January 2016 - keycloak-dev - Jboss List Archives

by Bill Burke

So repository connection for travis build seems to go offline Friday nights and into the weekend. Build failed with a timeout. This happened to me last weekend/friday too. FYI -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

10 years, 1 month

1
0
0 / 0

browser backbutton

by Bill Burke

Seems jboss.org guys don't like that the browser backbutton doesn't work. The question is, do we want to rework the auth spi to allow for backbutton? I'm not sure its even feasible or not. https://issues.jboss.org/browse/KEYCLOAK-2325 REFRESH BUTTON * Refresh button will repost form data to the URL that is contained in the browser url window. * In Keycloak 1.6, I added redirects after successful actions. The redirect would redirect you off of the last URL. This helped a lot with refresh button as form data wasn't posted to old form URLs. * In Keycloak 1.8 I removed the redirects because jboss.org complained about the performance of the extra redirects. To allow refresh button to work, keycloak would just ignore posts to old form urls and just display the current state of the flow. BACK BUTTON * Adding support for the back button would require Keycloak to unwind actions that have already been successful. This probably requires a callback method on the auth spi to do this. * Since there are no more redirects, another problem is that keycloak would not be able to distinguish between a page refresh button and a backbutton/form resubmit. Is this something we can put off until 2.0? I currently don't know how to solve all three issues with the current design: refresh button, back button, and performance. -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

10 years, 1 month

4
10
0 / 0

does keycloak 1.8 supports ECP profile on SP side?

by Arulkumar Ponnusamy

keycloak 1.8 CR release notes state, it supports SAML ECP profile. want to know, is it on IDP side or it supports both IDP and SP side?

10 years, 1 month

4
5
0 / 0

Keycloak 1.8.0.CR3 Released

by Stian Thorgersen

A few more fixes, hopefully this will be the last CR and we can release Final next week. For the full list of issues resolved check out JIRA <https://issues.jboss.org/issues/?jql=project%20%3D%20keycloak%20and%20fix...> and to download the release go to the Keycloak homepage <http://keycloak.org/downloads>.

