Undeployed war
by Brooks Isoldi
Hi Keycloak team,
We've had a couple of instances where we've found the keycloak war has
been undeployed from wildfly and we're unable to find a war that we can
redeploy.
Can anyone point me to a war file that we can use to deploy in such
instances?
Thank you!
-Brooks
8 years, 7 months
Authentication Provider chaining
by Rashmi Singh
Hi,
I am looking for a way to do authentication provider chaining with
keycloak. Basically, I want to have multiple authentication providers,
example username, Suregrid etc. On submitting username, we call a service
and if that service tells us to use SureGrid, then we should be able to
pass control to the corresponding authentication provider. So basically, I
want to spilt one authentication provider into multiple and be able to
chain them based on the response from the service called. I have not found
any documentation that explains this. Could you suggest how to achieve this?
8 years, 7 months
Implementing custom entities with KeyCloak
by Mitya
Hi,
My goal is to implement a custom first-class KeyCloak entity (like
User, Group, etc.) Entities should persist in KeyCloak database along
with Users, Groups etc.; there should be a CRUD interface in the admin
console to manage them; it will have an unidirectional N:1 relationship
to User and will participate in authentication process. In some future,
most likely it will also participate in federation (to/from external
LDAP server with custom schema).
After briefly studying KeyCloak internals, I've got an impression that
Provider SPIs won't help me much. Seems like what I'll have to
implement is at least:
- model interface (org.keycloak.models)
- entity class (org.keycloak.models.entities)
- JPA adapter (org.keycloak.models.jpa)
- JPA entity (org.keycloak.models.jpa.entities)
- (the same for Mongo and Infinispan)
- REST representation (org.keycloak.representations.idm)
- REST resource (org.keycloak.services.resources.admin)
Next, there will be custom authenticator (to make use of the entity)
and GUI modifications. I hope I didn't forget anything?
Important question is - can I implement all of that without modifying
KeyCloak code? Maintaining a fork and producing customized builds will
complicate development process a lot. Ideally, classes should reside in
my own packages (not org.keycloak.*), the code should be packaged as a
module (JBoss module? OSGi bundle?) and simply be plugged into an
official KeyCloak build. I see forking only as a last resort, it's
something I'd like to avoid absolutely.
Thanks!
Mitya
8 years, 7 months
Account Endpoint
by Lance Ball
Hi there
While updating the keycloak-nodejs-auth-utils to match current endpoints, I
stumbled on this function:
https://github.com/keycloak/keycloak-nodejs-auth-utils/blob/master/lib/gr....
It looks like the endpoint is $REALM_URL/account, but I don't think that
endpoint still exists. I looked through the documentation to try and find
its current equivalent, but nothing jumped out at me. Can anyone here point
me in the right direction?
Somewhat related, as I have been doing this work on the JS module, I have
been stymied a bit by the existing documentation. As I complained to him,
Bruno pointed me to this document
https://github.com/keycloak/keycloak/wiki/Docs. I applaud the effort and
want to give a big +100 to " Improved organization / grouping of REST
endpoints." For my efforts, this has been the biggest impediment to speedy
progress so far.
Thanks
Lance
8 years, 7 months
The release date of 1.9.5
by Thomas Raehalme
Hi!
Do you already have the release date set for 1.9.5?
I'd like to see KEYCLOAK-3016 fixed and was wondering if we should use a
local build until 1.9.5 becomes available (hopefully containing the fix :-).
Best regards,
Thomas
8 years, 7 months
Keycloak : Multi-tenant : Login screen theming.
by Stephen Merchant
Hello,
Please - can somebody help me?!
I have been evaluating Keycloak with the intention of providing SSO in a multi-tenant SAAS system.
We intend that each tenant will have a dedicated realm, and 'Login User Experience' for each tenant must be cooperate customised.
I have sussed from online sources that using innate Keycloak 'theming' will not help me to achieve this? I have also been advised not to use Login SPI as it is regarded as an internal software interface, and consequently subject to change in future Keycloak releases.
I would be really grateful for a suggested legitimate approach of how to achieve this in Keycloak,
I am a supporter of Keycloak, I can see the potential, and I really want to involve it within our SAAS solution.
Thanks in advance,
Stephen Merchant
Developer
Gandlake Limited
Crown Commercial Service Supplier
BSI ISO/IEC 27001 certification number IS 585161
Gandlake Limited, a Limited Liability Company registered in England and Wales under number 4667925. Registered Office: Gandlake House, London Road, Newbury, Berkshire. RG14 1LA. VAT Registration Number 809 7164 11
8 years, 7 months
Realm templates
by Thomas Raehalme
Hi!
I searched Jira and the mailing lists if realm templates have been
discussed before, but didn't find anything. Apologies if I missed an
already existing thread.
What would you think of adding support for realm templates?
The idea would be similar to client templates. One could define common
properties in a realm template and create concrete realms based on the
template. Whenever any of the common properties need to be changed, it
would only be necessary to make the changes on the template instead of
changing individual realms separately. Changes to the template would
propagate to realms automatically.
I would like to see at least realm settings and roles being defined on the
template. Maybe also clients and groups. Identity providers would also be
useful. Keys, certificates, users and various credentials would naturally
be specific to each realm.
If possible it would be great if one could choose to override the settings
in the template so that the template would only define default values. But
if it complicates the implementation too much I'm sure the feature is just
as useful without this possibility.
I think this would make the life of SaaS application developers with realm
per tenant much easier as you would not need to write custom tools to
automate change propagation to realms.
Could this be something for 2.0?
Best regards,
Thomas
8 years, 7 months
Location Response Header
by Alex Gouvêa Vasconcelos
I'm trying to follow the link obtained in a 201 (user created) in the
Keycloak API but I can't access the "location" header which should be
returned in the response...
$http.post(url, user)
.then(
function(response) { console.log(response.headers()); },
function(error) {}
)
The whole response.header() collection is empty... yet, the chrome
developer console shows the url to the new resource...
I think, maybe this is related to the problem described here (
http://www.aaron-powell.com/posts/2013-11-28-accessing-location-header-in...),
but I have tryed to add the following lines to my keycloak.json and yet no
success:
"enable-cors": true,
"cors-allowed-headers": "Location"
Could anyone help me with that issue?
Regards.
Alex Gouvêa Vasconcelos
8 years, 7 months
