browser backbutton
by Bill Burke
Seems jboss.org guys don't like that the browser backbutton doesn't
work. The question is, do we want to rework the auth spi to allow for
backbutton? I'm not sure its even feasible or not.
https://issues.jboss.org/browse/KEYCLOAK-2325
REFRESH BUTTON
* Refresh button will repost form data to the URL that is contained in
the browser url window.
* In Keycloak 1.6, I added redirects after successful actions. The
redirect would redirect you off of the last URL. This helped a lot with
refresh button as form data wasn't posted to old form URLs.
* In Keycloak 1.8 I removed the redirects because jboss.org complained
about the performance of the extra redirects. To allow refresh button
to work, keycloak would just ignore posts to old form urls and just
display the current state of the flow.
BACK BUTTON
* Adding support for the back button would require Keycloak to unwind
actions that have already been successful. This probably requires a
callback method on the auth spi to do this.
* Since there are no more redirects, another problem is that keycloak
would not be able to distinguish between a page refresh button and a
backbutton/form resubmit.
Is this something we can put off until 2.0? I currently don't know how
to solve all three issues with the current design: refresh button, back
button, and performance.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
8 years, 2 months
Re: [keycloak-dev] [keycloak-user] Keycloak 1.8.0.CR2 Released
by Stian Thorgersen
Should be fixed in master now. Apparently I'd temporarily forgotten how to
write SQL statements
On 22 January 2016 at 12:53, Thorsten <thorsten315(a)gmx.de> wrote:
> Just ran into an issue starting up a fresh install 1.8.0.CR2 on a new
> mysql db. Got this exception at first startup:
>
> 11:45:47,034 INFO [org.keycloak.services.resources.KeycloakApplication]
> (ServerService Thread Pool -- 49) Load config from
> /opt/keycloak-1.8.0.CR2/standalone/configuration/keycloak-server.json
> 11:45:50,881 INFO
> [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider]
> (ServerService Thread Pool -- 49) Initializing database schema
> 11:45:55,265 WARN
> [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider]
> (ServerService Thread Pool -- 49) Database does not support drop with
> cascade
> 11:45:55,285 WARN
> [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider]
> (ServerService Thread Pool -- 49) Database does not support drop with
> cascade
> 11:46:00,630 ERROR
> [org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider]
> (ServerService Thread Pool -- 49) Change Set
> META-INF/jpa-changelog-1.8.0.xml::1.8.0-2::keycloak failed. Error: You
> have an error in your SQL syntax; check the manual that corresponds to your
> MySQL server version for the right syntax to use near ''HmacSHA1'' at line
> 1 [Failed SQL: UPDATE keycloak.CREDENTIAL SET ALGORITHM = 'pbkdf2' WHERE
> TYPE in ('password-history', 'password') AND ALGORITHM is 'HmacSHA1']:
> liquibase.exception.DatabaseException: You have an error in your SQL
> syntax; check the manual that corresponds to your MySQL server version for
> the right syntax to use near ''HmacSHA1'' at line 1 [Failed SQL: UPDATE
> keycloak.CREDENTIAL SET ALGORITHM = 'pbkdf2' WHERE TYPE in
> ('password-history', 'password') AND ALGORITHM is 'HmacSHA1']
> at
> liquibase.executor.jvm.JdbcExecutor$ExecuteStatementCallback.doInStatement(JdbcExecutor.java:316)
> at
> liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:55)
> at
> liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:122)
> at
> liquibase.database.AbstractJdbcDatabase.execute(AbstractJdbcDatabase.java:1247)
> at
> liquibase.database.AbstractJdbcDatabase.executeStatements(AbstractJdbcDatabase.java:1230)
> at liquibase.changelog.ChangeSet.execute(ChangeSet.java:548)
> at
> liquibase.changelog.visitor.UpdateVisitor.visit(UpdateVisitor.java:51)
> at
> liquibase.changelog.ChangeLogIterator.run(ChangeLogIterator.java:73)
> at liquibase.Liquibase.update(Liquibase.java:210)
> at liquibase.Liquibase.update(Liquibase.java:190)
> at liquibase.Liquibase.update(Liquibase.java:186)
> at
> org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.update(LiquibaseJpaUpdaterProvider.java:84)
> at
> org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.lazyInit(DefaultJpaConnectionProviderFactory.java:153)
> at
> org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:42)
> at
> org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:30)
> at
> org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:103)
> at
> org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:34)
> at
> org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:16)
> at
> org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:103)
> at
> org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.getDelegate(DefaultCacheRealmProvider.java:61)
> at
> org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.getMigrationModel(DefaultCacheRealmProvider.java:43)
> at
> org.keycloak.migration.MigrationModelManager.migrate(MigrationModelManager.java:21)
> at
> org.keycloak.services.resources.KeycloakApplication.migrateModel(KeycloakApplication.java:137)
> at
> org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:80)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at