10 years, 1 month

1
0
0 / 0

Re: [keycloak-dev] [keycloak-user] Keycloak 1.8.0.CR2 Released

by Stian Thorgersen

Should be fixed in master now. Apparently I'd temporarily forgotten how to write SQL statements On 22 January 2016 at 12:53, Thorsten <thorsten315(a)gmx.de> wrote: > Just ran into an issue starting up a fresh install 1.8.0.CR2 on a new > mysql db. Got this exception at first startup: > > 11:45:47,034 INFO [org.keycloak.services.resources.KeycloakApplication] > (ServerService Thread Pool -- 49) Load config from > /opt/keycloak-1.8.0.CR2/standalone/configuration/keycloak-server.json > 11:45:50,881 INFO > [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider] > (ServerService Thread Pool -- 49) Initializing database schema > 11:45:55,265 WARN > [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider] > (ServerService Thread Pool -- 49) Database does not support drop with > cascade > 11:45:55,285 WARN > [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider] > (ServerService Thread Pool -- 49) Database does not support drop with > cascade > 11:46:00,630 ERROR > [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider] > (ServerService Thread Pool -- 49) Change Set > META-INF/jpa-changelog-1.8.0.xml::1.8.0-2::keycloak failed. Error: You > have an error in your SQL syntax; check the manual that corresponds to your > MySQL server version for the right syntax to use near ''HmacSHA1'' at line > 1 [Failed SQL: UPDATE keycloak.CREDENTIAL SET ALGORITHM = 'pbkdf2' WHERE > TYPE in ('password-history', 'password') AND ALGORITHM is 'HmacSHA1']: > liquibase.exception.DatabaseException: You have an error in your SQL > syntax; check the manual that corresponds to your MySQL server version for > the right syntax to use near ''HmacSHA1'' at line 1 [Failed SQL: UPDATE > keycloak.CREDENTIAL SET ALGORITHM = 'pbkdf2' WHERE TYPE in > ('password-history', 'password') AND ALGORITHM is 'HmacSHA1'] > at > liquibase.executor.jvm.JdbcExecutor$ExecuteStatementCallback.doInStatement(JdbcExecutor.java:316) > at > liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:55) > at > liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:122) > at > liquibase.database.AbstractJdbcDatabase.execute(AbstractJdbcDatabase.java:1247) > at > liquibase.database.AbstractJdbcDatabase.executeStatements(AbstractJdbcDatabase.java:1230) > at liquibase.changelog.ChangeSet.execute(ChangeSet.java:548) > at > liquibase.changelog.visitor.UpdateVisitor.visit(UpdateVisitor.java:51) > at > liquibase.changelog.ChangeLogIterator.run(ChangeLogIterator.java:73) > at liquibase.Liquibase.update(Liquibase.java:210) > at liquibase.Liquibase.update(Liquibase.java:190) > at liquibase.Liquibase.update(Liquibase.java:186) > at > org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.update(LiquibaseJpaUpdaterProvider.java:84) > at > org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.lazyInit(DefaultJpaConnectionProviderFactory.java:153) > at > org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:42) > at > org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:30) > at > org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:103) > at > org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:34) > at > org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:16) > at > org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:103) > at > org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.getDelegate(DefaultCacheRealmProvider.java:61) > at > org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.getMigrationModel(DefaultCacheRealmProvider.java:43) > at > org.keycloak.migration.MigrationModelManager.migrate(MigrationModelManager.java:21) > at > org.keycloak.services.resources.KeycloakApplication.migrateModel(KeycloakApplication.java:137) > at > org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:80) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native > Method) > at > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) > at > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at java.lang.reflect.Constructor.newInstance(Constructor.java:422) > at > org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:150) > at > org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2209) > at > org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:299) > at > org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:240) > at > org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:113) > at > org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36) > at > io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117) > at > org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78) > at > io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103) > at > io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:231) > at > io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:132) > at > io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:526) > at > org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101) > at > org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > at org.jboss.threads.JBossThread.run(JBossThread.java:320) > Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You > have an error in your SQL syntax; check the manual that corresponds to your > MySQL server version for the right syntax to use near ''HmacSHA1'' at line 1 > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native > Method) > at > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) > at > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at java.lang.reflect.Constructor.newInstance(Constructor.java:422) > at com.mysql.jdbc.Util.handleNewInstance(Util.java:404) > at com.mysql.jdbc.Util.getInstance(Util.java:387) > at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:939) > at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3878) > at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3814) > at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2478) > at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2625) > at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2547) > at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2505) > at > com.mysql.jdbc.StatementImpl.executeInternal(StatementImpl.java:840) > at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:740) > at > org.jboss.jca.adapters.jdbc.WrappedStatement.execute(WrappedStatement.java:198) > at > liquibase.executor.jvm.JdbcExecutor$ExecuteStatementCallback.doInStatement(JdbcExecutor.java:314) > ... 47 more > > 11:46:00,652 ERROR [org.keycloak.services.resources.KeycloakApplication] > (ServerService Thread Pool -- 49) Failed to migrate datamodel: > java.lang.RuntimeException: Failed to update database > at > org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.update(LiquibaseJpaUpdaterProvider.java:87) > at > org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.lazyInit(DefaultJpaConnectionProviderFactory.java:153) > at > org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:42) > at > org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:30) > at > org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:103) > at > org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:34) > at > org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:16) > at > org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:103) > at > org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.getDelegate(DefaultCacheRealmProvider.java:61) > at > org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.getMigrationModel(DefaultCacheRealmProvider.java:43) > at > org.keycloak.migration.MigrationModelManager.migrate(MigrationModelManager.java:21) > at > org.keycloak.services.resources.KeycloakApplication.migrateModel(KeycloakApplication.java:137) > at > org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:80) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native > Method) > at > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) > at > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at java.lang.reflect.Constructor.newInstance(Constructor.java:422) > at > org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:150) > at > org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2209) > at > org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:299) > at > org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:240) > at > org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:113) > at > org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36) > at > io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117) > at > org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78) > at > io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103) > at > io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:231) > at > io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:132) > at > io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:526) > at > org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101) > at > org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at java.lang.Thread.run(Thread.java:745) > at org.jboss.threads.JBossThread.run(JBossThread.java:320) > Caused by: liquibase.exception.MigrationFailedException: Migration failed > for change set META-INF/jpa-changelog-1.8.0.xml::1.8.0-2::keycloak: > Reason: liquibase.exception.DatabaseException: You have an error in > your SQL syntax; check the manual that corresponds to your MySQL server > version for the right syntax to use near ''HmacSHA1'' at line 1 [Failed > SQL: UPDATE keycloak.CREDENTIAL SET ALGORITHM = 'pbkdf2' WHERE TYPE in > ('password-history', 'password') AND ALGORITHM is 'HmacSHA1'] > at liquibase.changelog.ChangeSet.execute(ChangeSet.java:584) > at > liquibase.changelog.visitor.UpdateVisitor.visit(UpdateVisitor.java:51) > at > liquibase.changelog.ChangeLogIterator.run(ChangeLogIterator.java:73) > at liquibase.Liquibase.update(Liquibase.java:210) > at liquibase.Liquibase.update(Liquibase.java:190) > at liquibase.Liquibase.update(Liquibase.java:186) > at > org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.update(LiquibaseJpaUpdaterProvider.java:84) > ... 36 more > Caused by: liquibase.exception.DatabaseException: You have an error in > your SQL syntax; check the manual that corresponds to your MySQL server > version for the right syntax to use near ''HmacSHA1'' at line 1 [Failed > SQL: UPDATE keycloak.CREDENTIAL SET ALGORITHM = 'pbkdf2' WHERE TYPE in > ('password-history', 'password') AND ALGORITHM is 'HmacSHA1'] > at > liquibase.executor.jvm.JdbcExecutor$ExecuteStatementCallback.doInStatement(JdbcExecutor.java:316) > at > liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:55) > at > liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:122) > at > liquibase.database.AbstractJdbcDatabase.execute(AbstractJdbcDatabase.java:1247) > at > liquibase.database.AbstractJdbcDatabase.executeStatements(AbstractJdbcDatabase.java:1230) > at liquibase.changelog.ChangeSet.execute(ChangeSet.java:548) > ... 42 more > Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You > have an error in your SQL syntax; check the manual that corresponds to your > MySQL server version for the right syntax to use near ''HmacSHA1'' at line 1 > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native > Method) > at > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) > at > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at java.lang.reflect.Constructor.newInstance(Constructor.java:422) > at com.mysql.jdbc.Util.handleNewInstance(Util.java:404) > at com.mysql.jdbc.Util.getInstance(Util.java:387) > at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:939) > at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3878) > at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3814) > at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2478) > at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2625) > at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2547) > at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2505) > at > com.mysql.jdbc.StatementImpl.executeInternal(StatementImpl.java:840) > at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:740) > at > org.jboss.jca.adapters.jdbc.WrappedStatement.execute(WrappedStatement.java:198) > at > liquibase.executor.jvm.JdbcExecutor$ExecuteStatementCallback.doInStatement(JdbcExecutor.java:314) > ... 47 more > > 11:46:00,774 INFO [org.hibernate.jpa.internal.util.LogHelper] > (ServerService Thread Pool -- 49) HHH000204: Processing PersistenceUnitInfo > [ > name: keycloak-default > ...] > > Seems that other tables are being created just fine. > > Thanks, Thorsten > > > 2016-01-21 12:00 GMT+01:00 Stian Thorgersen <sthorger(a)redhat.com>: > >> We had a few issues reported against 1.8.0.CR1, so we're doing another CR >> release with the fixes. If everything is OK, 1.8.0.Final will be released >> next week. >> >> There was also a feature that sneaked in. We now support sign-on with >> Microsoft Live. >> >> For the full list of issues resolved check out JIRA >> <https://issues.jboss.org/issues/?jql=project%20%3D%20keycloak%20and%20fix...> and >> to download the release go to the Keycloak homepage >> <http://keycloak.org/downloads>. >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > >

