local build failing, travis passing
by Bill Burke
I just noticed that my local build fails while travis passes. The bug is
really something travis should have picked up, specifically the
PartialImportsTest was removing an identity provider. The JPA
removeIdenittyProviderByAlias method was wrong as it was trying to load
an IdentityProviderModel after it was removed thus resulting in a
Hibernate error. Travis did not pick this up which makes me wonder if
the test is even running.
FYI, i have a pull request that fixes this that is incoming. The bug,
not travis.
Bill
7 years, 4 months
Passing login_hint up to IdP when using kc_idp_hint
by Peter Chamberlin
Hi Keycloak team,
I'm working on a system which uses Keycloak as a broker to both OIDC and
SAML2.0 IdPs. We are using `kc_idp_hint` for every request and Keycloak is
never exposed to the user. The system uses OIDC to connect to Keycloak.
We would like to pass a `login_hint` or `subject` upstream to IdPs
(depending if it's OIDC or SAML) as we expect to know the user's IdP user
name, but this does not work out of the box. I can't see anything in the
documentation that would enable it.
Is it possible? If so how?
Many thanks for any help or pointers you can give.
Peter Chamberlin
7 years, 4 months
alternative subflow only sort of work
by Bill Burke
In fixing a recent bug, I noticed that alternative subflows don't really
work as advertised. If a previous alternative was successful, then an
alternative subflow will not execute. I think that's really the only
thing that works. If for example, you added another alterantive subflow
after the alternative subflow for username/password, some weird results
might happen. Like I don't think the username/password screen would
even pop up in this scenario. I need to check. Remind me to log a bug
on this. Going to bed now...
Bill
7 years, 4 months
Disable Keycloak 'User Federation' menu item in Keycloak Administrator.
by Stephen Merchant
Hello,
Is there a legitimate method of removing the 'User Federation' menu item, and/or the 'Configure' menu section from the Keycloak Administrator web application?
For some types of users we would like these Keycloak admin menu options to be hidden.
Any help appreciated.
Thanks.
Stephen Merchant
Developer
Gandlake Limited
Crown Commercial Service Supplier
BSI ISO/IEC 27001 certification number IS 585161
Gandlake Limited, a Limited Liability Company registered in England and Wales under number 4667925. Registered Office: Gandlake House, London Road, Newbury, Berkshire. RG14 1LA. VAT Registration Number 809 7164 11
7 years, 4 months
Stateless using Java Servlet Filter Adapter
by Laghuvaram, Raghu
Currently I am using Java Servlet Filter Adapter to make use of KeyCloak, I gave my secured pages url (/secured/*) for the filter KeycloakOIDCFilter and I am using tokenstore to use cookie so that stateless token store is achieved. But still I am not able to see any KEYCLOAK_ADAPTER_STATE cookie on my application cookies or on the keycloak(http://keycloakhost:keycloakport/auth/realms/{realmname}) cookies? I am using 2.3.0 Final. Is there anything I need to change to make my application use stateless token store?
Thanks,
Raghu
________________________________
Notice: This communication may contain privileged and/or confidential information. If you are not the intended recipient, please notify the sender by email, and immediately delete the message and any attachments without copying or disclosing them. LB may, for any reason, intercept, access, use, and disclose any information that is communicated by or through, or which is stored on, its networks, applications, services, and devices.
7 years, 4 months
Validate Token on IDP
by Laghuvaram, Raghu
I am trying to validate the token(Access Token) using the URL /auth/realms/<realm>/protocol/openid-connect/validate?access_token=<token> but I am getting 404 all the time. I am using 2.3.0 Final, is the token validate URL still valid?
Thanks,
Raghu.
________________________________
Notice: This communication may contain privileged and/or confidential information. If you are not the intended recipient, please notify the sender by email, and immediately delete the message and any attachments without copying or disclosing them. LB may, for any reason, intercept, access, use, and disclose any information that is communicated by or through, or which is stored on, its networks, applications, services, and devices.
7 years, 4 months
Rolling updates
by Dumitru Sbenghe
Hi,
There is any plan to support blue/green deployments or rolling updates (or
any kind of deployment which requires two versions of keycloak to run on
top of the same data schema)? I did see a discussion around one year ago
about this - a comment that it was nice to have, but I could not find any
other mention.
Thanks,
Dumitru
7 years, 4 months
