March 2018 - keycloak-dev - Jboss List Archives

Wildcard for Valid Redirect URI Hostname

by Josh Cain

Per KEYCLOAK-3585: <https://issues.jboss.org/browse/KEYCLOAK-3585> Currently, valid redirect URI hostnames allow for wildcards at the end like so: http://www.redhat.com/* I'm managing several environments where clients need 'n' number of available redirect URI's with different hostnames, I.E. http://developer1.env.redhat.com http://developer2.env.redhat.com http://developer3.env.redhat.com Would really help to have the ability to wildcard hostnames too, I.E.: http://*.env.redhat.com I've submitted #3241 <https://github.com/keycloak/keycloak/pull/3241> to address this issue, but there seem to be some concerns about allowing wildcards in other parts of the URL. See the PR for a more fleshed out discussion, but wanted to start a thread here on the mailing list. Particularly with respect to: - Does anyone have need of this feature or would find it useful? - Should this kind of wildcard be allowed as a configuration option by Keycloak? Josh Cain | Software Applications Engineer *Identity and Access Management* *Red Hat* +1 256-452-0150

2 years, 4 months

5
13
0 / 0

keycloak-documentation translation

by Hiroyuki Wada

Hello, We have a plan to translate keycloak-documentation to Japanese for the community at our company. Because there is no place to manage the translation resources in keycloak-documentation repository, we are planning to put the resources into own repository and publish the built documents to our corporate site. Do you have any concerns? Of course, we can contribute it if there are any plans to translate it officially. Best Regards, -- Hiroyuki Wada, Nomura Research Institute, Ltd.

2 years, 11 months

3
4
0 / 0

Client Scope naming

by Schuster Sebastian (INST/ESY1)

Hi, I saw there are activities to replace client templates with client scopes. UMA 2.0 uses the term “client scope” to determine what the OAuth client wants to do with the granted access (e.g. this could be used to determine the purpose of processing some data for GDPR compliance). Since Keycloak will also support UMA 2.0, I am a little concerned this might lead to some confusion. As you know, there are only two hard problems in computer science: cache invalidation, naming things, and off-by-one errors. ☺ WDYT? Best regards, Sebastian Mit freundlichen Grüßen / Best regards Dr.-Ing. Sebastian Schuster Engineering and Support (INST/ESY1) Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch-si.com<http://www.bosch-si.com> Tel. +49 30 726112-485 | Fax +49 30 726112-100 | Sebastian.Schuster(a)bosch-si.com<mailto:Sebastian.Schuster@bosch-si.com> Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Michael Hahn

3 years

4
18
0 / 0

offline access tokens part 2

by Bill Burke

These are my thoughts for implementing offline access tokens: * offline access tokens MUST be validated. This means that if they are used during bearer token requests, the service must validate the token with the token endpoint. * These tokens MUST be rejected by older keycloak clients as our adapters dont' have support for them. * offline access tokens will not be stored in the database. Instead they will be JWEs or JWS that link to an offline user session. (our current offline access implementation). They will be revokable just like any other offline session and in the same manner. This makes the implementation simple. * There will be 4 modes for configuring clients - client automatically receives offline access tokens (maybe not include a refresh token in this case) - client may request an offline access token - client requires consent before providing an offline access token - client is not allowed to ask for offline access tokens (default) Any other thoughts on this? Maybe this should be implemented in conjunction with a reference token feature too? -- Bill Burke Red Hat

3 years

4
11
0 / 0

Wireframes for new consent screen

by Stian Thorgersen

Here's the wireframes for the updated consent screen. Please take a look and comment: https://redhat.invisionapp.com/share/2RGJZNJUBSZ#/screens/287585184_Conse...

