POST to /realms/{realm}/account/password results in server 500
by Daniel Baxter
Hi,
I am trying to implement a remote user password change for the logged in user. This is a requirement for the protocol we are required to support which accepts xml formatted commands over a network port, one of which is a password change request. The user is logged in via a Direct Grant from the Remoting application and we have a full KeycloakPrincipal attached to each remote session. When I POST to the form at /realms/{realm}/account/password using a Bearer Auth the password does reset but I get a 500 status back from Keycloak. The issue is that it is trying to rebuild an html response from the 'password.ftl' template and it does not have a value for 'stateChecker'.
After reviewing the code on github I found that if you use Bearer Auth, AccountService.init() never initializes a value to stateChecker. So even though I passed one in as a cookie on the POST and inside the form itself it never gets read. The workaround is to use cookies only to handle the authentication mechanism; specifically KEYCLOAK_STATE_CHECKER and KEYCLOAK_IDENTITY and not include Bearer authentication at all. So there is a workaround and it requires the use of cookies only and not Bearer Auth. I know this is not really the intended use of the POST to this form (eg: using it like a REST endpoint), but if anyone else runs into this issue at least they can learn from what I found by searching the mailing list archives.
So this leaves me with a couple of questions
Why does using Bearer Auth not initialize some sort of value for stateChecker here (ie: Is this a bug)? When you use cookies it appears to even generate a value for stateChecker if none is found in the cookie.
What is the purpose of embedding it as a hidden input on the password change form? It appears to never get read when the form is processed anyways.
Thanks,
Daniel
9 years, 1 month
Fwd: AeroGear OAuth2 - Screencast
by Stian Thorgersen
----- Forwarded Message -----
> From: "Erik Jan de Wit" <edewit(a)redhat.com>
> To: "Mobile Internal" <mobile-internal(a)redhat.com>, "jboss-mobile-internal" <jboss-mobile-internal(a)redhat.com>
> Sent: Friday, 27 February, 2015 1:15:33 PM
> Subject: Re: AeroGear OAuth2 - Screencast
>
> Due to popular demand here is a screen share of keycloak, oauth2 and cordova:
>
> http://youtu.be/3SHtpQSjGOg
>
> > On 25 Feb,2015, at 9:14 , Corinne Krych <ckrych(a)redhat.com> wrote:
> >
> > Don’t want to spoil Eriks’s surprise but i’ve heard of another video
> > picturing Cordova and Keycloak…
> > Note we’ll do this demo for your presentation next week:
> > http://mdevcon.com/posts/2015/01/09/erik-jan-de-wit-corinne-krych/
> > ++
> > Corinne
> >> On 25 Feb 2015, at 06:45, Stian Thorgersen <stian(a)redhat.com> wrote:
> >>
> >> Really nice, I'd love one that shows using Keycloak instead of Google ;)
> >>
> >> ----- Original Message -----
> >>> From: "Matthias Wessendorf" <mwessend(a)redhat.com>
> >>> To: "Mobile Internal" <mobile-internal(a)redhat.com>,
> >>> "jboss-mobile-internal" <jboss-mobile-internal(a)redhat.com>
> >>> Sent: Tuesday, February 24, 2015 4:52:03 PM
> >>> Subject: AeroGear OAuth2 - Screencast
> >>>
> >>> Hello,
> >>>
> >>> Erik did a nice and short screencast, showing our OAuth2 support for
> >>> Windows, Android and iOS:
> >>>
> >>> https://twitter.com/AeroGears/status/570168411998834688
> >>>
> >>> Cheers,
> >>> Matthias
> >>>
> >>> --
> >>> AeroGear project lead
> >>> JBoss by Red Hat
> >>>
> >>>
> >>
> >
> >
>
>
>
9 years, 1 month
internationalized property references in Javascript
by Bill Burke
Some things are dynamically rendered and configured in the admin
console. i.e. identity broker plugins, user federation plugins, and my
new protocol claim mapper plugins. For protocol claim mappers each
"mapper type" can provide a list of config options, the option's label
and help text.
To internationalize this, we would need a way to turn a i18n property
reference to a value within Javascript as these types of things will be
painted by angular js, and not freemarker.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
9 years, 1 month