removed transitive dependencies
by Bill Burke
Everything is now scoped provided except in server/. We can't revert if
you don't like it. I think this will make things easier going forward
as we will need to add/remove artifacts or change version of artifacts
from built WARs depending on the environment (AS7 to EAP to Wildfly,
etc.). Wildfly maven build also has the requirement that all artificats
not have transitive dependencies. It makes you exclude them explicitly
if you have any.
I still need to test this and will have more updates tomorrow.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
10 years
use resteasy 2.3.7 where can
by Bill Burke
Server components should be using resteasy 2.3.7 as that aligns with EAP
6.3. I have updated our code to reflect this. The testsuite still uses
Resteasy 3.0.8 though. I also still need to test the demos to make sure
they run and also modify the WAR build so that it uses built in resteasy
rather than bundling resteasy.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
10 years
Audit finished
by Stian Thorgersen
Audit has been added. Quick summary of what's provided:
* Audit Provider SPI, including implementations for JPA and Mongo (provider is configured with -Dkeycloak.audit=jpa or -Dkeycloak.audit=mongo)
* Audit Listener SPI, including implementation for jboss-logging
* Users can view events for their account through account management
* Admins can view events for realm through admin console
* Timer service that runs periodically to clear expired events (runs by default every 15 min, can be configured with -Dkeycloak.audit.expirationSchedule)
By default the JPA audit provider is used, but realms have audit disabled. To enable audit for a realm:
* Open the admin console
* Select the realm
* Click on Audit
* Click on Config
* Click on Enabled switch to enable
* If you want events to be removed after an expiration time, set expiration time
Now you can logout, login, update your users profile, etc, etc. to create some events to view ;)
10 years
Re: [keycloak-dev] Realm key pair
by Bruno Oliveira
I see. I was just wondering if is possible to avoid the key pair exposition and if the idea is valid. For our clients, establish a key agreement (ECDH for example) and use the shared key to sign JSON[1].
Does it make sense?
[1] - http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-25#section-4.6.1
--
abstractj
On April 2, 2014 at 4:27:29 PM, Bill Burke (bburke(a)redhat.com) wrote:
> > Not sure what you mean. The keypair is for the realm. When you
> create
> a realm this keypair is automatically generated. The only reason
> it
> exists in the example imported json files is so that the example
> adapter
> configs can run out of the box.
10 years
Realm key pair
by Bruno Oliveira
Good morning guys,
I was chatting with Lucas from our team about the key pair inside the JSON file (https://github.com/keycloak/keycloak/blob/master/examples/js-console/exam...). I was just wondering: how bad would be if we dynamically generate the key pair on JavaScript and send the signed data to the server? I’m considering never store it.
Does it make sense? If you guys agreed on that, we can help on it.
--
abstractj
10 years
Keycloak server config
by Stian Thorgersen
We're starting to get quite a lot of things that can be configured globally for a Keycloak server, with more coming soon. This includes:
* Model DB
* Audit DB
* LDAP servers (currently per-realm, but it would be better to create global config that can be selected in realm)
* SMTP servers (currently per-realm, but it would be better to create global config that can be selected in realm)
* Server Alias (proposed to list yesterday)
* Theme config (default theme, fallback theme, theme dir)
I propose that we make this configurable through a single json file. In the distribution it would be standalone/configuration/keycloak.json. Like standalone.xml it would support system property expansion.
An initial idea of the structure of the file: https://gist.github.com/stianst/9931577
10 years
Keycloak WAR inside on an EAR file ?
