Anyone going to KubeCon?
by Stian Thorgersen
I'm going to KubeCon and would love to have a chat with anyone from the
Keycloak community that are also going.
5 years, 4 months
Re: [keycloak-dev] keycloak-dev Digest, Vol 71, Issue 7
by khaianisnizar2007
Dear Keycloak developers,What is the appropriate authorisation flow For mobile ( swift , kotlin) application ? I used before code grant flow for spa app ( react js) To use the same strong flow i m facing during redirect uri to personalise the webview , But the end users continue to make remarks concerning webview, I m thinking to use resource owner user credentials passwords but after a lot search i find a lot of bad recommandations precisely about trusting end user app (mobile).Can u advice or help me to adopt best approach.Best regards.Envoyé depuis mon smartphone Samsung Galaxy.
-------- Message d'origine --------De : keycloak-dev-request(a)lists.jboss.org Date : 13/05/2019 22:20 (GMT+00:00) À : keycloak-dev(a)lists.jboss.org Objet : keycloak-dev Digest, Vol 71, Issue 7 Send keycloak-dev mailing list submissions to keycloak-dev(a)lists.jboss.orgTo subscribe or unsubscribe via the World Wide Web, visit https://lists.jboss.org/mailman/listinfo/keycloak-devor, via email, send a message with subject or body 'help' to keycloak-dev-request(a)lists.jboss.orgYou can reach the person managing the list at keycloak-dev-owner(a)lists.jboss.orgWhen replying, please edit your Subject line so it is more specificthan "Re: Contents of keycloak-dev digest..."Today's Topics: 1. Re: Proposal: REST Endpoint for creating TOTP (Stian Thorgersen) 2. Not properly closed connections in org.keycloak.adapters.ServerRequest (Maksym Gendin) 3. Re: Cannot get UMA photoz example working (keycloak quickstart 6.0.1) (Olivier Rivat) 4. How to enable logging on console for dev environment (Shiva Prasad Thagadur Prakash) 5. Re: How to enable logging on console for dev environment (Michal Hajas) 6. Re: How to enable logging on console for dev environment (Shiva Prasad Thagadur Prakash) 7. Re: Typescript support for Node.js adapter (Bruno Oliveira)----------------------------------------------------------------------Message: 1Date: Mon, 13 May 2019 10:57:50 +0200From: Stian Thorgersen <sthorger(a)redhat.com>Subject: Re: [keycloak-dev] Proposal: REST Endpoint for creating TOTPTo: Roland Werner <contributing.to.keycloak(a)gmail.com>Cc: keycloak-dev <keycloak-dev(a)lists.jboss.org>Message-ID: <CAJgngAdRCZvrH+Wa13rGi93=0J1ZuN+dWW0NmELW36gDn1U2gw(a)mail.gmail.com>Content-Type: text/plain; charset="UTF-8"Having an admin create OTP codes in this way and printing it out meansthere are more people with access to confidential secrets that needed. Thisis also a harder way for users to configure/enable OTP. Further, it is notvery future proof. Sofware OTP tokens are already pretty much legacy soyour company will at some point want to move to something more secure likeWebAuthn Security Keys, in which case your approach of printing QR codes onpaper won't work and you will need to change your process.A better approach which is what Keycloak already supports is requiringusers to enable OTP on first login. That way the secret is only exposed toKeycloak and the user, not to other systems and people. Further, this caneasily be changed in the future to require users to register a WebAuthnsecurity key for instance.With regards to the proposed endpoint we do not want specific OTP endpointslike this as we are working towards making Keycloak less hard-coded aroundthe concept of software OTP and allow flexiblity to support any credentialtypes.On Mon, 13 May 2019 at 10:42, Roland Werner <contributing.to.keycloak(a)gmail.com> wrote:> Hi,>> I noticed that the REST API (> https://www.keycloak.org/docs-api/6.0/rest-api/index.html) does contain an> endpoint "Remove TOTP from the user", but none that allows to create a TOTP> for a user in the first place.>> I'm proposing to add this "create-totp" endpoint and would also contribute> it. The call would look like this:>> curl -X PUT -H 'Content-Type: application/json' -H 'Authorization: Bearer> <token>' -i http://> <keycloak-url>:<port>/auth/admin/realms/myrealm/users/<user-id>/create-totp>> and the reply as follow:> {> "totpSecret": "aA3mIuIzvxTmC5gqUqpl",> "qrCode": "iVBORw0KGgoAAA...AAABJRU5ErkJggg=="> }>> I would check the existence of TOTP on the requested user and would reply> with 400-Bad-Request and the message> {> "errorMessage": "User already has totp. Remove first."> }> in that case (just to make sure that this doesn't happen on accident).> One question in that respect: The JavaDocs of> org.keycloak.representations.idm.UserRepresentation says that isTotp is> deprecated, but doesn't say what to use instead. Can someone point me to> the right direction here?>> I am aware that the current practice in Keycloak when adding a TOTP to a> user is to instantly request a generated OTP and only if that is correct> add the credential-type to the user. Obviously this would not apply for the> REST endpoint. However, as the endpoint is only reachable for an admin I> don't think this would result in a significant security loss, especially as> the "remove-totp" endpoint can also be used without the need to enter an> OTP.