have a couple of question:
>
> * Any chance anyone from the AeroGear team could contribute an iOS example? Something that works together with our current demo would be great, login with Keycloak and fetch/display customers list from the server is sufficient (same features as customer-portal and customer-portal-js in our demo). It would also be nice to have a small section on how to use it added to our documentation.
> * Do you have an ETA when Android adapter will be ready?
>
> Yes, we have already started working on it. We'll postpone our 1.4 release (scheduled for mid March to mid April ) to include KC adapter see last meeting notes[1]
>
> * Same as for iOS, any chance to get some help with an Android example and documentation?
>
> Of course. Ping me when you need. Btw, we'll add it on our cookbook app[2]
>
> Cheers,
> Stian
>
> [1] http://transcripts.jboss.org/meeting/irc.freenode.org/aerogear/2014/aerog...
> [2] https://github.com/aerogear/aerogear-android-cookbook
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
9 years, 8 months
next release Beta 1 May timeframe
by Bill Burke
I'd like for the next release (Beta-1) to be our last major feature
release. We'll shoot for early May as. I personally will be disrupted
1-2 weeks because of Red Hat Summit/DevNation
Must Have:
* Fine grain import/export of keycloak store
* LDAP/AD support
* Audit Log
* Acct Service oauth revocation
* Social login remember me
* Multi-tenant adapter abilities (for Travis)
* Any bootstrap requirements Aerogear needs
* Admin console needs to be rebrandable and support different themes.
This is an Aerogear requirement
* Server needs to be able to run on Resteasy 2.3.6 (EAP 6.x). A must if
we want to get keycloak into EAP through UPS.
Would like to have:
* Jira adapter. Have a good idea on how to implement, just need to find
the time or a volunteer.
* Tomcat, Jetty adapters
* Access control by IP Address and user geo location. i.e. block users
from logging in from China, or warn them. Google does a warning if
somebody logged into your account from China. Its how I found out how
somebody hacked my account a few years ago. i have a pretty good idea
on how to implement this, just need to find the time or a volunteer.
Anything major I'm missing?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
9 years, 8 months
Thoughts on integration tests
by Stian Thorgersen
It should be possible to run our testsuite against different containers:
* Basic server - what we have now, for development
* WildFly distribution - run on CI with the appliance-dist
* EAP distribution - run on CI with WAR deployed to EAP
* AS7 distribution - run on CI with WAR deployed to AS7
It would also be nice to be able to run the testsuite when Keycloak is embedded into other projects (AeroGear and LiveOak).
Arquillian has recently released a Undertow container, and they already have containers for all of the above. By moving to Arquillian we should be able to fairly easily support running the testsuite against different containers. It would also make it easier to test the admin console as we'd get support for Graphene2 which makes it a lot easier to test ajax-based web apps.
9 years, 8 months
Keycloak Alpha-4 (was: Re: Alpha-3 issues)
by Matthias Wessendorf
On Thu, Mar 13, 2014 at 4:12 PM, Bill Burke <bburke(a)redhat.com> wrote:
> I was able to reproduce and fix it. alpha 4 release incoming.
>
>
Besides the previous NPE on user creation:
I can confirm the alpha-4 works also fine w/ the UPS branch that aims to
integrate Keycloak!
Thanks for the quick reply!
Cheers!
Matthias
>
> On 3/13/2014 11:00 AM, Matthias Wessendorf wrote:
>
>> just saw
>>
>> https://github.com/keycloak/keycloak/pull/294
>>
>>
>> let me build it locally and give it a quick run here
>>
>>
>> -M
>>
>>
>> On Thu, Mar 13, 2014 at 3:56 PM, Matthias Wessendorf <matzew(a)apache.org
>> <mailto:matzew@apache.org>> wrote:
>>
>> damn! email - how does it work?
>>
>> Sorry, but by accident I did not reply to the list :)
>>
>> * cache clearing did help;
>>
>> * Regarding the NPE Bill replied "Ok, I'll take a look and push
>> another release. Probably just need a null check."
>>
>>
>> -M
>>
>> On Thu, Mar 13, 2014 at 2:43 PM, Matthias Wessendorf
>> <matzew(a)apache.org <mailto:matzew@apache.org>> wrote:
>>
>>
>>
>>
>> On Thu, Mar 13, 2014 at 2:21 PM, Bill Burke <bburke(a)redhat.com
>> <mailto:bburke@redhat.com>> wrote:
>>
>>
>>
>> On 3/13/2014 5:15 AM, Matthias Wessendorf wrote:
>> > Hello,
>> >
>> > when deploying the |deployments| folder of the
>> > /keycloak-war-dist-all-1.0-alpha-3/ I noticed the
>> following/WARN/:
>> >
>> > |10:02:18,449 WARN [org.jboss.as.ee
>> <http://org.jboss.as.ee> <http://org.jboss.as.ee>] (MSC
>>
>> service thread 1-9) JBAS011006: Not installing optional
>> component
>> org.jboss.resteasy.plugins.server.servlet.
