August 2016 - keycloak-dev - Jboss List Archives

FYI OAuth Security Workshop 2016 July 14th and 15th 2016 in Trier / Germany

by Thomas Darimont

Hello group, just wanted to let you know that there will be an OAuth Security Workshop at the University of Trier (Germany) in July see: https://infsec.uni-trier.de/events/osw2016 I learned from one of the organizers that they will also discuss Keycloak as an OpenID Connect Provider - just wanted to let you guys know. I'm going to attend this workshop as well. Cheers, Thomas

9 years, 4 months

2
2
0 / 0

Proof of concept of Keycloak Federation with OpenStack

by Adam Young

Not too much on the KeyCloak side, as that was pretty straightforward. used the Python SP registration tool; Still, thanks for your help getting this far. http://adam.younglogic.com/2016/08/ooo-ha-fed-poc/

9 years, 4 months

3
2
0 / 0

SAML Subsequent login fails with Account disabled error

by Kamal Jagadevan

Hello, We are using Keycloak 1.9.2 for our Authentication flow and SAML interactions (not using SAML adapters) and they are working well in DEV/QA instances.But in Integration environment we are seeing a strange issue of ONLY FIRST TIME login works fine. Further login fails with the following error even though user is enabled. "Account is disabled, contact admin." Is there anything obvious that we have missed please advise. Enabling debug log didnt reveal anything other than fetching entities from db.Any inputs to debug further is also welcome. Setting in Federated Identity - First login flow is set to First Broker Login flow Settings in First login flow - Disabled Review profile page, rest of the properties was set to default values altering rest of the fields didnt change the behavior. Following are the sequence of steps - With the help of static login URL to Keycloak with suffixed by the KC_IDP_HINT, Keycloak redirects to External IDP - Verified for the SAML request being sent using SAML Tracer. - External IDP login prompts for username and password. - After entering credentials, redirected back to Keycloak for getting token but THROWS error "Account is disabled, contact admin" - Verified the SAML response with Assertion status as success using SAML tracer. - Verified the user is enabled from the Admin console. - Verified the user_entity table for the status. BestKamal

9 years, 4 months

1
0
0 / 0

Removal of UserDataAdapter

by Bruno Oliveira

Maybe is just my ignorance, but seems like UserDataAdapter[1] is never used. Can we delete it? [1] - https://github.com/keycloak/keycloak/blob/master/server-spi/src/main/java... -- abstractj PGP: 0x84DC9914

9 years, 4 months

2
1
0 / 0

Need to add a system dependency path to modules\system\layers\base\sun\jdk\main\module.xml

by Peter Nalyvayko

Hi,Can somebody shed some light on what generates the module.xml at the location in the subj? I need to add a missing system dependency path to the aforementioned file, but unsure as to where in the source code tree and to which files the changes are supposed to be applied. Right now the contents of the file look like this: <module xmlns="urn:jboss:module:1.3" name="sun.jdk"> <resources>  <resource-root path="service-loader-resources"/> </resources> <dependencies> <module name="sun.scripting" export="true"/> <system export="true"> <paths> ... <path name="sun.security.XXX.XXX"/> /// <-- Intended changes ... </paths> .... RegardsPeter

9 years, 4 months

3
2
0 / 0

Open Node.js Connect Pull Requests

by Scott Rossillo

Any chance someone can review the two PRs I opened over a week ago on the Keycloak connect Node.js module[0]? Fix for KEYCLOAK-3384 is critical and KEYCLOAK-3387 is also a high priority change but may require some discussion on the approach. Thanks in advance, Scott [0]: https://github.com/keycloak/keycloak-nodejs-connect/pulls <https://github.com/keycloak/keycloak-nodejs-connect/pulls> Scott Rossillo Senior Software Engineer Smartling, Inc.

9 years, 4 months

2
1
0 / 0

Keycloak 2.1.0.Final released

by Marek Posolda

Keycloak 2.1.0.Final has just been released. This release only contains one fix related to Authorization services since 2.1.0.CR1 release. For the list of resolved issues check out JIRA <https://issues.jboss.org/issues/?jql=project%20%3D%20keycloak%20and%20fix...> and to download the release go to the Keycloak homepage <http://www.keycloak.org/downloads>. Before you upgrade refer to the migration guide <https://keycloak.gitbooks.io/server-adminstration-guide/content/v/2.1/top...>

9 years, 4 months

1
0
0 / 0

Using provided AccessToken in Keycloak client

by Thomas Darimont

Hello group, I have the following scenario: 1) A SSO authenticated User1 calls Service1 (confidential client). 2) Service1 extracts access token. 3) Service1 performs a remote call to Service2 passing the access token along. 4) Service2 needs to do something in the name of User1 in Keycloak (e.g. set a user attribute, or create a new users) 5) Service2 uses org.keycloak.admin.client.Keycloak to communicate with Keycloak to perform the requested operation. I want to be able to propagate the access token in Service to service calls and use the 'org.keycloak.admin.client.Keycloak' client with the provided access token to perform an operation in Keycloak. Currently 'org.keycloak.admin.client.Keycloak' only supports client credentials and / or password, which it uses to get an refresh token to renew a potentially timed out access token. As a PoC I slightly adjusted the Keycloak client to allow for externally provided access tokens: https://gist.github.com/thomasdarimont/d82c4478df997556a9d16afb79787459 I think the Keycloak Client should also support "call once" scenarios with a provided access token out of the box. Shall I create a JIRA for this? Cheers, Thomas

9 years, 5 months

2
3
0 / 0

Fwd: Getting CLIENT_NOT_FOUND Exception

by swanand dhawan

---------- Forwarded message ---------- From: swanand dhawan <swananddhawan(a)arvindinternet.com> Date: Fri, Aug 5, 2016 at 12:09 PM Subject: Getting CLIENT_NOT_FOUND Exception To: keycloak-dev <keycloak-dev(a)lists.jboss.org> Cc: Anunay Sinha <anunay.sinha(a)arvindinternet.com> Hello, I am getting the following error frequently in my logs: *ERROR [org.keycloak.authentication.AuthenticationProcessor] (default task-22) Failed client authentication: CLIENT_NOT_FOUND: org.keycloak.authentication.AuthenticationFlowException* I am attaching the log file with the error. Please help in fixing this error. -- Thanks & Regards, Swanand Dhawan -- Thanks & Regards, Swanand Dhawan

9 years, 5 months

2
1
0 / 0

Keycloak 2.1.0.CR1 released

by Marek Posolda

Keycloak 2.1.0.CR1 has just been released. The final release will follow next week if no major issues are reported. Few highlights of this release: * *Password Policy SPI* - Now it's possible to plug your own implementation of password policy. This is useful if available builtin policies are not sufficient for you. * *Jetty 9.3 adapter* - Allow you to secure your applications deployed on Jetty 9.3 server. * *Authorization fixes & improvements* - There are lots of fixes and improvements in authorization services, which were recently added in 2.0 release. It really worth to check this out and eventually provide us some feedback. * *Better OpenID Connect interoperability* - There are lots of minor fixes related to OpenID Connect support. For the full list of issues resolved check out JIRA <https://issues.jboss.org/issues/?jql=project%20%3D%20keycloak%20and%20fix...> and to download the release go to the Keycloak homepage <http://blog.keycloak.org/www.keycloak.org/downloads>.

9 years, 5 months

2
1
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

keycloak-dev August 2016