arquillian tests failing
by Bill Burke
I don't think its my changes. It runs fine in the IDE, but not from
maven command line:
Caused by: java.lang.RuntimeException: Provider for type class
java.net.URL returned a null value:
org.jboss.arquillian.graphene.location.ContainerCustomizableURLResourceProvider@7e916dc2
at
org.jboss.arquillian.test.impl.enricher.resource.ArquillianResourceTestEnricher.lookup(ArquillianResourceTestEnricher.java:133)
at
org.jboss.arquillian.test.impl.enricher.resource.ArquillianResourceTestEnricher.enrich(ArquillianResourceTestEnricher.java:67)
at
org.jboss.arquillian.graphene.enricher.AbstractSearchContextEnricher.enrichRecursively(AbstractSearchContextEnricher.java:69)
at
org.jboss.arquillian.graphene.enricher.PageObjectEnricher.setupPage(PageObjectEnricher.java:97)
at
org.jboss.arquillian.graphene.enricher.PageObjectEnricher.enrich(PageObjectEnricher.java:75)
at
org.jboss.arquillian.graphene.enricher.GrapheneEnricher.enrich(GrapheneEnricher.java:55)
at
org.jboss.arquillian.test.impl.TestInstanceEnricher.enrich(TestInstanceEnricher.java:55)
at
org.jboss.arquillian.container.test.impl.ClientTestInstanceEnricher.enrich(ClientTestInstanceEnricher.java:51)
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
8 years, 11 months
rebasing
by Bill Burke
How you guys do this? I did a rebase -i and squashed everything but the
PR contained diffs of merged files and not just my changes.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
8 years, 11 months
Setting up AJP proxy from Apache?
by Adam Young
keycloak-1.9.0.Final
Having trouble finding the right notes for setting up AJP. This is to
run alongside a FreeIPA server which is already set up with
mod_proxy_ajp talking to Tomcat, so I want to keep using the same set of
modules.
I can see keycloak-1.9.0.Final/standalone/configuration/standalone.xml
<subsystem xmlns="urn:jboss:domain:undertow:3.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http"
redirect-socket="https"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
</host>
</server>
I'm assuming I need a line comparable to <http-listener name="default"
socket-binding="http" redirect-socket="https"/> But for the AJP
protocol. Perhaps ajp-listener?
A line like this, perhaps?
<http-listener name="default-ajp" socket-binding="ajp"
scheme="http" />
https://docs.jboss.org/author/display/WFLY8/AJP+listeners
I see at the bottom of the file:
<socket-binding-group name="standard-sockets"
default-interface="public"
port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="management-http" interface="management"
port="${jboss.management.http.port:9990}"/>
<socket-binding name="management-https" interface="management"
port="${jboss.management.https.port:9993}"/>
<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>
8 years, 11 months
Supporting sticky sessions
by Stian Thorgersen
Eventually it would be nice to support the ability for load balancers to
send all requests for a particular user session to the same node (browser
as well as client requests).
More details here: https://issues.jboss.org/browse/KEYCLOAK-2352
Is this a high priority for 1.9 or should it be 2.x? We may be able to put
it into 1.9.2 if required.
I'd like feedback on how useful folks think it would be as well as feedback
on the proposed implementation.
8 years, 11 months
Commercial support
by Stian Thorgersen
We're very pleased to announce that Red Hat is working on a commercially
supported version of Keycloak. At the moment we can't give any details
around product name, release date or subscription model. What we can tell
you is that the supported version will be based on Keycloak 1.9.x.
Rather than working on new features we're currently focusing on
performance, bug fixes and general polishing. We will be releasing minor
releases of 1.9.x every few weeks going forward. This means that we highly
recommend you upgrade to 1.9.x now. It will get continuous fixes, including
security fixes, until the commercially supported version is ready. Going
forwards we'll also be very unlikely to answer questions or help with
problems unless you've upgraded to 1.9.x. We'd also appreciate all the
review and feedback we can get on this release. We want to make it as good
as possible.
8 years, 11 months
Brute force flow
by Bruno Oliveira
Good morning, today I was thinking about our brute force flow and was
wondering if we could change it.
I know it's not our job to be a firewall or IDS. At the same time, our
current flow today make passwords guessable for attackers. A successful
login attempt is clearly distinguishable based on the error response.
TL;DR if a password is invalid we get "Invalid username and password", but
if it's valid we get "Account is temporarily disabled, contact admin or try
again later.". Which pretty much means that an attacker could complete the
attack from another machine or later, because now she knows that such
account exists and it's valid.
What I would like to suggest, it's just to remove the error message for
account disabled. This information is relevant for the Keycloak
administrator, but I don't think it's necessary for the final user. People
will contact the admin anyways.
Thoughts?
8 years, 11 months
Message bundles and translations
by Stian Thorgersen
The German admin console message bundle contained the English translations
prefixed with 'de'. There was also a number of English translations found
in other message bundles (for example German email message bundle).
Do NOT add keys in a bundle unless it's the proper translation. It will
fallback to using the English bundle if a key is not found.
8 years, 11 months