> org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:150)
> at
> org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2209)
> at
> org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:299)
> at
> org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:240)
> at
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:113)
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
> at
> io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
> at
> org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
> at
> io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
> at
> io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:231)
> at
> io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:132)
> at
> io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:526)
> at
> org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101)
> at
> org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82)
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> at org.jboss.threads.JBossThread.run(JBossThread.java:320)
> Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You
> have an error in your SQL syntax; check the manual that corresponds to your
> MySQL server version for the right syntax to use near ''HmacSHA1'' at line 1
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at com.mysql.jdbc.Util.handleNewInstance(Util.java:404)
> at com.mysql.jdbc.Util.getInstance(Util.java:387)
> at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:939)
> at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3878)
> at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3814)
> at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2478)
> at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2625)
> at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2547)
> at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2505)
> at
> com.mysql.jdbc.StatementImpl.executeInternal(StatementImpl.java:840)
> at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:740)
> at
> org.jboss.jca.adapters.jdbc.WrappedStatement.execute(WrappedStatement.java:198)
> at
> liquibase.executor.jvm.JdbcExecutor$ExecuteStatementCallback.doInStatement(JdbcExecutor.java:314)
> ... 47 more
>
> 11:46:00,652 ERROR [org.keycloak.services.resources.KeycloakApplication]
> (ServerService Thread Pool -- 49) Failed to migrate datamodel:
> java.lang.RuntimeException: Failed to update database
> at
> org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.update(LiquibaseJpaUpdaterProvider.java:87)
> at
> org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.lazyInit(DefaultJpaConnectionProviderFactory.java:153)
> at
> org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:42)
> at
> org.keycloak.connections.jpa.DefaultJpaConnectionProviderFactory.create(DefaultJpaConnectionProviderFactory.java:30)
> at
> org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:103)
> at
> org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:34)
> at
> org.keycloak.models.jpa.JpaRealmProviderFactory.create(JpaRealmProviderFactory.java:16)
> at
> org.keycloak.services.DefaultKeycloakSession.getProvider(DefaultKeycloakSession.java:103)
> at
> org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.getDelegate(DefaultCacheRealmProvider.java:61)
> at
> org.keycloak.models.cache.infinispan.DefaultCacheRealmProvider.getMigrationModel(DefaultCacheRealmProvider.java:43)
> at
> org.keycloak.migration.MigrationModelManager.migrate(MigrationModelManager.java:21)
> at
> org.keycloak.services.resources.KeycloakApplication.migrateModel(KeycloakApplication.java:137)
> at
> org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:80)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at
> org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:150)
> at
> org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2209)
> at
> org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:299)
> at
> org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:240)
> at
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:113)
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
> at
> io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
> at
> org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
> at
> io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
> at
> io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:231)
> at
> io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:132)
> at
> io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:526)
> at
> org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101)
> at
> org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82)
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> at org.jboss.threads.JBossThread.run(JBossThread.java:320)
> Caused by: liquibase.exception.MigrationFailedException: Migration failed
> for change set META-INF/jpa-changelog-1.8.0.xml::1.8.0-2::keycloak:
> Reason: liquibase.exception.DatabaseException: You have an error in
> your SQL syntax; check the manual that corresponds to your MySQL server
> version for the right syntax to use near ''HmacSHA1'' at line 1 [Failed
> SQL: UPDATE keycloak.CREDENTIAL SET ALGORITHM = 'pbkdf2' WHERE TYPE in
> ('password-history', 'password') AND ALGORITHM is 'HmacSHA1']
> at liquibase.changelog.ChangeSet.execute(ChangeSet.java:584)
> at
