October 2015 - keycloak-dev - Jboss List Archives

by Pedro Igor Silva

Hi, Would like to know your thoughts about which model implementations I must support for the authz model. Both Database/JPA and MongoDB ? Regards. Pedro Igor

9 years, 3 months

3
5
0 / 0

Fine Grained Permissions

by Cristhian Camilo Lopez

Hello, I'm migrating from Picketlink to Keycloak but I haven't found the way to implement fined Grained permissions . What's the "right" approach to implement this feature. Help is appreciated, Crsthian

9 years, 3 months

2
1
0 / 0

NPE while getting token through Direct Access Grant

by Kamal Jagadevan

Hi Guys!! I took latest master to verify the fix that Stian delivered to prevent usage of same refresh token.My test code tries getting the access token + Refresh token through direct access grant but fails due to NullPointer exception.Meanwhile I can continue to debug further, but wanted to share the observation to you guys... Will post further if I get any more details... Environment details - I have user federation configured to LDAP and tried to login with a user in ldap. Caused by: java.lang.NullPointerException at org.keycloak.models.cache.infinispan.DefaultCacheUserProvider.removeUser(DefaultCacheUserProvider.java:272) at org.keycloak.models.UserFederationManager.deleteInvalidUser(UserFederationManager.java:113) at org.keycloak.models.UserFederationManager.validateAndProxyUser(UserFederationManager.java:135) at org.keycloak.models.UserFederationManager.getUserById(UserFederationManager.java:163) at org.keycloak.models.sessions.infinispan.ClientSessionAdapter.getAuthenticatedUser(ClientSessionAdapter.java:265) at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:116) at org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:724) at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.buildResourceOwnerPasswordCredentialsGrant(TokenEndpoint.java:357) at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.build(TokenEndpoint.java:110) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137) at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296) at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109) at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135) at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103) at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)

9 years, 3 months

3
3
0 / 0

Some packages renamed

by Marek Posolda

Fuse (OSGI in general) doesn't like when there are 2 jar bundles exporting same java packages. Hence I sent PR https://github.com/keycloak/keycloak/pull/1750, which (among some minor fixes) contains renaming of some packages: - keycloak-common vs. keycloak-core had same packages. So all packages in keycloak-common were put into "org.keycloak.common" (For example "org.keycloak.common.util" instead of previous "org.keycloak.util" ) - keycloak-adapter-spi vs. keycloak-adapter-core had same packages. So package in keycloak-adapter-spi was renamed to "org.keycloak.adapters.spi" - keycloak-jetty-spi vs. keycloak-jetty-core had same packages. So package in keycloak-jetty-spi was renamed to "org.keycloak.jetty.spi" We discussed with Stian that it's ok to rename it as keycloak-common and keycloak-adapter-spi contains mainly internal util classes and are not supposed to be widely used by people. Most important packages (especially stuff in keycloak-core ) is unchanged. But still, I am likely going to write some note to migration guide. This change affects quite many classes, especially import. So I suggest to rebase before start on something major :-) Marek

9 years, 3 months

1
0
0 / 0

Can I use this method in RepresentationToModel?

by Stan Silvert

I'm implementing import users from the admin console. I'd like to use this method to create each user: https://github.com/keycloak/keycloak/blob/master/model/api/src/main/java/... But I'm not sure of the effect since this method uses session.userStorage().addUser() instead of session.users().addUser(). Anyone care to enlighten me? Stan

9 years, 3 months

3
4
0 / 0

This list is not for support!

by Stian Thorgersen

Please do not use the developer mailing list to ask about general questions about using Keycloak. Use the user mailing list for that. Also, please refrain from answering support questions to this list!