>> Servlet3AsyncHttpRequest$Servlet3ExecutionContext$
>> Servle3AsychronousResponse
>> due to exception:
>> org.jboss.as.server.deployment.DeploymentUnitProcessingExcept
>> ion:
>> JBAS011054: Could not find default constructor for class
>> org.jboss.resteasy.plugins.server.servlet.
>> Servlet3AsyncHttpRequest$Servlet3ExecutionContext$
>> Servle3AsychronousResponse
>> > at
>> org.jboss.as.ee.component.ComponentDescription$
>> DefaultComponentConfigurator.configure(ComponentDescription.java:606)
>> > at
>> org.jboss.as.ee.component.deployers.
>> EEModuleConfigurationProcessor.deploy(EEModuleConfigurationProcessor
>> .java:81)
>> > at
>> org.jboss.as.server.deployment.DeploymentUnitPhaseService.
>> start(DeploymentUnitPhaseService.java:113)
>> [jboss-as-server-7.1.1.Final.jar:7.1.1.Final]
>> > at
>> org.jboss.msc.service.ServiceControllerImpl$
>> StartTask.startService(ServiceControllerImpl.java:1811)
>> [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>
>> <http://1.0.2.GA>]
>> > at
>> org.jboss.msc.service.ServiceControllerImpl$StartTask.run(
>> ServiceControllerImpl.java:1746)
>> [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>
>> <http://1.0.2.GA>]
>> > at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(
>> ThreadPoolExecutor.java:1110)
>> [rt.jar:1.7.0_09]
>> > at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(
>> ThreadPoolExecutor.java:603)
>> [rt.jar:1.7.0_09]
>> > at java.lang.Thread.run(Thread.java:722)
>> [rt.jar:1.7.0_09]
>> >
>>
>> Haven't figured out the above ^. I assume you are running
>> on EAP/AS7?
>>
>>
>>
>> Correct - JBoss AS 7.1.1-Final
>>
>>
>> |
>> >
>> > Now, login (admin:admin) and the reset flow works fine.
>> After creating a
>> > REALM, I am on the Tab (of the new realm), but there I
>> notice a few
>> > "Page not found..." messages for these links:
>> >
>>
>> Try clearing your browser cache and trying everything again.
>>
>>
>>
>> great! now I could create some roles and set default roles.
>>
>>
>> However, the NPE on user creation is still present:
>>
>>
>>
>> Caused by: java.lang.NullPointerException
>>
>> at
>> org.keycloak.services.resources.admin.UsersResource.
>> updateUserFromRep(UsersResource.java:123)
>> [keycloak-services-1.0-alpha-3.jar:]
>>
>> at
>> org.keycloak.services.resources.admin.UsersResource.
>> createUser(UsersResource.java:106)
>> [keycloak-services-1.0-alpha-3.jar:]
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> [rt.jar:1.7.0_09]
>>
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(
>> NativeMethodAccessorImpl.java:57)
>> [rt.jar:1.7.0_09]
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(
>> DelegatingMethodAccessorImpl.java:43)
>> [rt.jar:1.7.0_09]
>>
>> at java.lang.reflect.Method.invoke(Method.java:601)
>> [rt.jar:1.7.0_09]
>>
>> at
>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(
>> MethodInjectorImpl.java:137)
>> [resteasy-jaxrs-3.0.6.Final.jar:]
>>
>> at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(
>> ResourceMethodInvoker.java:280)
>> [resteasy-jaxrs-3.0.6.Final.jar:]
>>
>> at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
>> ResourceMethodInvoker.java:234)
>> [resteasy-jaxrs-3.0.6.Final.jar:]
>>
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.
>> invokeOnTargetObject(ResourceLocatorInvoker.java:140)
>> [resteasy-jaxrs-3.0.6.Final.jar:]
>>
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
>> ResourceLocatorInvoker.java:109)
>> [resteasy-jaxrs-3.0.6.Final.jar:]
>>
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.
>> invokeOnTargetObject(ResourceLocatorInvoker.java:135)
>> [resteasy-jaxrs-3.0.6.Final.jar:]
>>
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
>> ResourceLocatorInvoker.java:109)
>> [resteasy-jaxrs-3.0.6.Final.jar:]
>>
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.
>> invokeOnTargetObject(ResourceLocatorInvoker.java:135)
>> [resteasy-jaxrs-3.0.6.Final.jar:]
>>
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
>> ResourceLocatorInvoker.java:103)
>> [resteasy-jaxrs-3.0.6.Final.jar:]
>>
>> at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(
>> SynchronousDispatcher.java:356)
>> [resteasy-jaxrs-3.0.6.Final.jar:]
>>
>> ... 22 more
>>
>>
>>
>>
>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org
>> <mailto:keycloak-dev@lists.jboss.org>
>>
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>>
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>>
>>
>>
>>
>> --
>> Matthias Wessendorf
>>
>> blog: http://matthiaswessendorf.wordpress.com/
>> sessions: http://www.slideshare.net/mwessendorf
>> twitter: http://twitter.com/mwessendorf
>>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
9 years, 8 months