November 2019 - keycloak-dev - Jboss List Archives

[Keycloak Operator] Modifying browserRedirectorIdentityProvider while creating a realm

by Sebastian Laskawiec

Hey guys, Peter is currently working on setting the "defaultProvider" configuration parameter in the "identity-provider-redirector". The old Operator used this functionality here [1] and Peter wanted to port it to the new Operator. @Peter - if I may ask you - could you please describe the use case this is being used in? During our initial conversation, we agreed that we want to setup all Realm bits in a single REST call. In other words - Keycloak Realm CR should match exported realm JSON format. However, modifying existing browser flow hardly first into this scenario. It would require sending a JSON with full list of "authenticationFlows" as well as a full list of "authenticatorConfig" objects (as Config is matched with an authentication flow using an id). I experimented with an exported Realm and here's what I have [2]. As you probably noticed - it's enormous and very fragile (as it contains many, many options I have to set upfront). Do you have any idea how to solve this? I have three options in my head: 1) Use a second REST call (after creating a Realm) and modify the "authenticatorConfig". In other words - do everything exactly the same way the old Operator did 2) Force users to embed the full Realm configuration every time they create a Realm. 3) Create some sort of profiles in Keycloak. This way, when an Operator uses proper profile, we set the "defaultProvider" to proper value out-of-the-box. Thanks, Sebastian [1] https://github.com/integr8ly/keycloak-operator/blob/d97ee5de8c2b227d684ad... [2] https://gist.github.com/slaskawi/79847124a268b94c8391e01f13b21409#file-ke...

4 years, 5 months

3
3
0 / 0

scripts-upload feature

by Knüppel, Pascal

Hi, I got a simple problem with the scripts upload feature. I created a jar-file as described here (https://www.keycloak.org/docs/7.0/server_development/#_script_providers) and put it into the deployments directory of keycloak. But now the simple question... how am I supposed to map these defined script-mappers and the authenticator-execution into my configuration within the admin-console? the deployment was successful and this is my "keycloak-scripts.json" file { "authenticators": [ { "name": "authentication-level", "fileName": "authentication-level-script-authenticator.js", "description": "This script determines the authentication level, i.e. the authentication method used to identify the user" } ], "mappers": [ { "name": "substitute-roles-mapper", "fileName": "substitute-roles-script-mapper.js", "description": "maps substitute roles into the access token" }, { "name": "authentication-level-mapper", "fileName": "authentication-level-script-mapper.js", "description": "maps the authentication level into the access token" } ] } my jar file has the following structure: / |_ META-INF | |_keycloak-scripts.json | |_MANIFEST.MF |_authentication-level-script-authenticator.js |_authentication-level-script-mapper.js |_substitute-roles-script-mapper.js I can neither find the authenticator nor the mappers in the admin-console and I have no idea how to map them... any ideas? Best regards Pascal Knüppel **************************************************** Veranstaltungsvorschau: Besuchen Sie uns... 11. Jahrestagung E-Akte | 06. + 07.11.2019 | Berlin<https://jahrestagung-eakte.de/> Kongress e-nrw | 07.11.2019 | Düsseldorf/Neuss<https://www.e-nrw.info/> OMNISECURE | 20.-22.01.2020 |Berlin<https://www.omnisecure.berlin/de/> Zukunftskongress Staat & Verwaltung |15.-17.06.2020 | Berlin<https://www.zukunftskongress.info/de/zksv/willkommen>

4 years, 5 months

1
0
0 / 0

keycloak-nodejs-connect build process

by Wolfgang Ederer

Hello, We are using the keycloak-nodejs-connect adapter inside an application of ours. I encountered an issue inside the build process of the package, however I could not find any documentation how the npm package is built. My best guess is that maven is used, but my experience with maven is very limited. Could somebody describe the build+publish process to me? I will create a pull request to update the docs afterwards. Thanks! Best Regards Wolfgang

4 years, 5 months

2
1
0 / 0

A newly added Hardcoded Role mapper ignores users that have already logged in before

by EXTERNAL Thiele Frank (TNG, INST-CSS/BSV-OS2)

Hello, In our project, we use the "Hardcoded role" mapper within a configured Identity Provider (also a Keycloak instance, in our case the same but a different realm) to describe that each user logging in via Keycloak shall be given a certain role. This works perfectly if the mapper is configured before the first login of the user. The configured role is granted to the (cloned) user when he logs in the first time via Keycloak. But when another "Hardcoded role" mapper is added to configure another role, then the user is not given the other role when he logs in. Only new users logging in the first time get both roles assigned. Is this on purpose or a bug? Mit freundlichen Grüßen / Best regards Frank Thiele Open Source Services 2 - Product Group Customer Success Services (INST-CSS/BSV-OS2) Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch-si.com<http://www.bosch-si.com<http://www.bosch-si.com%3chttp:/www.bosch-si.com>> external.Frank.Thiele(a)bosch-si.com<mailto:external.Frank.Thiele@bosch-si.com<mailto:external.Frank.Thiele@bosch-si.com%3cmailto:external.Frank.Thiele@bosch-si.com>> Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Michael Hahn, Dr. Aleksandar Mitrovic

4 years, 5 months

6
32
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

keycloak-dev November 2019