Packaging of ApacheDS for examples?
by Marek Posolda
I am thinking about adding LDAP example, which can be used as a base for
LDAP mappers based blog and screencast.
It will contain the application to show some claims (also both
singlevalued and multivalued attributes). It will also contain JSON
realm with UserFederation configuration pointing to our ApacheDS and
LDIF with some simple users for testing. I already added end-to-end test
to the testsuite (LDAPMultipleAttributesTest.ldapPortalEndToEndTest )
The only possible problem is how to easily bootstrap ApacheDS based LDAP
servers in user's environment. I am thinking about 3 approaches:
a) Point to the embedded ApacheDS server from our testsuite. This will
be easy to do and it's what Kerberos example is already doing . Problem
is that it requires people to checkout the keycloak sources through
github and build them through maven, so not very user friendly
b) Create docker image for ApacheDS servers (one for ldap example and
another for kerberos). Not sure if it's fine to require users to install
docker (even more pain might be on windows, when they need boot2docker
or something...)
c) Packaging with ApacheDS based servers directly into our example
package, so people can just run something like:
java -jar keycloak-examples/ldap/apacheds-embedded.jar
-Dldif.location=keycloak-examples/ldap/example.ldif
and similarly for kerberos.
For me it's easiest to go with (a) but not sure about usability...
Regarding usability (c) looks best but it's much more work.
WDYT?
Marek
10 years, 10 months
Unable to assign roles from a federation provider
by Scott Rossillo
Hey all,
I was going to create a JIRA for this, but just want to make sure it’s an actual bug. We are not able to assign roles to a user from a federation provider.
For example, we expected something like this to work from UserFederationProvider. getUserByUsername(RealmModel realm, String username):
if (remoteUser.getRoles() != null) {
for (String roleName : remoteUser.getRoles()) {
RoleModel role = realm.getRole(roleName);
userModel.getRoleMappings().add(role); // doesn’t work
userModel.getRealmRoleMappings().add(role); // doesn’t work
}
}
However, nothing but the default role is assigned even when we confirm additional roles are assigned to remoteUser and realm.getRole() returns a valid RoleModel.
Create JIRA or should we be assigning roles from a UserFederationProvider in another way?
Thanks
10 years, 10 months
Idle timeout notificaion
by Stan Silvert
It's common for applications to notify the user if their login session
has timed out due to inactivity. Then the app typically presents a
popup notification and possibly an option to refresh the session.
There is a customer who wants to do this for several applications in the
same realm. Is this something that Keycloak could/should provide or at
least help with? I'm thinking that maybe a bit of javascript could
register with the Keycloak server for a notification.
Stan
10 years, 10 months
Locale propagation from secured application
by David Álvarez
Hi!
We have a Keycloak secured application. This application is a multilingual
application.
In the application a free access zone is defined and a link to "login" is
available to users can access to a private area.
In that scenario we need that the user selected language in application
will be applied in Keycloak login page. When a user require a login action
this code is executed:
[...]
response.encodeRedirectURL("/index.xhtml");
req.authenticate(response);
[...]
Can we force an locale use in authenticate? Default locale value from
Keycloak configuration is allways applied.
Thanks a lot!
--
David Alvarez Cabal
dalvarez(a)inventiaplus.com
www.inventiaplus.com
* 928 702 054*
<http://www.inventiaplus.com/>
*ADVERTENCIA*
La información contenida en este correo electrónico, y en su caso, cualquier
fichero anexo al mismo, son de carácter privado y confidencial siendo para
uso exclusivo de su destinatario. Si usted no es el destinatario correcto,
el empleado o agente responsable de entregar el mensaje al destinatario, o
ha recibido esta comunicación por error, le informamos que está totalmente
prohibida cualquier divulgación, distribución o reproducción de esta
comunicación según la legislación vigente y le rogamos que nos lo
notifique inmediatamente,
procediendo a su destrucción sin continuar su lectura.
Le informamos que su dirección de correo electrónico, así como el resto de
los datos de carácter personal de la tarjeta de visita que nos facilite,
podrían ser objeto de tratamiento automatizado en nuestros ficheros, con la
finalidad de gestionar la agenda de contactos de INVENTIA PLUS, S.L.. Vd.
podrá en cualquier momento ejercer sus derechos de acceso, rectificación,
cancelación y oposición en los términos establecidos en la Ley Orgánica
15/1999 mediante notificación escrita a la siguiente dirección: c/ Pintor,
nº 8, Pol. Ind. Salinetas, 35219, Telde, Las Palmas.
10 years, 10 months
Deleting a user fails without error
by Scott Rossillo
In 1.2.0, an HTTP delete on “/auth/admin/realms/{realm}/users/{username}” returns a 200 OK, but the user still exists. A second call usually succeeds at actually deleting the user. Seems like a bug.
