July 2017 - keycloak-dev - Jboss List Archives

by Thomas Darimont

Hello, how can I add a new dependency to the keycloak modules/system/layers/base when building a server-distribution? I need to add org.apache.commons:commons-collections4 for the PatriciaTrie which I need for my BlacklistPasswordPolicyProvider: [0] I tried adding a dependency to keycloak/dependencies/server-all/pom.xml but I still get CNFEs if I try to run the server from the dist-build. Caused by: java.lang.ClassNotFoundException: org.apache.commons.collections4.trie.PatriciaTrie from [Module "org.keycloak.keycloak-server-spi-private" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/tom/dev/playground/keycloak/keycloak-3.3.0.CR1-SNAPSHOT/modules,/home/tom/dev/playground/keycloak/keycloak-3.3.0.CR1-SNAPSHOT/modules/system/layers/keycloak,/home/tom/dev/playground/keycloak/keycloak-3.3.0.CR1-SNAPSHOT/modules/system/layers/base))] Cheers, Thomas [0] https://github.com/thomasdarimont/keycloak/commit/59a84df2f70623f11bd4d78...

6 years, 11 months

2
1
0 / 0

How to add a dependency to keycloak server distribution build?

by Thomas Darimont

Hello, (sorry hit send to fast...) how can I add a new dependency to the keycloak modules/system/layers/base when building a server-distribution? I need to add org.apache.commons:commons-collections4 for the PatriciaTrie which I need for my BlacklistPasswordPolicyProvider: [0] I tried adding a dependency to keycloak/dependencies/server-all/pom.xml but I still get CNFEs if I try to run the server from the dist-build. Caused by: java.lang.ClassNotFoundException: org.apache.commons.collections4.trie.PatriciaTrie from [Module "org.keycloak.keycloak-server-spi-private" from local module loader @282ba1e (finder: local module finder @13b6d03 (roots: /home/tom/dev/playground/keycloak/keycloak-3.3.0.CR1- SNAPSHOT/modules,/home/tom/dev/playground/keycloak/ keycloak-3.3.0.CR1-SNAPSHOT/modules/system/layers/keycloak,/home/tom/dev/ playground/keycloak/keycloak-3.3.0.CR1-SNAPSHOT/modules/ system/layers/base))] Cheers, Thomas [0] https://github.com/thomasdarimont/keycloak/commit/ 59a84df2f70623f11bd4d78771a4b91422fa0286

6 years, 12 months

1
0
0 / 0

UserSessions support for cross-dc

by Marek Posolda

I've sent PR https://github.com/keycloak/keycloak/pull/4357 for subject. It adds cross-dc support for userSessions, so that if you write userSession "abc" in DC1, you will be able to read it in DC2 and viceversa. Among cross-dc, it also provides the solution for lost updates (write skew) issues where 2 threads on different cluster nodes (or in different data-centers) updates same userSession. They both read the userSession in same state and then both update it, but 2nd update will overwrite the 1st one, which was committed first. I've used the pattern based on tracking changes (events) and infinispan atomic-replace operation described in the earlier mail: http://lists.jboss.org/pipermail/keycloak-dev/2017-May/009347.html So there was some refactoring of InfinispanUserSessionProvider to support the event-based approach. One difference from the previous proposal was, that events are not sent between data-centers but instead userSession entities are directly written to remoteCache itself - however the writes are still protected to avoid write skew issues. The reason is, that with multiple datacenters, it can happen that datacenters lost the network connection between each other (split brain). Infinispan has some ways to restore from this state and sync the entities after network connection is fixed. With the entities directly in the cache, this should be easier to achieve then the case when the remoteCache is used just as an event bus to send "changes" among datacenters. There is still lots of work for the cross-dc support, but hopefully it's another step forward :) Marek

7 years

2
2
0 / 0

OTP string based secrets

by Dobbels, Andy

Hi, We are adopting Keycloak and are trying to move our OTP tokens over to Keycloak. However, Keycloak can only use secrets that are alphanumeric strings whereas our existing implementation and most hard and software tokens we have used use the full range of binary values when generating secrets. 2 questions: 1: Is the lower entropy of the secrets generated by Keycloak a concern? 2: If we provided a PR that migrated the existing data by re-encoding all existing secrets as Base32 and updated the code to assume Base32 instead of string be acceptable? This would be a non breaking change but allow anyone using existing OTP tokens to migrate their secrets which I don't think they can at the moment. Thanks, Andy

7 years

3
11
0 / 0

Dutch translation

by Hynek Mlnarik

Can someone please review Dutch translation in PR https://github.com/keycloak/keycloak/pull/4340? --Hynek

7 years

1
0
0 / 0

Keycloak, Elytron and WildFly 11

by Pedro Igor Silva

Hi, Just want to let you know that tests using Elytron 1.1.0.CR3 (just released) and WildFly/Core upstream are passing. Next version of Elytron is Final and until there we should not have anymore changes that may impact our side, including Elytron subsystem changes. We also have some initial changes to the adapter subsystem. These changes are important in order to allow users to secure WildFly/EAP Console (HAL), CLI and Management Interface with Keycloak. More work will be done in order to make even more easier to protect these resources. For more details, check https://issues.jboss.org/browse/KEYCLOAK-5015. Regards. Pedro Igor

7 years

2
1
0 / 0

javascript no longer in GitHub

by Stan Silvert

FYI. Most javascript libraries used in the admin console are no longer checked into GitHub. Instead, they are pulled in at build time from the public npm repo and cached on your local machine just like with Maven artifacts. If you need to add/update/remove a javascript library for the console, see the README.md here: https://github.com/keycloak/keycloak/tree/master/themes/src/main/resource...

7 years

1
0
0 / 0

PermissionsTest failures

by Stan Silvert

Lots of failures in Travis. Anybody know off hand what this is about? Running org.keycloak.testsuite.admin.PermissionsTest --------- org.keycloak.testsuite.admin.PermissionsTest output start --------- PermissionsTest ++ [31m14:38:01,920 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-8) RESTEASY002005: Failed executing GET /admin/realms/permissions-test/clients-initial-access: org.keycloak.services.ForbiddenException PermissionsTest ++ at org.keycloak.services.resources.admin.permissions.ClientPermissions.requireView(ClientPermissions.java:259) PermissionsTest ++ at org.keycloak.services.resources.admin.ClientInitialAccessResource.list(ClientInitialAccessResource.java:102) PermissionsTest ++ at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) PermissionsTest ++ at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

7 years

2
2
0 / 0

Keycloak 3.2.1.Final released

by Marek Posolda

Keycloak 3.2.1.Final has just been released. This release doesn't contain any new features. However there are few fixed bugs related to authorization services and new permissions for admin REST API. To download the release go to the Keycloak homepage <http://www.keycloak.org/downloads>. The full list of resolved issues is available in JIRA <https://issues.jboss.org/issues/?jql=project%20%3D%20keycloak%20and%20fix...> . Upgrading Before you upgrade remember to backup your database and check the migration guide <https://keycloak.gitbooks.io/documentation/server_admin/topics/MigrationF...> .

7 years

1
0
0 / 0

Travis update to trusty and failing testsuite

by Hynek Mlnarik

Hi, since Travis updated their images to Ubuntu Trusty, the testsuite started failing for the server-group1. If you already have any PR submitted that failed for that reason, please rebase to the current master to get the tests passing (or at least not failing due to environment issues). This is tracked as [1] --Hynek [1] https://issues.jboss.org/browse/KEYCLOAK-5226

7 years

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

keycloak-dev July 2017