3 years

1
0
0 / 0

building keycloak and running tests

by Simon Payne

Hi, is there a way of changing the port, other than find and replace, which keycloak runs on for the integration tests? it is currently set to 8081, but we have mcAfee agent listening already. thanks

3 years

2
2
0 / 0

need feedback on integrating golang with testsuite and distro

by Bill Burke

I have a golang client utility (kcinit) that I need to integrate with tests in our testsuite. Its possible to integrate golang with maven using this maven plugin: https://github.com/raydac/mvn-golang To integrate my tool into the arquillian testsuite, I've pulled in this plugin to pull down and build my golang tool so that it can be executed within a test. The way it works is that the maven plugin will first download the Golang SDK and store it within ~/.mvnGolang. It will also store any source code it pulls down and builds there. It will build a binary that is specific to the platform it is running on so this is perfect for our testsuite. Sound ok? Next question is distribution. "kcinit" is a command line utility. Should I add this to our current client tools directory in the disto or create a separate dis zipt? Ok to include binaries for linux, osx, and windows? This will require the maven plugin to individually cross-compile for each platform. Its not superfast and our distro build will be slower, but we will have one place to pull this stuff together. I will need to eventually create an RPM for this tool so that it can be automatically installed in Fedora/RHEL. -- Bill Burke Red Hat

3 years

2
3
0 / 0

Keycloak repository is too heavy

by Sergey Ponomarev

Hello, I wanted to make a small pull request into keycloak <https://github.com/keycloak/keycloak/> but it passed more than a our but I still not even built the project. First of all it was cloned about 4 minutes. No so much, but a long as for me. Then I started build process and it took a long time to download all dependencies which exists on Maven Central. Meanwhile I opened Keycloak project in Intellij and it started to index all files. Finally at some point build failed with OOM :( I checked and found that Keycloak sources contains about 100Mb of built examples and about 300 Mb of node_modules in themes folder. So my proposition is: how about to split mono repository into few smaller? As I see we can easily move examples and themes into separate repos under keycloak organisation on Github. This will decrease network load and simplify project initialization. But we'll still be able to build examples and themes. Sergey Ponomarev <http://www.linkedin.com/in/stokito>

3 years

4
3
0 / 0

Why Authz examples has been removed from 4.0.0.Beta1

by Carlos Feria

Hi There. I wonder why Authz examples has been removed from Keycloak 4.0.0.Beta1 version. I saw this commit here: https://github.com/keycloak/keycloak/commit/35b9fe043caf10287f4f8c835233d... <https://github.com/keycloak/keycloak/releases/tag/4.0.0.Beta1> I'd like to know if Keycloak 4 will change the way authz works on Keycloak 3.4.3.Final?. I have have software projects that works in the same way that photoz authz example use to work. Please I'd like to know your answer. Thanks! -- Carlos E. Feria Vila

3 years

3
3
0 / 0

Re: [keycloak-dev] Keycloak 4.0.0.Beta1 is out

by Stian Thorgersen

I missed one cool new feature. We also now have support for UMA 2.0 including allowing users to manage resource permissions in the account management console. On Thu, 22 Mar 2018, 21:03 Stian Thorgersen, <sthorger(a)redhat.com> wrote: > I'm very pleased to announce the first release of Keycloak 4! > > To download the release go to the Keycloak homepage > <http://www.keycloak.org/downloads>. > HighlightsBrand new login pages > > The login pages have received a brand new look. They now look much more > modern and clean! > Themes and Theme Resources > > It's now possible to hot-deploy themes to Keycloak through a regular > provider deployment. We've also added support for theme resources. Theme > resources allows adding additional templates and resources without creating > a theme. Perfect for custom authenticators that require additional pages > added to the authentication flow. > > We've also added support to override the theme for specific clients. If > that doesn't cover your needs, then there's a new Theme Selector SPI that > allows you to implement custom logic to select the theme. > Native promise support to keycloak.js > > The JavaScript adapter now supports native promises. Of course it still > has support for the old style promises as well. Both can be used > interchangeably. > Edit links in documentation > > To make it easier to contribute changes to the documentation we have added > links to all sections of the documentation. This brings you straight to the > GitHub editor for the relevant AsciiDoctor file. There's also a quick link > to report an issue on a specific page that will include the relevant page > in the description. > HTTPS support on keycloak.org > > Thanks to GitHub pages and Let's Encrypt there's finally HTTPS on > keycloak.org. About time? > Loads more.. > > The full list of resolved issues is available in JIRA > <https://issues.jboss.org/issues/?jql=project%20%3D%20keycloak%20and%20fix...> > . > Upgrading > > Before you upgrade remember to backup your database and check the upgrade > guide <http://www.keycloak.org/docs/latest/upgrading/index.html> for > anything that may have changed. >

3 years

1
0
0 / 0

2021

2020

2019

2018

2017

2016

2015

2014

2013

keycloak-dev March 2018