May 2014 - keycloak-dev - Jboss List Archives

by Bill Burke

Admin console requires a redirect uri to be set for non-bearer-only clients. Token Service will now abort any login request where a client redirect uri hasn't been configured. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

11 years, 11 months

1
0
0 / 0

urn:ietf:wg:oauth:2.0:oob always valid?

by Bill Burke

If the client has a redirect uri of urn:ietf:wg:oauth:2.0:oob, this is always acceptable? -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

11 years, 11 months

3
4
0 / 0

Provider config framework

by Stian Thorgersen

Once 1.0.final is released I'd like to work on adding a generic mechanism to configure SPI providers to keycloak-server.json, the model, and admin console. The basic idea is to have a "providers" section on the admin console. There will be a drop-down to select the SPI you want to configure (audit, social, email, etc.). Once you've selected the SPI it will be possible to select what providers are active, and to be able to configure individual providers. Some SPIs/providers will let you specify a global configuration for the server, others a config for a realm, and maybe also a combination. Then we should add a ProvideConfigModel to the model, which will replace a fair amount of stuff on RealmModel, such as smtp-settings and social-settings. The benefits includes: * Ability to config custom providers through console * Simplified model / less crap on RealmModel * Global provider config with realm override

11 years, 11 months

2
1
0 / 0

cors setup simplification?

by Bill Burke

CORS setup is confusing to people. I'm going to remove the web-origins setting from the admin console. Instead there will be a on/off switch that says "Cross-Origin Tokens (CORS)". Tokens created for those types of clients will have the token's origins calculated by iterating over the redirect uri list. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

11 years, 11 months

2
9
0 / 0

LiveOak and JavaEE libraries

by Anil Saldhana

Hi Stian, do you know what parts of JavaEE Web libraries, LiveOak does not want to use? Right now, I know LiveOak uses Jax-RS and WebSockets. Does it use CDI, Servlets? Regards, Anil

11 years, 11 months

5
9
0 / 0

Email notifications on events and filtering of persisted events

by Stian Thorgersen

I've added an audit listener that can send emails on events. By default it once enabled as an audit listener for a realm it will send emails on these events: * Login error * Update password * Remove totp * Update totp It will only send events if a user has a verified email address. This is more aimed as a template for someone that wants to implement their own, as we don't have the time needed to do this properly at the moment. Especially with regards to failed login attempts, as it is a bit silly to send an email after a single failed login attempt. Also, it's possible to configure include/exclude events in keycloak-server.json, for example: "audit-listener": { "email": { "include": [ "update_password" ] } } It's also possible to configure include/exclude events that are persisted (and hence visible in the admin console) through keycloak-server.json as well: "audit": { "provider": "jpa", "jpa": { "exclude-events": [ "REFRESH_TOKEN" ] } }, Configuring include/exclude for these providers are currently limited to a server-wide config. After the 1.0 release I'd like to add a configuration mechanism for providers on a realm level, so we can configure these things without having to constantly add things to RealmModel. I'll send a separate email on this soon.

11 years, 11 months

1
0
0 / 0

admin console requires reboot

by Bill Burke

The admin console now requires a reboot to see changes from static content files when run with mvn -pl testsuite/integration -Pkeycloak-server -Dresources exec:java -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

11 years, 11 months

2
2
0 / 0

Resource Owner Password Credentials Grant disabled by default

by Stian Thorgersen

Resource Owner Password Credentials Grant aka 'grants/access' is now disabled by default and has to be enabled for the realm through the admin console

11 years, 11 months

1
0
0 / 0

Email notifications on events and theme support for emails

by Stian Thorgersen

I'm working on adding email notifications for events. The events I think we need to support are: * Suspected malicious login * Password changed Also at the same time I'm adding theme support for emails. Folks are just not going to want their emails to be signed 'Thanks, The Keycloak Team' ;)

11 years, 11 months

3
6
0 / 0

Added theme support to emails

by Stian Thorgersen

I've just added theme support to emails. There are now FreeMarker templates for the email body, and the subject is set in message bundles. Currently there's no way to set the email theme for a Realm, but that'll be added tomorrow. There's a fair few changes in this commit as I had to do some updates/refactoring to the existing Theme/FreeMarker code.

11 years, 11 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

keycloak-dev May 2014