U2F implemetation
by Greg Autric
Hi All,
I would like develop the u2f feature.
I noticed the JIRA ticket [1]
I would like to know how can I begin with ?
- 2/3 key classes
- add u2f attribut to User Model
- maybe reuse OTP workflow/action
by advance, thx for your help
[1] https://issues.jboss.org/browse/KEYCLOAK-1409
Greg AUTRIC
JBoss Middleware Consultant
email : gautric __at__ redhat __dot__ com
twitter : @gautric_io
Red Hat Global Services
Red Hat France SARL sit: http://www.redhat.fr
Le Linea, 1 rue du General Leclerc, 92047 Paris La Défense Cedex
Sent from webmail
9 years, 2 months
Import Clients?
by Stan Silvert
It looks like there is a partially-implemented facility to import
clients from admin console?
client-list.html has this:
<a id="importClient" class="btn btn-default"
href="#/import/client/{{realm.realm}}" data-ng-show="importButton">{{::
'import' | translate}}>
But I can't find any reference to the "importButton" flag, so it looks
like it is never set and the button never shows up.
Can anyone tell me more about the state of this feature?
Is it supposed to work?
9 years, 2 months
Keycloak 1.6.0.Final Released
by Stian Thorgersen
We're pleased to announce the release of Keycloak 1.6.0.Final.
- *SAML SP* - in the past we only had client libraries for OpenID
Connect, now we also have client libraries for SAML
- *Offline Tokens* - if your applications need long term access outside
of the users session you should take a look at the new offline tokens
support we've added
- *Client Registration* - we introduced a new rest api that can be used
to automate the registration of clients, this includes a java client
library. This feature will be further polished in a future release,
including documentation and examples
- *Import Clients in Admin Console* - it's now possible to import
clients through the admin console using the Keycloak JSON client
representation or OpenID Connect descriptions
- *Added Root URL to Clients* - we've added a root url to clients. For
clients that have a root url defined you can use relative urls for redirect
uris and other urls
- *Internationalization support in Admin Console* - we've added support
for internationalization of the Admin Console. Around half the pages now
support translation and the rest will be added in the next release
For the full list of issues resolved check out JIRA
<https://issues.jboss.org/issues/?jql=project%20%3D%2012313920%20AND%20fix...>
and
to download the release go to the Keycloak homepage
<http://keycloak.org/downloads>.
9 years, 2 months
hierarchical only groups?
by Bill Burke
I was wondering if it would be ok to only have parent/child, tree
structure relationship between groups. Meaning, a group can't belong to
multiple groups.
I was just thinking about modeling a large company with groups. How
would you visualize the group structure within the admin console? A
hierarchical-only group structure would allow you to define a group with
a simple non-unique names. i.e. "admins", "customers".
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
9 years, 2 months
Re: [keycloak-dev] Authz Model Implementation
by Cristhian Camilo Lopez
Hi Pedro,
I'm migrating from Picketlink, but I haven't found the way to use fine-grained permissions, Could u give me some advice on this ?
Thanks,
Cristhian.
9 years, 3 months
improvements to client creation
by Bill Burke
I'd like to improve the client creation page to reduce the amount of
info somebody needs to type in the first page and to provide base
defaults. I'll add this as a jira and schedule for 1.7 or 1.8
Create page required config (only these will be shown):
* Client Id
* protocol
* Root URL
For OIDC defaults would be:
* confidential client
* full scoped
* valid redirect urls Root URL/*
* consent required false
* direct grants only false
* service accounts enabled false
* Base URL renamed to Link URL defaults to root url
* Web Origins defaults to host of Root URL
* Remove admin url, this would just point to the root.
For SAML:
* Sign documents true
* Include Authn Statement true
* Client signature required true
* Sign assertions false
* Client private/public cert would be generated
* force post binding false
* encrypt assertions false
* front channel logout false
* Remove valid redirect URLs
* Remvoe Master SAML Processing URL
* Assertion Consumer and Logout Service binding urls all filled in with
Root URL.
SAML would get an Installation tab and could choose configurations for:
* Keycloak SAML adapter
* mod-auth-mellon
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
9 years, 3 months
Using events to track repository updates
by Pedro Igor Silva
Hi,
Are KC events, like ClientCreationEvent (and probably a missing ClientRemovedEvent), the recommended way to keep different repositories in sync ? In case you have to manage FKs programmatically ...
Regards.
Pedro Igor
9 years, 3 months
Communications links failure
by David Ramírez
Hi guys,
do you know something about this error?
In a first time it was seem all was ok. Apparently keycloak updated
correctly my new database although this WARN
https://issues.jboss.org/browse/KEYCLOAK-1506 appeared.
I signed in like admin and I made some operations correctly but when I
logout and sign in again Keycloak crashed.
I'm working with *MariaDB version:10.0.12*.
