September 2015 - keycloak-dev - Jboss List Archives

RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients

by Raghuram Prabhala

Any plans to implement the below? http://www.rfc-editor.org/rfc/rfc7636.txt

7 years, 12 months

2
1
0 / 0

Kerberos, login with different user

by Michael Gerber

Hi all, I would like to use kerberos as my standard authentication mechanism, but I also want to have the possibility to log in as an admin over the login form. Therefore, I want to skip the kerberos authenticator after a successful logout. https://issues.jboss.org/browse/KEYCLOAK-1727 How would you solve this problem? I've got two solutions, one sets a logout session cookie after a logout and then skips the kerberos authentication and another which allows users to skip any kind of alternative authenticators with a query parameter. Logout Session Cookie https://github.com/gerbermichi/keycloak/commit/f804d9e13573cb666cf6d2eff1... Query Param https://github.com/gerbermichi/keycloak/commit/abd3bd87f5aa4c28914da67765... Michael

8 years

4
17
0 / 0

Admin REST - User Roles

by Remi Cartier

Hi guys, first of all, thank you for that great piece of software, it’s amazing ! Now, down to business. When I do : keycloak = Keycloak.getInstance(getKeycloakServerURL(), getKeycloakRealm(), getKeycloakRealmAdminUsername(), getKeycloakRealmAdminPassword(), getKeycloakClientId()); for (UserRepresentation userRepresentation : keycloak.realm(getKeycloakRealm()).users().search(null, 0, Integer.MAX_VALUE)) { log.info(ToStringBuilder.reflectionToString(userRepresentation, ToStringStyle.JSON_STYLE)); } The information I get does not contain any roles, all the roles related fields are ‘null’. - {"self":null,"id":"0556717e-ffb9-4c2d-b85b-533d9396f243","createdTimestamp":1443542144845,"username":"admin","enabled":true,"totp":false,"emailVerified":true,"firstName":"first name","lastName":"last name","email":null,"federationLink":null,"serviceAccountClientId":null,"attributes":{key1=[value1]},"credentials":null,"requiredActions":[],"federatedIdentities":null,"realmRoles":null,"clientRoles":null,"clientConsents":null,"applicationRoles":null,"socialLinks":null} However in the admin interface I have setup roles at each layer : realm, client The user I am using to do the queries has all the *realm* roles associated. is there anything else I need to do ? thank you for your help ! ________________________________ REMI CARTIER B.O.S.S. (Business & Operation Support Systems) P.O (Product Owner) IMETRIK GLOBAL INC. T : +1 514 448-6407 x2009 T : +1 866 276-5382 (toll free) F : +1 514 904-0611 740 Notre Dame St. West, Suite 1575 Montreal, Quebec, Canada H3C 3X6 imetrik.com<http://www.imetrik.com/>

8 years

3
11
0 / 0

Testing Migration?