10 years, 1 month

1
0
0 / 0

need explanation of distribution for adapters

by Bill Burke

I need to create a separate adapter distro for Wildfly 10 as it is not compatible with Wildfly 8 and 9. To do this, I need an explanation of the distribution directory for adapters distribution/adapters/wildfly-adapter? What is this for? Wildfly 9 and 10? distribution/feature-packs/adapter-feature-pack? What is this for? Wildfly 10 only? Wildfly 9 and 10? -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

10 years, 1 month

3
8
0 / 0

Does keycloak SP SAML client adapter supports keystore credential in encrypt/decrypt way?

by Arulkumar Ponnusamy

Currently, keycloak saml SP, keystore information is read from keycloak_saml.xml file. but keystore and private key password is written in plain text which may lead to security vulnerability. does keycloak supports reading encrypt/decrypt password for this in keycloak-saml.xml file instead of plain text. Thanks Arulkumar

10 years, 1 month

2
1
0 / 0

logout broken for wildfly10

by Bill Burke

UGH! Hopefully a backward compatible fix coming -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com

10 years, 1 month

1
1
0 / 0

Keycloak on Wildfly 10

by Christian Beikov

Hello, I am trying to deploy Keycloak 1.8.0.CR1 to Wildfly 10.0.0.CR4 but there are some problems with that. You are compiling against Undertow 1.1.1.Final but Wildfly 10.0.0.CR4 comes with 1.3.3.Final and there are some binary incompatibilities in io.undertow.server.Connectors of which org.keycloak.adapters.undertow.SavedRequest is affected. You are using io.undertow.util.ImmediatePooled instead of the expected type io.undertow.connector.PooledByteBuffer which leads to method not found exceptions. I suggest you update the undertow version in the parent pom.xml to make sure everything is binary compatible if you are going to support Wildfly 10 as you announced. Regards, Christian

10 years, 1 month

4
17
0 / 0

User / Realm Management

by gambol

Hiya It's a little confusing how best to use Keycloak and realms; ideally I'd like to have a realm per application or group of interrelated applications, i.e. a realm for JIra, one for gitlab for example, but the fact users can't cross realms would make this difficult, I support you could use a social provider to mitigate setting up duplicate credentials, but I doubt would help with OTP. Is there any proposals about separating the permissions of a user in a realm from their identity, i.e. you could have a global user (same creds and OTP) but where permissions in a realm can be changes independent of the user. Appreciate your thoughts .. Rohith

10 years, 1 month

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

keycloak-dev January 2016