This is the error:
09:20:45,808 WARN [org.hibernate.engine.jdbc.spi.SqlExceptionHelper]
(default task-39) SQL Error: 0, SQLState: 08S01 09:20:45,813 ERROR
[org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (default task-39)
Communications link failure The last packet successfully received from the
server was 920.157 milliseconds ago. The last packet sent successfully to
the server was 0 milliseconds ago. 09:20:45,820 ERROR [io.undertow.request]
(default task-39) UT005023: Exception handling request to
/auth/admin/realms: java.lang.RuntimeException: request path:
/auth/admin/realms at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:73)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
at
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
at
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
at
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)
at
io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)
at
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)
at
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)
at
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199) at
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774) at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745) Caused by:
org.jboss.resteasy.spi.UnhandledException:
javax.persistence.PersistenceException:
org.hibernate.exception.JDBCConnectionException: could not prepare
statement at
org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
at
org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
at
org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)
at
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
at
org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:59)
... 29 more Caused by: javax.persistence.PersistenceException:
org.hibernate.exception.JDBCConnectionException: could not prepare
statement at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1763)
at
org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1677)
at org.hibernate.jpa.internal.QueryImpl.getResultList(QueryImpl.java:458)
at
org.keycloak.models.jpa.JpaRealmProvider.getRealms(JpaRealmProvider.java:71)
at
org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.getRealms(DefaultCacheRealmProvider.java:188)
at
org.keycloak.services.resources.admin.RealmsAdminResource.getRealms(RealmsAdminResource.java:87)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483) at
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
at
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)
at
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)
at
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
... 37 more Caused by: org.hibernate.exception.JDBCConnectionException:
could not prepare statement at
org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:132)
at
org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:49)
at
org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:126)
at
org.hibernate.engine.jdbc.internal.StatementPreparerImpl$StatementPreparationTemplate.prepareStatement(StatementPreparerImpl.java:196)
at
org.hibernate.engine.jdbc.internal.StatementPreparerImpl.prepareQueryStatement(StatementPreparerImpl.java:160)
at org.hibernate.loader.Loader.prepareQueryStatement(Loader.java:1885) at
org.hibernate.loader.Loader.executeQueryStatement(Loader.java:1862) at
org.hibernate.loader.Loader.executeQueryStatement(Loader.java:1839) at
org.hibernate.loader.Loader.doQuery(Loader.java:910) at
org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(Loader.java:355)
at org.hibernate.loader.Loader.doList(Loader.java:2554) at
org.hibernate.loader.Loader.doList(Loader.java:2540) at
org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2370) at
org.hibernate.loader.Loader.list(Loader.java:2365) at
org.hibernate.loader.hql.QueryLoader.list(QueryLoader.java:497) at
org.hibernate.hql.internal.ast.QueryTranslatorImpl.list(QueryTranslatorImpl.java:387)
at
org.hibernate.engine.query.spi.HQLQueryPlan.performList(HQLQueryPlan.java:236)
at org.hibernate.internal.SessionImpl.list(SessionImpl.java:1300) at
org.hibernate.internal.QueryImpl.list(QueryImpl.java:103) at
org.hibernate.jpa.internal.QueryImpl.list(QueryImpl.java:573) at
org.hibernate.jpa.internal.QueryImpl.getResultList(QueryImpl.java:449) ...
50 more Caused by: com.mysql.jdbc.exceptions.jdbc4.CommunicationsException:
Communications link failure The last packet successfully received from the
server was 920.157 milliseconds ago. The last packet sent successfully to
the server was 0 milliseconds ago. at
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:408) at
com.mysql.jdbc.Util.handleNewInstance(Util.java:404) at
com.mysql.jdbc.SQLError.createCommunicationsException(SQLError.java:983) at
com.mysql.jdbc.MysqlIO.reuseAndReadPacket(MysqlIO.java:3457) at
com.mysql.jdbc.MysqlIO.reuseAndReadPacket(MysqlIO.java:3357) at
com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3797) at
com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2470) at
com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2617) at
com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2546) at
com.mysql.jdbc.ConnectionImpl.setAutoCommit(ConnectionImpl.java:4873) at
org.jboss.jca.adapters.jdbc.BaseWrapperManagedConnection.checkTransaction(BaseWrapperManagedConnection.java:948)
at
org.jboss.jca.adapters.jdbc.WrappedConnection.checkTransaction(WrappedConnection.java:1623)
at
org.jboss.jca.adapters.jdbc.WrappedConnection.prepareStatement(WrappedConnection.java:427)
at
org.hibernate.engine.jdbc.internal.StatementPreparerImpl$5.doPrepare(StatementPreparerImpl.java:162)
at
org.hibernate.engine.jdbc.internal.StatementPreparerImpl$StatementPreparationTemplate.prepareStatement(StatementPreparerImpl.java:186)
... 67 more Caused by: java.io.EOFException: Can not read response from
server. Expected to read 4 bytes, read 0 bytes before connection was
unexpectedly lost. at com.mysql.jdbc.MysqlIO.readFully(MysqlIO.java:2949)
at com.mysql.jdbc.MysqlIO.reuseAndReadPacket(MysqlIO.java:3367) ... 78 more
any ideas? could my database version the problem? thanks!
9 years, 3 months