by Stan Silvert

I've never tested migration before and I wonder if I'm doing it right. Keycloak 1.6 server dies before the migration code is ever executed. Here is what I did: Download Keycloak 1.5 Start the server, add a couple of users and a new realm. Build Keycloak 1.6 Copy the database from 1.5 to 1.6 Start Keycloak 1.6 I get: 19:40:03,411 INFO [org.hibernate.Version] (ServerService Thread Pool -- 61) HHH000412: Hibernate Core {4.3.10.Final} 19:40:03,413 INFO [org.hibernate.cfg.Environment] (ServerService Thread Pool -- 61) HHH000206: hibernate.properties not found 19:40:03,414 INFO [org.hibernate.cfg.Environment] (ServerService Thread Pool -- 61) HHH000021: Bytecode provider name : javassist 19:40:03,511 INFO [org.hibernate.annotations.common.Version] (ServerService Thread Pool -- 61) HCANN000001: Hibernate Commons Annotations {4.0.5.Final} 19:40:03,551 INFO [org.hibernate.dialect.Dialect] (ServerService Thread Pool -- 61) HHH000400: Using dialect: org.hibernate.dialect.H2Dialect 19:40:03,556 WARN [org.hibernate.dialect.H2Dialect] (ServerService Thread Pool -- 61) HHH000431: Unable to determine H2 database version, certain features may not work 19:40:03,761 INFO [org.hibernate.hql.internal.ast.ASTQueryTranslatorFactory] (ServerService Thread Pool -- 61) HHH000397: Using ASTQueryTranslatorFactory 19:40:03,789 INFO [org.hibernate.validator.internal.util.Version] (ServerService Thread Pool -- 61) HV000001: Hibernate Validator 5.1.3.Final 19:40:04,857 WARN [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (ServerService Thread Pool -- 61) SQL Error: 42122, SQLState: 42S22 19:40:04,857 ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (ServerService Thread Pool -- 61) Column "CLIENTENTI1_.ROOT_URL" not found; SQL statement: select realmentit0_.ID as ID1_25_0_, realmentit0_.ACCESS_CODE_LIFESPAN as ACCESS_C2_25_0_, realmentit0_.LOGIN_LIFESPAN as LOGIN_LI3_25_0_, realmentit0_.USER_ACTION_LIFESP AN as USER_ACT4_25_0_, realmentit0_.ACCESS_TOKEN_LIFESPAN as ACCESS_T5_25_0_, realmentit0_.ACCOUNT_THEME as ACCOUNT_6_25_0_, realmentit0_.ADMIN_EVENTS_DETAILS_ENABLED as ADMIN_EV7_25_0_, realmentit0_.ADMIN_EVENTS_ENABLED as ADMIN_EV8_25_0_, realmentit0_.ADMIN_THEME as ADMIN_TH9_25_0_, realmentit0_.BROWSER_FLOW as BROWSER10_25_0_, realment it0_.CERTIFICATE as CERTIFI11_25_0_, realmentit0_.CLIENT_AUTH_FLOW as CLIENT_12_25_0_, realmentit0_.CODE_SECRET as CODE_SE13_25_0_, realmentit0_.DEFAULT_LOCALE as DEFAULT ... long SQL blah blah blah ... 19:40:04,911 INFO [org.hibernate.event.internal.DefaultLoadEventListener] (ServerService Thread Pool -- 61) HHH000327: Error performing load command : org.hibernate.exception.SQLGrammarException: could not prepare statement 19:40:04,913 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 61) MSC000001: Failed to start service jboss.undertow.deployment.default-server.default-host./auth: org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./auth: java.lang.RuntimeException: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher) at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:85) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) at org.jboss.threads.JBossThread.run(JBossThread.java:320) Caused by: java.lang.RuntimeException: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core .Dispatcher) at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:160) at org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2211) at org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:295) at org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:236) at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:112) at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36) at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117) at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78) at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103) at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:230) at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:131) at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:511) at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101) at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82) ... 