9 years, 3 months

2
1
0 / 0

Regarding Reset Password

by Satyajit Das

Hi Team, Kindly answer by below query. I can see admin api has 2 services for reset password. Do we have an api where in user can enter new password and it should be permanent instead of temporarary. Regards, Satya

9 years, 3 months

2
1
0 / 0

Re: [keycloak-dev] [keycloak-user] Exception while running kaycloak 1.5.0 third party example

by Harish Kumar

I made sure adapter is installed correctly. Now do not see error for Class not found.Now getting following error. Mentioning keycloak.json below.Would appreciate if you could pls let me know how it can be fixed ? 13:44:47,283 WARN [org.keycloak.events] (default task-115) type=CODE_TO_TOKEN_ERROR, realmId=master, clientId=third-party, userId=null, ipAddress=127.0.0.1, error=invalid_client_credentials Exception13:44:47,284 ERROR [io.undertow.request] (default task-114) UT005023: Exception handling request to /oauth-client/pull_data.jsp: org.apache.jasper.JasperException: java.lang.RuntimeException: org.keycloak.adapters.ServerRequest$HttpFailure at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:410) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:326) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:259) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) at io.undertow.jsp.JspFileHandler.handleRequest(JspFileHandler.java:32) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72) at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)Caused by: java.lang.RuntimeException: org.keycloak.adapters.ServerRequest$HttpFailure at org.keycloak.example.oauth.ProductDatabaseClient.getTokenResponse(ProductDatabaseClient.java:87) at org.apache.jsp.pull_005fdata_jsp._jspService(pull_005fdata_jsp.java:65) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:69) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:366) ... 31 moreCaused by: org.keycloak.adapters.ServerRequest$HttpFailure at org.keycloak.adapters.ServerRequest.error(ServerRequest.java:211) at org.keycloak.adapters.ServerRequest.invokeAccessCodeToToken(ServerRequest.java:94) at org.keycloak.servlet.ServletOAuthClient.resolveBearerToken(ServletOAuthClient.java:41) at org.keycloak.servlet.ServletOAuthClient.getBearerToken(ServletOAuthClient.java:146) at org.keycloak.example.oauth.ProductDatabaseClient.getTokenResponse(ProductDatabaseClient.java:70) ... 35 more Kyecloak.json{ "realm": "master", "realm-public-key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqzFVCG8nltfcTBL70E5wk2Lh+yu0s5pUvl7rheFBeCb4mSEBwFqLAOIRN3iHVC+A7F8PSp4ZlpqQIBiFXfFiUUSaLfVPVoRapKfi0Wl4+MScFcW2VL4uiIZWR0wIlg0HCZ8EOrHLA6myKi5pc/jhEf7i1FgG+QiTvemQSv9TvLF1xXAXoiNvQbbGzH0t2Pmau9woyHwbiepLp+8pxxIxYupJtBFU+cTc65Rs2wJOmd9snCQQbhTOxeoJLT9J/JkOQcrJUVEracGRx7ebj2pjmUrKx2sAqFH4sCyinODPfFh2OUWUaTSoIN16X2QRyJPbltChjwiu4U2ajD56L5teQIDAQAB", "auth-server-url": "http://localhost:8080/auth", "ssl-required": "external", "resource": "third-party", "credentials": { "secret": "49f899fa-6208-4eb6-b4fe-e4a8c9b02332" }} On Wednesday, October 14, 2015 12:36 PM, Harish Kumar <harish_k_s007(a)yahoo.com> wrote: Thanks Marko for response. I checked keycloak-adapter-core-1.5.0.final.jar is presentat ( /modules/system/layers/base/org/keycloak-adapter-core). Few things i observed, Not sure if they are related just mentioning#1. After 1.1, release httpcomponents (modules/org/apache) has changed jars from 4.2.#2. No start() method for ServletOAuthClient ( it was there in Bootstrap.java in 1.1) Pls let me know if i am missing anything ? Thanks,Harish On Wednesday, October 14, 2015 2:01 AM, Marko Strukelj <mstrukel(a)redhat.com> wrote: The exception seems to indicate that your adapter was not proprerly installed. Make sure that you can see the following file underneath your Wildfly 9 home directory (where you deploy your third party app): modules/system/layers/base/org/keycloak/keycloak-adapter-core/main/keycloak-adapter-core-1.5.0.Final.jar It should be there as a result of properly unpacking keycloak-wf9-adapter-dist-1.5.0.Final.zip into your Wildfly 9.I suppose your mentioning keycloak-appliance-dist-all-1.1.0.Final is a reference to a version that used to work for you some time ago, and not what you're using now. On Wed, Oct 14, 2015 at 4:36 AM, Harish Kumar <harish_k_s007(a)yahoo.com> wrote: I was trying out examples from keycloak 1.5.0, specifically i was trying third-party example. Same example worked fine while i took distribution (keycloak-appliance-dist-all-1.1.0.Final)I did following steps. 1. Installed keycloak 1.5.02. Set third-party client with valid redirect URL as /oauth-client/*3. Keycloak Json mentioned below (towards end of that email)4. Initially when i deployed then i got error (No class definition error :Lorg/keycloak/servlet/ServletOAuthClient) then added files from keycloak-wf9-adapter-dist-1.5.0.Final.zip.5. After that application could deploy but when i type http://localhost:8080/oauth-client/ and click on "pull data" then getting error. I would appreciate if you could pls let me know how this error can be fixed ? Any module missing ? javax.servlet.ServletException: java.lang.NoClassDefFoundError: org/keycloak/adapters/ServerRequest$HttpFailure org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:848) org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:777) org.apache.jsp.redirect_jsp._jspService(redirect_jsp.java:63) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:69) javax.servlet.http.HttpServlet.service(HttpServlet.java:790) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:366) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:326) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:259) javax.servlet.http.HttpServlet.service(HttpServlet.java:790) io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86) Keycloak json{ "realm": "demo", "realm-public-key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPt1q5aq8xZGUZVHAwj7xW6vJ20qk/awf6kK6NqQ2CvblWoSYyZOeLF+NpGue3Wn5r4ImKVUST89wPMrO83Y5st31Zpe4kZKoe8kvUj7tI6eeRrUsEsUWwpZ6I5yR5uVgj+8hJ9TaZQNAgB8zK0FvAxmu5bO+mq7c6eDEsYbcuMt3X+VZrkD36toaWM+gXPqziVkiNxp8DdS2TB8EN2J+MBGQRkbG6t6zdVMF0XrWpoT2UeMeFQ05I5lk1mlVupa6TJCpeH7sZBL2pgR+6TRDhViShur5PZUepHayS45PjPYPMsejfGZInRjHl/aqGcRK8YkXPjVDqPSp0xIa/QXYwIDAQAB", "auth-server-url": "http://localhost:8080/auth", "ssl-required": "external", "resource": "third-party", "credentials": { "secret": "7269abc3-4de8-4be7-b881-8c3fcacf4ef4" }} _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