>> I suggest to align the code with the behavior of the remove-totp endpoint,> such that> - it uses PUT> - it is called on given user> - it requires the same admin rights>> This reason for my approach is that we want to introduce a process in our> organisation where every user in the given realm is forced to use an OTP to> login and there is no self-registration but instead the users are handed> over the QR-Code outside of Keycloak (on paper or digitally). In the> meantime we use a custom plugin, but I would love to see this also make its> way into the standard Keycloak.>> What do you think?>> Thanks and Regards,> Roland> _______________________________________________> keycloak-dev mailing list> keycloak-dev(a)lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-dev>------------------------------Message: 2Date: Mon, 13 May 2019 13:36:30 +0200From: Maksym Gendin <maksym.gendin(a)gmail.com>Subject: [keycloak-dev] Not properly closed connections in org.keycloak.adapters.ServerRequestTo: keycloak-dev(a)lists.jboss.orgMessage-ID: <CAKm1Xe+3EzfY-_gbLsfHJhbN474O9ift3FLtfFCCFv_yhwbgXA(a)mail.gmail.com>Content-Type: text/plain; charset="UTF-8"Dear Keycloak developers,I have noticed a potential problem with closing the connectionsin org.keycloak.adapters.ServerRequest#invokeClientManagementRequest method.I'm facing problems with number of opened files on a linux machine andtrying to identify the source...querying the open connections with netstatI see a couple of connections in CLOSE_WAIT status from my microserviceinstances towards Keycloak...Can someone confirm me that the ServerRequest class closes the connectionsin a proper way?Best regardsMaksym------------------------------Message: 3Date: Mon, 13 May 2019 14:16:06 +0200From: Olivier Rivat <orivat(a)janua.fr>Subject: Re: [keycloak-dev] Cannot get UMA photoz example working (keycloak quickstart 6.0.1)To: Sebastien Blanc <sblanc(a)redhat.com>Cc: keycloak-dev <keycloak-dev(a)lists.jboss.org>, keycloak-user <keycloak-user(a)lists.jboss.org>Message-ID: <646ae16a-96a3-1f24-2b31-62642dd7134e(a)janua.fr>Content-Type: text/plain; charset=utf-8; format=floweddiscrepancy is :1) I was using the import command of the master realm to upload photoz-realm.json(it was my mistake)2) you should do as follows:a) select "Add realm"b) select "Select File" and upload photoz-realm.json---> quickstart realm and everything is created succesfullyIt is following text which has confused me quite a lot, and which should be clearer documented (indicating to use the button add-realm for exampkle)https://github.com/keycloak/keycloak-quickstarts/tree/latest/app... /Create the Example Realm and a Resource Server////Considering that your Keycloak Server is up and running, log in to the Keycloak Administration Console.////Now, create a new realm based on the following configuration file:////|keycloak-quickstarts/app-authz-photoz/photoz-realm.json |////That will import a pre-configured realm with everything you need to run this quickstart. For more details about how to import a realm into Keycloak, check the Keycloak's reference documentation.////After importing that file, you'll have a new realm called //|photoz|//./Regarsd,OlivierLe 12/05/2019 ? 07:56, Sebastien Blanc a ?crit?:> I have used the import command, whereas one should use the "add> realm"/select file and doc should you mention to upload file here.> I think keycloak quikstart guide doc example clarity could be improved> with above comment to avoid any further confusion-- <http://www.janua.fr/images/logo-big-sans.png><http://www.janua.fr/images/LogoSignature.gif> <http://www.janua.fr/images/6g_top.gif> Olivier RivatCTOorivat(a)janua.fr <mailto:dchikhaoui@janua.fr>Gsm: +33(0)682 801 609T?l: +33(0)489 829 238Fax: +33(0)955 260 370http://www.janua.fr <http://www.janua.fr/> <http://www.janua.fr/images/6g_top.gif>------------------------------Message: 4Date: Mon, 13 May 2019 12:42:26 +0000From: Shiva Prasad Thagadur Prakash <shiva.prasad.thagadur.prakash(a)ericsson.com>Subject: [keycloak-dev] How to enable logging on console for dev environmentTo: "keycloak-dev(a)lists.jboss.org" <keycloak-dev(a)lists.jboss.org>Message-ID: <1557751346.22248.3.camel(a)ericsson.com>Content-Type: text/plain; charset="utf-8"Hi Guys,How to enable logging on console in development environment? I am notable to see logs on console when I start keycloak server using "mvn -ftestsuite/utils/pom.xml exec:java -Pkeycloak-server?".?Thanks,Shiva------------------------------Message: 5Date: Mon, 13 May 2019 15:07:53 +0200From: Michal Hajas <mhajas(a)redhat.com>Subject: Re: [keycloak-dev] How to enable logging on console for dev environmentTo: Shiva Prasad Thagadur Prakash <shiva.prasad.thagadur.prakash(a)ericsson.com>Cc: "keycloak-dev(a)lists.jboss.org" <keycloak-dev(a)lists.jboss.org>Message-ID: <CACv4bCQL996OqNq1C08SGD=X02F9cUpyB5vP=2sUf1p30qOfuw(a)mail.gmail.com>Content-Type: text/plain; charset="UTF-8"Hi,you need to add property -Dkeycloak.logging.level=debug. See:https://github.com/keycloak/keycloak/blob/master/testsuite/utils/src/... HajasOn Mon, May 13, 2019 at 2:44 PM Shiva Prasad Thagadur Prakash <shiva.prasad.thagadur.prakash(a)ericsson.com> wrote:> Hi Guys,> How to enable logging on console in development environment? I am not> able to see logs on console when I start keycloak server using "mvn -f> testsuite/utils/pom.xml exec:java -Pkeycloak-server ".