Internationalization support (KEYCLOAK-301)
by Michael Gerber
Hi all,
I started to work on the internationalization support (https://issues.jboss.org/browse/KEYCLOAK-301 <https://issues.jboss.org/browse/KEYCLOAK-301>).
I’ve already implemented the realm config in the admin console. I’ve put it into the „Theme Setting“ (see screenshot)
I added the possibility to enable internationalization, add supported locales and a select a default locale.
Now I’d like to implement the logic which choose the correct locale. Therefore I need the http header, cookie, query parameter, realm and user.
The LoginFormsProvider and AccountProvider have all this information apart from the http header and the cookie.
So I thought I could replace the UriInfo with the HttpRequest, but that doesn’t work, because I can not access the UriInfo through the HttpRequest (java.lang.NoSuchMethodError: org.jboss.resteasy.spi.HttpRequest.getUri()Ljavax/ws/rs/core/UriInfo;). So, I will add the HttpHeader to the LoginFormsProvider and AccountProvider, or does anyone have a better idea?
@Bill
How do you plan to store the claim „locale“ on a user? Will it be accessible through the UserModel interface?
Best
Michael
10 years, 1 month
How to do default claim mappings?
by Bill Burke
Per realm and per protocol (saml or OIDC), I'm going to need to register
a set of default claim mappers into storage. ProviderFactorys are
loaded at boot time and each of their init() methods is invoked. I'm
thinking of adding a new method to ProviderFactory
void preprocess(KeycloakSessionFactory sessionFactory);
This would be called after all providers have been loaded. This would
allow the OIDC and SAML providers to browser every realm to make sure
the appropriate built in claim mappers have been registered.
I'm also thinking of adding a RealmCreationListener registration method
on RealmProvider. Within ProviderFactory.preprocess() components could
register themselves with the RealmProvider for realm creation events so
that they could add additional metadata specific to their plugin.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
10 years, 1 month
WildFly integration (READ ME!)
by Stian Thorgersen
All,
We have a few decisions to make in the not so far future. I'm away from Thursday, so let's have a hangout when I get back on the 17th February if that works for everyone.
The list of things to discuss includes:
* Drop keycloak-server.json - Should we drop our own configuration file and use DMR (standalone.xml)
* Keycloak CLI - Should we create our own or use WildFly CLI
* Admin operations exposed over DMR - Should we expose none, some or all admin operations over DMR? If we expose all should we deprecate the current REST endpoints?
* Packaging/distribution - How do we distribute Keycloak? Options:
- Full WildFly
- Core/web WildFly
- Overlay/installer/feature-pack to install to existing WF and EAP
- WAR bundle
* How should we deal with providers, themes and keycloak-server.json in domain-mode
* MSC all the way - We can deploy directly through the Undertow sub-system instead of deploying a WAR from the sub-system
* Split sub-systems - Should we split the sub-system in two? One for the auth-server and another for the adapter
* Deployable to other containers - Should it be possible to deploy Keycloak to Tomcat, Jetty, Fuse, etc..? One option could be to have reduced features in other containers (for example no client-cert)
Please add any other relevant topics.
Next big discussion I want to have is about distribution of adapters, but let's do one at a time ;)
10 years, 1 month
How to render claim data entry and display?
by Bill Burke
I'm not sure how to render claims within the admin console, registration
page, and in the user self service pages. The thing is that generically
rendering user metadata can look quite ugly. Address is one example
where the grouping and ordering of each attribute is important to look
nice. There are other instances where you need to group types of data
together (home phone, fax, work phone, mobile). Then there is the
problem of what claim data do you show on what pages which is harder
than it seems, for example, registration page might only require a
mobile number, but admin console and user profile page might want to
show home, fax, work too. You would end up having to define a data
model that captured metadata for each page type (registration, user
profile, and admin console). Finally, if you have generically rendered
claims, what happens when the user wants to override this rendering and
put their own formatting, .css types, etc. in?
This leads me to think that we should just punt to the developer. In
this case, there would be no data model for claim types and everything
would be driven simply off of UserModel.attributes. Develoeprs would
have to extend the admin console and account themes and we would provide
a template for referencing UserModel.attribute data within Angular HTML
(admin console) or Framemaker (account service, registration page).
I know Stian talked about validation, but I think this could be added on
after the fact via an AttributeValidator and again tied to a specific
UserModel.attribute.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
10 years, 1 month
HttpRequest, UriInfo, HttpHeader
by Michael Gerber
Hi all,
I need the following information:
- query parameter
- cookie
- http header (Accept-Language)
I thought I can access all this information through the HttpRequest (getUri, getHttpHeaders).
Unfortunatly, the getUri on the HttpRequest throws an error:
java.lang.NoSuchMethodError: org.jboss.resteasy.spi.HttpRequest.getUri()Ljavax/ws/rs/core/UriInfo;
Do you know how I can get the URI from an org.jboss.resteasy.spi.HttpRequest ?
Best
Michael
10 years, 1 month
Keycloak Clustering 1.1.0.Final - Getting infinispan type casting error (DefaultCacheContainer to EmbeddedCacheManager) in DefaultInfinispanConnectionProviderFactory
by Bappaditya Gorai (bgorai)
Hi Team,
I am trying configure Keycloak in clustered environment (EAP 6.3), however getting following error (stack trace is provided below) . I have followed instructions provided in "Chapter 24. Clustering" in Keycloak Guide (http://docs.jboss.org/keycloak/docs/1.1.0.Final/userguide/html/clustering...). Let me know if I am missing something.
13:23:25,681 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/auth]] (ServerService Thread Pool -- 62) JBWEB000289: Servlet Keycloak REST Interface threw load() exception: java.lang.ClassCastException: org.jboss.as.clustering.infinispan.DefaultCacheContainer cannot be cast to org.infinispan.manager.EmbeddedCacheManager
at org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory.initContainerManaged(DefaultInfinispanConnectionProviderFactory.java:70) [keycloak-connections-infinispan-1.1.0.Final.jar:1.1.0.Final]
at org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory.lazyInit(DefaultInfinispanConnectionProviderFactory.java:59) [keycloak-connections-infinispan-1.1.0.Final.jar:1.1.0.Final]
at org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory.create(DefaultInfinispanConnectionProviderFactory.java:30) [keycloak-connections-infinispan-1.1.0.Final.jar:1.1.0.Final]
at org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory.create(DefaultInfinispanConnectionProviderFactory.java:18) [keycloak-connections-infinispan-1.1.0.Final.jar:1.1.0.Final]
Thanks
Bappaditya Gorai
10 years, 1 month
