Disappearing Keycloak deployment
by Brooks Isoldi
I've configured Keycloak as a service on Ubuntu 14.04 and I'm finding
that terminating and restarting the Wildfly service (sudo service
wildfly restart) sometimes results in the keycloak-server.war being
undeployed and removed.
Other times it happens by restarting from within the CLI.
How do I restart Wildfly without terminating Keycloak?
Thank you.
-Brooks
7 years, 10 months
Help regarding Picketlink Feature Migration
by Shaun Willows
We are evaluating security frameworks for new application(s) within our organisation. Picketlink provides a number of features that are desirable to us as an organisation. However, as I understand, Picketlink is being migrated into Keycloak, and this process started in March 2015. Is it possible to provide any updates regarding the migration of the following features:
* Picketlink's Java EE integration (particularly its integration with the DeltaSpike security interceptor) is especially useful to us. Will Keycloak provide similar CDI / Java EE integration? The FAQ at http://picketlink.org/keycloak-merge-faq/ indicates that this was planned to be the case, but I cannot see any progress on this issue in the Keycloak Github or JIRA.
* Picketlink's IDM capabilities included a JPA IDM and the ability to easily create new IDMs. How can this be achieved in Keycloak?
* Picketlink's capability to provide custom authenticators and token providers is also useful to us. How can this be achieved in Keycloak?
I appreciate the need to consolidate projects within Red Hat, however as Picketlink is not being actively developed and there is no clear migration path from Picketlink to Keycloak for a number of features, users of both frameworks are left with no interim solution.
Thanks for any help in this regard
Shaun Willows
7 years, 10 months
Add roles to a client template
by Pedro Igor Silva
Is it possible to add client roles to a client template ? Would like to provide a template with some default roles/scopes.
Regards.
Pedro Igor
7 years, 10 months
Re: [keycloak-dev] Reset Password changes complete needs review
by Nekrasov Aleksandr
Hi!
My case is next: We have mobile project, which has no website. For some politics we cannot use any web forms for this project ( Keycloak forms too ) and app interact only with our rest service. When user reset credentials, he should receive email with some OTP code ( not link ) to enter it into mobile app.
Another reason why not link is that user must stay in mobile app context.
App context ( three steps flow):
1. User click "forgot password", enter email and click next
2. User see "enter reset code here" and paste here from email then click next
3. User enter new password, click "save" and can work with app
Link breaks this scenario and adds one more context. And user should open it through browser. How the user can trust it? Its more difficult for the users for this case.
I prefer, if EmailTemplateProvider.sendPasswordReset method would have additional configurable OTP parameter. And using my own templates I can send to user OTP, link, or both.
Discussion starts here: http://lists.jboss.org/pipermail/keycloak-dev/2015-August/005092.html
Nekrasov Aleksander,
Developer,
Center of Financial Techologies
7 years, 10 months
Exception handling for own REST API - is it possible to register own javax.ws.rs.ext.ExceptionMapper?
by Vlastimil Elias
Hi,
I'm implementing my own REST endpoint using RealmResourceProvider and
I'm thinking how to perform error handling (which is not covered in
example).
Is it possible to register my javax.ws.rs.ext.ExceptionMapper subclass
to handle my exceptions? I tried to add subclass of it annotated with
javax.ws.rs.ext.Provider into my code but it is not used.
I get common error page with:
*Stack Trace*
org.jboss.resteasy.spi.UnhandledException:
com.redhat.developer.keycloak.rest.InvalidParametersException: email
param must be specified
Thansk in advance.
Vlastimil
--
Vlastimil Elias
Principal Software Engineer
Red Hat Developer | Engineering
7 years, 10 months
Exception when using JAXB in keycloak
by Eric Son 3016
Hi, I was trying to use JAXB in the keycloak and I have got the ClassNotFoundException
2016-06-09 20:19:40,514 INFO [stdout] (default task-2) Failed to create marshalled xmlString: javax.xml.bind.JAXBException
2016-06-09 20:19:40,515 INFO [stdout] (default task-2) - with linked exception:
2016-06-09 20:19:40,515 INFO [stdout] (default task-2) [java.lang.ClassNotFoundException: com.sun.xml.internal.bind.v2.ContextFactory from [Module "deployment.keycloak-server.war:main" from Service Module Loader]]
when the code is doing
JAXBContext jaxbContext = JAXBContext.newInstance(Class A);
is it because of keycloak is using openJDK instead of oracle JDK?
Since, on my eclipse, the project includes the JRE system library that has rt.jar containing com.sun.xml.internal.bind.v2.ContextFactory class
and was able to compile the project with no issue but it only happens when keycloak war is deployed.
I borrow some idea from below link, (the same thing happens for com.sun.net.ssl.internal.ssl.provider with JRE system library's jsse.jar)
http://stackoverflow.com/questions/11289860/deploy-time-error-java-lang-n...
basically, I created a jboss-deployment-structure.xml file into the WEB-INF/ and imported the system module dependency into module.xml under JBOSS_HOME\modules\system\layers\base\sun\jdk\main\ but it didn't help.
Has anyone run into this issue? Any suggestion will be appreciated.
Thanks a lot!
Best Regards,
WJ
7 years, 10 months
User Federation Provider Cache
by Ariel Carrera
Hi Marek, Stian, Bill....
I have developed a custom user federation provider. I notice that Keycloak
create several User Federation Providers during a single authentication
flow callin KeycloakModelUtils.getFederationProviderInstance multiple
times...
To prevent create two or three user federation providers per request, I
need implement into my custom Federation Provider a logic for search an
instance of my custom provider into the Keycloak session and if not exists
then create a new one. So... there would be better do it into the method
KeycloakModelUtils.getFederationProviderInstance?
People that implements a custom user federation providers... Do people need
to create multiple instances per request of the same provider?
By the way, I have extended the keycloak SPI to perform use of infinispan
cache when a custom user provider try to validate a user or get some data
from a user federation provider during process. Maybe this could be useful
to other users... if you wants to add this spi, I can try to prepare a pull
request to you.
Thanks
--
Ariel Carrera
7 years, 10 months
