just wanted to let you know that there will be an OAuth Security Workshop
University of Trier (Germany) in July see:
I learned from one of the organizers that they will also discuss Keycloak as
an OpenID Connect Provider - just wanted to let you guys know.
I'm going to attend this workshop as well.
Hello, We are using Keycloak 1.9.2 for our Authentication flow and SAML interactions (not using SAML adapters) and they are working well in DEV/QA instances.But in Integration environment we are seeing a strange issue of ONLY FIRST TIME login works fine. Further login fails with the following error even though user is enabled.
"Account is disabled, contact admin." Is there anything obvious that we have missed please advise. Enabling debug log didnt reveal anything other than fetching entities from db.Any inputs to debug further is also welcome.
Setting in Federated Identity - First login flow is set to First Broker Login flow
Settings in First login flow - Disabled Review profile page, rest of the properties was set to default values altering rest of the fields didnt change the behavior.
Following are the sequence of steps
- With the help of static login URL to Keycloak with suffixed by the KC_IDP_HINT, Keycloak redirects to External IDP
- Verified for the SAML request being sent using SAML Tracer.
- External IDP login prompts for username and password.
- After entering credentials, redirected back to Keycloak for getting token but THROWS error "Account is disabled, contact admin"
- Verified the SAML response with Assertion status as success using SAML tracer.
- Verified the user is enabled from the Admin console.
- Verified the user_entity table for the status.
Hi,Can somebody shed some light on what generates the module.xml at the location in the subj? I need to add a missing system dependency path to the aforementioned file, but unsure as to where in the source code tree and to which files the changes are supposed to be applied. Right now the contents of the file look like this:
<module xmlns="urn:jboss:module:1.3" name="sun.jdk"> <resources> <!-- currently jboss modules has not way of importing services from classes.jar so we duplicate them here --> <resource-root path="service-loader-resources"/> </resources> <dependencies> <module name="sun.scripting" export="true"/> <system export="true"> <paths> ... <path name="sun.security.XXX.XXX"/> /// <-- Intended changes
I have the following scenario:
1) A SSO authenticated User1 calls Service1 (confidential client).
2) Service1 extracts access token.
3) Service1 performs a remote call to Service2 passing the access token
4) Service2 needs to do something in the name of User1 in Keycloak (e.g.
set a user attribute, or create a new users)
5) Service2 uses org.keycloak.admin.client.Keycloak to communicate with
to perform the requested operation.
I want to be able to propagate the access token in
Service to service calls and use the 'org.keycloak.admin.client.Keycloak'
with the provided access token to perform an operation in Keycloak.
Currently 'org.keycloak.admin.client.Keycloak' only supports client
credentials and / or password,
which it uses to get an refresh token to renew a potentially timed out
As a PoC I slightly adjusted the Keycloak client to allow for externally
provided access tokens:
I think the Keycloak Client should also support "call once" scenarios with
a provided access token out of the box.
Shall I create a JIRA for this?
---------- Forwarded message ----------
From: swanand dhawan <swananddhawan(a)arvindinternet.com>
Date: Fri, Aug 5, 2016 at 12:09 PM
Subject: Getting CLIENT_NOT_FOUND Exception
To: keycloak-dev <keycloak-dev(a)lists.jboss.org>
Cc: Anunay Sinha <anunay.sinha(a)arvindinternet.com>
I am getting the following error frequently in my logs:
*ERROR [org.keycloak.authentication.AuthenticationProcessor] (default
task-22) Failed client authentication: CLIENT_NOT_FOUND:
I am attaching the log file with the error.
Please help in fixing this error.
Thanks & Regards,
Thanks & Regards,
Keycloak 2.1.0.CR1 has just been released. The final release will follow
next week if no major issues are reported. Few highlights of this release:
* *Password Policy SPI* - Now it's possible to plug your own
implementation of password policy. This is useful if available
builtin policies are not sufficient for you.
* *Jetty 9.3 adapter* - Allow you to secure your applications deployed
on Jetty 9.3 server.
* *Authorization fixes & improvements* - There are lots of fixes and
improvements in authorization services, which were recently added in
2.0 release. It really worth to check this out and eventually
provide us some feedback.
* *Better OpenID Connect interoperability* - There are lots of minor
fixes related to OpenID Connect support.
For the full list of issues resolved check out JIRA
and to download the release go to the Keycloak homepage