by Matthias Wessendorf
Hello,
I tried to pull the auth-server.war file into an EAR. Once that is deployed
to the JBoss 7.1.1 (I did not try WildFly), I am getting this error on the
JAX-RS Application initialization:
17:55:00,113 ERROR
[org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/auth]]
(MSC service thread 1-14) StandardWrapper.Throwable:
java.lang.RuntimeException: Failed to construct public
org.keycloak.server.KeycloakServerApplication(javax.servlet.ServletContext)
throws java.io.FileNotFoundException
at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:144)
[resteasy-jaxrs-2.3.2.Final.jar:]
at org.jboss.resteasy.spi.ResteasyDeployment.createFromInjectorFactory(ResteasyDeployment.java:282)
[resteasy-jaxrs-2.3.2.Final.jar:]
at org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:259)
[resteasy-jaxrs-2.3.2.Final.jar:]
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:85)
[resteasy-jaxrs-2.3.2.Final.jar:]
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
[resteasy-jaxrs-2.3.2.Final.jar:]
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1202)
[jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1102)
[jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3655)
[jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardContext.start(StandardContext.java:3873)
[jbossweb-7.0.13.Final.jar:]
at org.jboss.as.web.deployment.WebDeploymentService.start(WebDeploymentService.java:90)
[jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
[rt.jar:1.7.0_09]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
[rt.jar:1.7.0_09]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_09]
Caused by: org.jboss.resteasy.spi.LoggableFailure: Unable to find
contextual data of type: javax.servlet.ServletContext
at org.jboss.resteasy.core.ContextParameterInjector$GenericDelegatingProxy.invoke(ContextParameterInjector.java:53)
[resteasy-jaxrs-2.3.2.Final.jar:]
at $Proxy39.getContextPath(Unknown Source) at
org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:37)
[keycloak-services-1.0-alpha-4.jar:]
at org.keycloak.server.KeycloakServerApplication.<init>(KeycloakServerApplication.java:41)
[classes:]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method) [rt.jar:1.7.0_09]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
[rt.jar:1.7.0_09]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
[rt.jar:1.7.0_09]
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
[rt.jar:1.7.0_09]
at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:132)
[resteasy-jaxrs-2.3.2.Final.jar:]
... 14 more
17:55:00,123 ERROR
[org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/auth]]
(MSC service thread 1-14) Servlet /auth threw load() exception:
org.jboss.resteasy.spi.LoggableFailure: Unable to find contextual data
of type: javax.servlet.ServletContext
at org.jboss.resteasy.core.ContextParameterInjector$GenericDelegatingProxy.invoke(ContextParameterInjector.java:53)
[resteasy-jaxrs-2.3.2.Final.jar:]
at $Proxy39.getContextPath(Unknown Source) at
org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:37)
[keycloak-services-1.0-alpha-4.jar:]
at org.keycloak.server.KeycloakServerApplication.<init>(KeycloakServerApplication.java:41)
[classes:]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method) [rt.jar:1.7.0_09]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
[rt.jar:1.7.0_09]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
[rt.jar:1.7.0_09]
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
[rt.jar:1.7.0_09]
at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:132)
[resteasy-jaxrs-2.3.2.Final.jar:]
at org.jboss.resteasy.spi.ResteasyDeployment.createFromInjectorFactory(ResteasyDeployment.java:282)
[resteasy-jaxrs-2.3.2.Final.jar:]
at org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:259)
[resteasy-jaxrs-2.3.2.Final.jar:]
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:85)
[resteasy-jaxrs-2.3.2.Final.jar:]
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
[resteasy-jaxrs-2.3.2.Final.jar:]
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1202)
[jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1102)
[jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3655)
[jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardContext.start(StandardContext.java:3873)
[jbossweb-7.0.13.Final.jar:]
at org.jboss.as.web.deployment.WebDeploymentService.start(WebDeploymentService.java:90)
[jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
[rt.jar:1.7.0_09]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
[rt.jar:1.7.0_09]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_09]
I wonder if there is anything wrong here, w/ the
jboss-deployment-structure.xml file of the actual WAR file from Keycloak?
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
10 years
Server alias
by Stian Thorgersen
To make it simpler to manage URLs for applications and clients (redirect, management, base) I propose we add server aliases.
A server alias is an alias that resolves to a hostname and optional port.
For example valid redirect uris could be:
http://${myserver}/myapp
Which could resolve to: http://www.myserver.com/myapp or http://localhost/myapp
We could also add a special built in server alias for the Keycloak server itself (for example ${keycloak}). This server alias would be resolved depending on the URL used to contact Keycloak.
I think this should be helpful for UPS as redirect URIs for the UPS bundled with Keycloak would use the Keycloak server alias.
10 years