9 years, 3 months

2
1
0 / 0

failed authentication: USER_CONFLICT

by Michael Gerber

Hi all, I get the following error if I try to log in as user1 with a wrong password and then as user2 with a correct password. 2015-10-15 09:05:58,605 ERROR [org.keycloak.authentication.AuthenticationProcessor] (default task-24) failed authentication: USER_CONFLICT: org.keycloak.authentication.AuthenticationFlowException at org.keycloak.authentication.AuthenticationProcessor.setAutheticatedUser(AuthenticationProcessor.java:203) [keycloak-services-1.6.0.Final-SNAPSHOT.jar:1.6.0.Final-SNAPSHOT] at org.keycloak.authentication.AuthenticationProcessor$Result.setUser(AuthenticationProcessor.java:332) [keycloak-services-1.6.0.Final-SNAPSHOT.jar:1.6.0.Final-SNAPSHOT] I think the reason for that is the context.setUser(user) call in the AbstractUsernameFormAuthenticator.validateUser method. Is this on purpose? Best Michael

9 years, 3 months

2
2
0 / 0

Email verification and forgot password oddity

by Joakim Löfgren

Hi, An email is sent for password reset action. When this is opened, another email is sent to verify the email address. This feels redundant. Steps to reproduce: * Create a user with required user actions set to verify email + update password * trigger the reset password flow

9 years, 3 months

2
1
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

keycloak-dev October 2015