Thoughts?
~ Scott
10 years, 10 months
Handle multivalued LDAP attributes on UserModel
by Marek Posolda
LDAP allows to have multiple values of same attribute per single user.
There is usecase to map all the values of some LDAP attribute to
UserModel and then also to access token of particular user.
For example, user has LDAP attribute "applications" with 2 values
"sales" and "finance". Then in application there is code like this:
List<String> values = accessToken.getOtherClaims().get("applications");
which should then return 2 values "sales" and "finance" .
The main issue here is mapping of multiple LDAP attributes to the
UserModel, because "attributes" on UserModel currently support single
String value per attribute. I can see 2 possibilities to address this:
1) Change "attributes" map on UserModel to be MultivaluedMap and support
multiple String values per single key. This may require some migration,
however for JPA it can be easy. We just need to support multiple values
per single key and user in USER_ATTRIBUTES table (This breaks some
normal form, but looks better to me than introducing another table like
USER_ATTRIBUTE_VALUES as this will require migration changes again)
2) Use some delimiter for UserModel attribute value. So in previous
example, the value of attribute "applications" on the user will be
"sales###finance" (assuming that ### is delimiter). Then there will be
protocol mapper, which will be able to parse delimiter and create again
2 values "sales" and "finance" to be used in access token.
I am slightly for using (1) . What do you think? Any better ideas?
Thanks,
Marek
10 years, 10 months
Tomcat 7 Adapter crashes on startup
by Matthew Casperson
I have been seeing this a bit recently (I'm using KeyCloak 1.2.0). I
haven't tracked down a reproducible test case yet, but I'm wondering if
there are situations where Tomcat will attempt to stop the value before it
is started, which leads to nodesRegistrationManagement being null.
Maybe it is worth adding a null check in
AbstractKeycloakAuthenticatorValve.beforeStop()?
java.lang.NullPointerException
at
org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.beforeStop(AbstractKeycloakAuthenticatorValve.java:130)
at
org.keycloak.adapters.tomcat.AbstractKeycloakAuthenticatorValve.lifecycleEvent(AbstractKeycloakAuthenticatorValve.java:67)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:226)
at
org.apache.catalina.util.LifecycleBase.destroy(LifecycleBase.java:272)
at
org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:1041)
at
org.apache.catalina.startup.HostConfig.deleteRedeployResources(HostConfig.java:1300)
at
org.apache.catalina.startup.HostConfig.checkResources(HostConfig.java:1251)
at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1460)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at
org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:301)
at
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819)
at
com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801)
at
org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1445)
at
org.apache.catalina.manager.ManagerServlet.undeploy(ManagerServlet.java:1381)
at
org.apache.catalina.manager.HTMLManagerServlet.undeploy(HTMLManagerServlet.java:674)
at
org.apache.catalina.manager.HTMLManagerServlet.doPost(HTMLManagerServlet.java:215)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.filters.CsrfPreventionFilter.doFilter(CsrfPreventionFilter.java:213)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:581)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
--
*Matthew Casperson*
*Senior Front End Developer*
Technology, Space & Distribution
Auto & General Holdings Pty Ltd
P: 07) 3377 8751 (Direct: 3377 8751)
F: 07) 3377 8833
--
This email is sent by Auto & General Insurance Company Ltd, Auto & General Services Pty Ltd, Auto & General Holdings Pty Ltd or a related body corporate (Auto & General) and is for the intended addressee.
The views expressed in this email and attachments (email) reflect the views of the stated author but may not reflect views of Auto & General. This email is confidential and subject to copyright.
It may be privileged. If you are not the intended addressee, confidentiality and privilege have not been waived and any use, interference with, or disclosure of this email is unauthorised.
If you are not the intended addressee please immediately notify the sender and then delete the email. Auto & General does not warrant that this email is error or virus free.
10 years, 10 months
Error while building Keycloak 1.3.1 sources.
by John
Hi All,
I have downloaded source of keycloak 1.3.1 ver.
I am doing mvn install but getting following error.
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 45.121s
[INFO] Finished at: Thu Jun 18 19:02:12 IST 2015
[INFO] Final Memory: 215M/865M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project
keycloak-testsuite-security-proxy: Could not resolve dependencies for
project org.keycloak:keycloak-testsuite-security-proxy:jar:1.3.1.Final:
Could not find artifact
org.keycloak:keycloak-testsuite-integration:jar:tests:1.3.1.Final in
jboss-earlyaccess-repository
(http://maven.repository.redhat.com/earlyaccess/all/) -> [Help 1]
Any help appreciated.
Thanks,
John
10 years, 10 months