>> Thanks,> Shiva>> _______________________________________________> keycloak-dev mailing list> keycloak-dev(a)lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-dev--------------------...: 6Date: Mon, 13 May 2019 13:29:53 +0000From: Shiva Prasad Thagadur Prakash <shiva.prasad.thagadur.prakash(a)ericsson.com>Subject: Re: [keycloak-dev] How to enable logging on console for dev environmentTo: "mhajas(a)redhat.com" <mhajas(a)redhat.com>Cc: "keycloak-dev(a)lists.jboss.org" <keycloak-dev(a)lists.jboss.org>Message-ID: <1557754193.22248.6.camel(a)ericsson.com>Content-Type: text/plain; charset="utf-8"Hi Michal Hajas,Thank you very much.Best regards,ShivaOn ma, 2019-05-13 at 15:07 +0200, Michal Hajas wrote:> Hi,> > you need to add property?-Dkeycloak.logging.level=debug. See:?https:/> /github.com/keycloak/keycloak/blob/master/testsuite/utils/src/main/re> sources/log4j.properties#L26> > Regards,> Michal Hajas> > On Mon, May 13, 2019 at 2:44 PM Shiva Prasad Thagadur Prakash <shiva.> prasad.thagadur.prakash(a)ericsson.com> wrote:> > Hi Guys,> > How to enable logging on console in development environment? I am> > not> > able to see logs on console when I start keycloak server using "mvn> > -f> > testsuite/utils/pom.xml exec:java -Pkeycloak-server?".?> > > > Thanks,> > Shiva> > > > _______________________________________________> > keycloak-dev mailing list> > keycloak-dev(a)lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-dev--------------------...: 7Date: Mon, 13 May 2019 19:17:09 -0300From: Bruno Oliveira <bruno(a)abstractj.org>Subject: Re: [keycloak-dev] Typescript support for Node.js adapterTo: Stan Silvert <ssilvert(a)redhat.com>Cc: evanshortiss(a)gmail.com, keycloak-dev(a)lists.jboss.orgMessage-ID: <20190513221709.GC1516(a)abstractj.org>Content-Type: text/plain; charset=utf-8Thanks Stan, I'm adding Evan so he can provide his thoughts on it.On 2019-05-10, Stan Silvert wrote:> On 5/10/2019 8:15 AM, Bruno Oliveira wrote:> > If you ask me, I'm not crazy about the idea of providing Typescript> > definitions inside the Node.js adapter. And there's a single request> > from the community about it.> >> > At the same time, it's hard to ignore some numbers. The weekly NPM> > downloads for Typescript is almost 5 million[1] and for ts-node[2] is> > almost 2 million.> >> > The goal of that PR is to provide only the Typescript definitions for> > the Node.js adapter, so that projects using the adapter can benefit from> > it. If we agree to move forward with this, I believe some automated way> > to generate it, has to be provided.> >> > Thoughts?> Yes, you should provide it.? These days, every serious javascript > library is expected to have a definition file.> > I don't think there would be any way to automate creation of the file > unless you write your code in TypeScript.> >> > [1] - https://www.npmjs.com/package/typescript> > [2] - https://www.npmjs.com/package/ts-node> >> > On 2019-05-10, Stian Thorgersen wrote:> >> Is Typescript commonly used in the Node.js community? From what> >> I understand it is very popular with client-side js these days.> >>> >> On Thu, 9 May 2019 at 20:59, Bruno Oliveira <bruno(a)abstractj.org> wrote:> >>> >>> Good morning, we have this PR opened long time ago> >>> https://github.com/keycloak/keycloak-nodejs-connect/pull/123/files.> >>> Before review it and probably update it I would like to ask.> >>>> >>> Is Typescript something that we would like to support in the Node.js> >>> adapter? If your answer is yes, why?> >>>> >>> --> >>> - abstractj> >>> _______________________________________________> >>> keycloak-dev mailing list> >>> keycloak-dev(a)lists.jboss.org> >>> https://lists.jboss.org/mailman/listinfo/keycloak-dev> >>>> > _______________________________________________> keycloak-dev mailing list> keycloak-dev(a)lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-dev-- abstractj------------------------------_______________________________________________keycloak-dev mailing listkeycloak-dev@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-devEnd of keycloak-dev Digest, Vol 71, Issue 7*******************************************
5 years, 4 months
How to enable logging on console for dev environment
by Shiva Prasad Thagadur Prakash
Hi Guys,
How to enable logging on console in development environment? I am not
able to see logs on console when I start keycloak server using "mvn -f
testsuite/utils/pom.xml exec:java -Pkeycloak-server ".
