When logging out a specific user session I've updated the ResourceAdminManager to only logout applications that are associated with the specific user session.
If a realm has 100 applications and a user has only logged-in to one application this makes it 100x faster to logout ;)
Thanks to Brian Stansberry, I now see that it's quite doable to have the
Keycloak Auth Server installed as part of our subsystem (see below).
Our current approach of copying the WAR into the /deployments directory
will not work in an EAP cluster. In a cluster, there is no /deployments
directory. Instead, you upload your content and tell the domain
controller which nodes to run it on. It makes sense to go ahead and
install as part of the subsystem rather than forcing an administrator to
upload the bits to his system.
So I'm going to go ahead and implement this if there are no objections.
-------- Original Message --------
Subject: Re: [wildfly-dev] Creating a Keycloak Feature Pack
Date: Wed, 10 Sep 2014 16:24:02 -0500
From: Brian Stansberry <brian.stansberry(a)redhat.com>
On 9/10/14, 1:47 PM, Stan Silvert wrote:
> *Issue #3: Adding a deployment:* The Keycloak auth server is deployed
> as a WAR. We can use the copy-artifacts mechanism to simply copy the
> WAR into the deployments directory. But that doesn't work for a domain
> where you want to have the WAR pre-loaded into the content repository.
> Furthermore, it's probably not the best way to integrate this for
> standalone either.
> What would be a better option?
See the "A Mixed Approach" section at
The two comments at the bottom of that page are also relevant to that
part of the wiki.
Senior Principal Software Engineer
JBoss by Red Hat
wildfly-dev mailing list
KeycloakServer now checks KEYCLOAK_DEV_PORT environment variable. If it's set that'll be used as the port to start the server on. As I prefer to have KeycloakServer running on 8080 I've set this env variable in my profile.
Note: this doesn't affect running the testsuite (still runs on port 8081) or when Keycloak is deployed to WildFly/EAP
I added a "logo-example" theme to the distro. This just provides a
theme for login, account, and admin that overrides the logo (Keycloak
image to Red Hat image).
Because admin console is not based on freemarker templates, I refactored
the admin console 'styles.css' to make it easier to override styles for
the admin console. This now includes a 'base-styles.css' and a
'overrides.css'. The 'logo-example' theme for admin adds changes within
'overrides.css'. If you think this is the right way to implement this,
I'll update the documentation to talk about how to override admin theme
JBoss, a division of Red Hat
man I hate doing screencasts, but they are finally updated. It really
needed to be done as they were not in sync with the current version of
keycloak. I haven't linked them yet though. I'll do that when we release.
One thing that drove me crazy was that I kept on getting logged out of
the admin console sporadically. Gotta figure out what is going wrong here.
JBoss, a division of Red Hat
Instead of Existing one step authentication(user/pass), We need custom certificate based authentication which is 2-step Authentication as below:
1. Bypass Login screen , instead generate nonce(UUID) and provide intermediate Endpoint URL for Certificate based authentication.
2. Client will come to Certificate based authentication with its certificate and encrypted UUID. After Validating Encrypted UUID
and Client certificate server should generate "Access code".
We have gone through 1.3 Beta source code and realised to achieve this following code changes are needed
1. Changes in TokenService class (login method) to bypass login form and generate UUID.
2. Preserve UUID and url parameters obtained during the call in TokenManager.
3. Redirect to custom_endpoint where client will submit its certificate and encrypted nonce.
This end point will generate "access Code" once cert authentication completed.
It looks we need to make changes in some of core files like TokenService,TokenManager,OAuthFlows,...
Can you please let us know if there is any we can achieve this customization just by hooking our code
Lakshmi Narayana V