> liquibase.changelog.visitor.UpdateVisitor.visit(UpdateVisitor.java:51)
> at
> liquibase.changelog.ChangeLogIterator.run(ChangeLogIterator.java:73)
> at liquibase.Liquibase.update(Liquibase.java:210)
> at liquibase.Liquibase.update(Liquibase.java:190)
> at liquibase.Liquibase.update(Liquibase.java:186)
> at
> org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterProvider.update(LiquibaseJpaUpdaterProvider.java:84)
> ... 36 more
> Caused by: liquibase.exception.DatabaseException: You have an error in
> your SQL syntax; check the manual that corresponds to your MySQL server
> version for the right syntax to use near ''HmacSHA1'' at line 1 [Failed
> SQL: UPDATE keycloak.CREDENTIAL SET ALGORITHM = 'pbkdf2' WHERE TYPE in
> ('password-history', 'password') AND ALGORITHM is 'HmacSHA1']
> at
> liquibase.executor.jvm.JdbcExecutor$ExecuteStatementCallback.doInStatement(JdbcExecutor.java:316)
> at
> liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:55)
> at
> liquibase.executor.jvm.JdbcExecutor.execute(JdbcExecutor.java:122)
> at
> liquibase.database.AbstractJdbcDatabase.execute(AbstractJdbcDatabase.java:1247)
> at
> liquibase.database.AbstractJdbcDatabase.executeStatements(AbstractJdbcDatabase.java:1230)
> at liquibase.changelog.ChangeSet.execute(ChangeSet.java:548)
> ... 42 more
> Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You
> have an error in your SQL syntax; check the manual that corresponds to your
> MySQL server version for the right syntax to use near ''HmacSHA1'' at line 1
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at com.mysql.jdbc.Util.handleNewInstance(Util.java:404)
> at com.mysql.jdbc.Util.getInstance(Util.java:387)
> at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:939)
> at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3878)
> at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3814)
> at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:2478)
> at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:2625)
> at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2547)
> at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.java:2505)
> at
> com.mysql.jdbc.StatementImpl.executeInternal(StatementImpl.java:840)
> at com.mysql.jdbc.StatementImpl.execute(StatementImpl.java:740)
> at
> org.jboss.jca.adapters.jdbc.WrappedStatement.execute(WrappedStatement.java:198)
> at
> liquibase.executor.jvm.JdbcExecutor$ExecuteStatementCallback.doInStatement(JdbcExecutor.java:314)
> ... 47 more
>
> 11:46:00,774 INFO [org.hibernate.jpa.internal.util.LogHelper]
> (ServerService Thread Pool -- 49) HHH000204: Processing PersistenceUnitInfo
> [
> name: keycloak-default
> ...]
>
> Seems that other tables are being created just fine.
>
> Thanks, Thorsten
>
>
> 2016-01-21 12:00 GMT+01:00 Stian Thorgersen <sthorger(a)redhat.com>:
>
>> We had a few issues reported against 1.8.0.CR1, so we're doing another CR
>> release with the fixes. If everything is OK, 1.8.0.Final will be released
>> next week.
>>
>> There was also a feature that sneaked in. We now support sign-on with
>> Microsoft Live.
>>
>> For the full list of issues resolved check out JIRA
>> <https://issues.jboss.org/issues/?jql=project%20%3D%20keycloak%20and%20fix...> and
>> to download the release go to the Keycloak homepage
>> <http://keycloak.org/downloads>.
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
8 years, 2 months
need explanation of distribution for adapters
by Bill Burke
I need to create a separate adapter distro for Wildfly 10 as it is not
compatible with Wildfly 8 and 9. To do this, I need an explanation of
the distribution directory for adapters
distribution/adapters/wildfly-adapter? What is this for? Wildfly 9 and 10?
distribution/feature-packs/adapter-feature-pack? What is this for?
Wildfly 10 only? Wildfly 9 and 10?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
8 years, 2 months
Keycloak on Wildfly 10
by Christian Beikov
Hello,
I am trying to deploy Keycloak 1.8.0.CR1 to Wildfly 10.0.0.CR4 but there
are some problems with that.
You are compiling against Undertow 1.1.1.Final but Wildfly 10.0.0.CR4
comes with 1.3.3.Final and there are some binary incompatibilities in
io.undertow.server.Connectors of which
org.keycloak.adapters.undertow.SavedRequest is affected.
You are using io.undertow.util.ImmediatePooled instead of the expected
type io.undertow.connector.PooledByteBuffer which leads to method not
found exceptions.
I suggest you update the undertow version in the parent pom.xml to make
sure everything is binary compatible if you are going to support Wildfly
10 as you announced.
Regards,
Christian
8 years, 3 months
User / Realm Management
by gambol
Hiya
It's a little confusing how best to use Keycloak and realms; ideally I'd
like to have a realm per application or group of interrelated applications,
i.e. a realm for JIra, one for gitlab for example, but the fact users can't
cross realms would make this difficult, I support you could use a social
provider to mitigate setting up duplicate credentials, but I doubt would
help with OTP. Is there any proposals about separating the permissions of a
user in a realm from their identity, i.e. you could have a global user
(same creds and OTP) but where permissions in a realm can be changes
independent of the user.
Appreciate your thoughts ..
Rohith
8 years, 3 months