6 more Caused by: org.keycloak.models.ModelException: javax.persistence.PersistenceException: org.hibernate.exception.SQLGrammarException: could not prepare statement at org.keycloak.connections.jpa.PersistenceExceptionConverter.convert(PersistenceExceptionConverter.java:44) at org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:34) at com.sun.proxy.$Proxy57.find(Unknown Source) at org.keycloak.models.jpa.JpaRealmProvider.getRealm(JpaRealmProvider.java:63) at org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.getRealm(DefaultCacheRealmProvider.java:150) at org.keycloak.services.managers.ApplianceBootstrap.bootstrap(ApplianceBootstrap.java:40) at org.keycloak.services.managers.ApplianceBootstrap.bootstrap(ApplianceBootstrap.java:31) at org.keycloak.services.resources.KeycloakApplication.setupDefaultRealm(KeycloakApplication.java:158) at org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:88) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:422) at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:148) ... 19 more Caused by: javax.persistence.PersistenceException: org.hibernate.exception.SQLGrammarException: could not prepare statement at org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1763) at org.hibernate.jpa.spi.AbstractEntityManagerImpl.convert(AbstractEntityManagerImpl.java:1694) at org.hibernate.jpa.spi.AbstractEntityManagerImpl.find(AbstractEntityManagerImpl.java:1141) at org.hibernate.jpa.spi.AbstractEntityManagerImpl.find(AbstractEntityManagerImpl.java:1068) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.keycloak.connections.jpa.PersistenceExceptionConverter.invoke(PersistenceExceptionConverter.java:32) ... 31 more Caused by: org.hibernate.exception.SQLGrammarException: could not prepare statement at org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:123) at org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:49) at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:126) at org.hibernate.engine.jdbc.internal.StatementPreparerImpl$StatementPreparationTemplate.prepareStatement(StatementPreparerImpl.java:196) at org.hibernate.engine.jdbc.internal.StatementPreparerImpl.prepareQueryStatement(StatementPreparerImpl.java:160) at org.hibernate.loader.plan.exec.internal.AbstractLoadPlanBasedLoader.prepareQueryStatement(AbstractLoadPlanBasedLoader.java:257) at org.hibernate.loader.plan.exec.internal.AbstractLoadPlanBasedLoader.executeQueryStatement(AbstractLoadPlanBasedLoader.java:201) at org.hibernate.loader.plan.exec.internal.AbstractLoadPlanBasedLoader.executeLoad(AbstractLoadPlanBasedLoader.java:137) at org.hibernate.loader.plan.exec.internal.AbstractLoadPlanBasedLoader.executeLoad(AbstractLoadPlanBasedLoader.java:102) at org.hibernate.loader.entity.plan.AbstractLoadPlanBasedEntityLoader.load(AbstractLoadPlanBasedEntityLoader.java:186) at org.hibernate.persister.entity.AbstractEntityPersister.load(AbstractEntityPersister.java:4126) at org.hibernate.event.internal.DefaultLoadEventListener.loadFromDatasource(DefaultLoadEventListener.java:503) at org.hibernate.event.internal.DefaultLoadEventListener.doLoad(DefaultLoadEventListener.java:468) at org.hibernate.event.internal.DefaultLoadEventListener.load(DefaultLoadEventListener.java:213) at org.hibernate.event.internal.DefaultLoadEventListener.proxyOrLoad(DefaultLoadEventListener.java:275) at org.hibernate.event.internal.DefaultLoadEventListener.onLoad(DefaultLoadEventListener.java:151) at org.hibernate.internal.SessionImpl.fireLoad(SessionImpl.java:1106) at org.hibernate.internal.SessionImpl.access$2000(SessionImpl.java:176) at org.hibernate.internal.SessionImpl$IdentifierLoadAccessImpl.load(SessionImpl.java:2587) at org.hibernate.internal.SessionImpl.get(SessionImpl.java:991) at org.hibernate.jpa.spi.AbstractEntityManagerImpl.find(AbstractEntityManagerImpl.java:1110) ... 37 more

8 years

2
1
0 / 0

Fixed compilation errors

by Marek Posolda

I had some compilation errors when I rebased master today. It was about different signature of SamlAdapterTestStrategy.uploadSP, which expects single String argument, but some tests invoked that with 2 arguments (second is keycloakRule). I've removed the second argument from calls and changed it like this: - SamlAdapterTestStrategy.uploadSP("http://localhost:8081/auth", keycloakRule); + SamlAdapterTestStrategy.uploadSP("http://localhost:8081/auth"); I've added it to my PR for offline tokens. Now the compilation errors are fixed and all tests are passing. Just a heads up. Hope I did not break anything :) Marek

8 years

1
0
0 / 0

AdapterDeploymentContextBean with custom location

by Thomas Raehalme

Hi! We have written a custom subclass of org.keycloak.adapters.springsecurity.AdapterDeploymentContextBean to enable custom location for keycloak.json. The use of custom location is optional and defaults to the standard /WEB-INF/keycloak.json. Our use case is that for developers we have a default keycloak.json included in the application. In production, however, we override the default by using a file that is external to the application. The location of the file is specified in JNDI settings and injected to our subclass with the help of Spring. What do you think would such an extension to AdapterDeploymentContextBean be of general use? I'd be happy to merge our subclass to AdapterDeploymentContextBean and submit a pull request. Best regards, Thomas

8 years

3
8
0 / 0

From Picketlink to Keycloak

by Arthur Gregório

Hi! I already have a system running with picketlink, everything works normally. However, with the merge of the two projects, I wonder if I can ever move to keycloak, if already have a migration guide, or how to proceed? at., *Arthur P. Gregório* *+55 45 9958-0302* @gregorioarthur www.arthurgregorio.eti.br

8 years

3
3
0 / 0

(no subject)

by Andrzej Goławski

Hi, I've started to use keycloak with spring security and found that the name and location of keycloak.json file was hardcoded. IMO it would be better to allow injection of the configuration file name via constructor in AdapterDeploymentContextBean by developer. Thus, I would be able to use different keycloak configurations with different spring profiles. What do you think about it? Best Regards, Andrzej

8 years

3
3
0 / 0

travis fail

by Michael Gerber

Hi all, travis fails at my PR but it passes on my branch. Is there a way to restart travis on a PR or do you have to create a new PR? best Michael

8 years

4
11
0 / 0

Re: [keycloak-dev] Run keycloak client with annotations

by Michal Hajas

Sorry I forgot to write it in first email, yes without annotations It works correctly. ----- Original Message ----- From: "Stian Thorgersen" <sthorger(a)redhat.com> To: "Michal Hajas" <mhajas(a)redhat.com> Sent: Friday, September 25, 2015 1:45:47 PM Subject: Re: [keycloak-dev] Run keycloak client with annotations Can you try without the @RolesAllowed and instead with a security constraint in web.xml? Just to confirm that the user has the correct roles, client has correct scope, etc. On 25 September 2015 at 13:22, Michal Hajas <mhajas(a)redhat.com> wrote: > If you mean the configuration in standalone.xml then yes, It's the same > with demo-dist that have keycloak adapter preconfigured. > > I enclosed my standalone.xml from wildfly 9 container. > > Michal. > > ----- Original Message ----- > From: "Stian Thorgersen" <sthorger(a)redhat.com> > To: "Michal Hajas" <mhajas(a)redhat.com> > Cc: "keycloak-dev" <keycloak-dev(a)lists.jboss.org> > Sent: Friday, September 25, 2015 1:08:28 PM > Subject: Re: [keycloak-dev] Run keycloak client with annotations > > Did you add the keycloak security domain as described in docs? > > On 25 September 2015 at 12:14, Michal Hajas <mhajas(a)redhat.com> wrote: > > > Hi, > > > > I tried to run keycloak client with annotations $SecurityDomain, > > @RolesAllowed etc. ( https://github.com/mhajas/keycloak_annotations ) > > > > Maybe It is just my mistake, I am not an expert in RestFul services and > > EJB, but I tried lot of configurations and always ends up with some > error, > > mostly with: > > > > failed to execute: javax.ws.rs.ForbiddenException: HTTP 403 Forbidden > > at > > > org.jboss.resteasy.plugins.interceptors.RoleBasedSecurityFilter.filter(RoleBasedSecurityFilter.java:45) > > > > I have configured my keycloak adapter correctly according to > > http://keycloak.github.io/docs/userguide/html/ch08.html#jboss-adapter > but > > I don't know how to configure web.xml. What can be replaced with > > annotations and what should be preserved. > > > > I tried both relative and un-relative scenario. > > > > So question is what is wrong with my client? > > > > P.S. I think there might be an example with annotation. > > _______________________________________________ > > keycloak-dev mailing list > > keycloak-dev(a)lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-dev > > >

8 years

2
2
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

keycloak-dev September 2015