Thanks,
Shiva
5 years, 4 months
Not properly closed connections in org.keycloak.adapters.ServerRequest
by Maksym Gendin
Dear Keycloak developers,
I have noticed a potential problem with closing the connections
in org.keycloak.adapters.ServerRequest#invokeClientManagementRequest method.
I'm facing problems with number of opened files on a linux machine and
trying to identify the source...querying the open connections with netstat
I see a couple of connections in CLOSE_WAIT status from my microservice
instances towards Keycloak...
Can someone confirm me that the ServerRequest class closes the connections
in a proper way?
Best regards
Maksym
5 years, 4 months
Proposal: REST Endpoint for creating TOTP
by Roland Werner
Hi,
I noticed that the REST API (
https://www.keycloak.org/docs-api/6.0/rest-api/index.html) does contain an
endpoint "Remove TOTP from the user", but none that allows to create a TOTP
for a user in the first place.
I'm proposing to add this "create-totp" endpoint and would also contribute
it. The call would look like this:
curl -X PUT -H 'Content-Type: application/json' -H 'Authorization: Bearer
<token>' -i http://
<keycloak-url>:<port>/auth/admin/realms/myrealm/users/<user-id>/create-totp
and the reply as follow:
{
"totpSecret": "aA3mIuIzvxTmC5gqUqpl",
"qrCode": "iVBORw0KGgoAAA...AAABJRU5ErkJggg=="
}
I would check the existence of TOTP on the requested user and would reply
with 400-Bad-Request and the message
{
"errorMessage": "User already has totp. Remove first."
}
in that case (just to make sure that this doesn't happen on accident).
One question in that respect: The JavaDocs of
org.keycloak.representations.idm.UserRepresentation says that isTotp is
deprecated, but doesn't say what to use instead. Can someone point me to
the right direction here?
I am aware that the current practice in Keycloak when adding a TOTP to a
user is to instantly request a generated OTP and only if that is correct
add the credential-type to the user. Obviously this would not apply for the
REST endpoint. However, as the endpoint is only reachable for an admin I
don't think this would result in a significant security loss, especially as
the "remove-totp" endpoint can also be used without the need to enter an
OTP.
I suggest to align the code with the behavior of the remove-totp endpoint,
such that
- it uses PUT
- it is called on given user
- it requires the same admin rights
This reason for my approach is that we want to introduce a process in our
organisation where every user in the given realm is forced to use an OTP to
login and there is no self-registration but instead the users are handed
over the QR-Code outside of Keycloak (on paper or digitally). In the
meantime we use a custom plugin, but I would love to see this also make its
way into the standard Keycloak.
What do you think?
Thanks and Regards,
Roland
5 years, 4 months
mvn install fails
by Chris Smith
A fresh clone from Github and mvn install fails to complete.
Any reason why?
Tests run: 2860, Failures: 0, Errors: 22, Skipped: 211
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Keycloak 7.0.0-SNAPSHOT:
[INFO]
[INFO] Keycloak BOM Parent ................................ SUCCESS [ 11.402 s]
[INFO] Keycloak BOM for adapters .......................... SUCCESS [ 0.111 s]
[INFO] Keycloak BOM for server extensions ................. SUCCESS [ 0.105 s]
[INFO] Keycloak BOM utilities for the quickstarts ......... SUCCESS [ 0.098 s]
[INFO] Keycloak ........................................... SUCCESS [ 1.655 s]
[INFO] Keycloak Common .................................... SUCCESS [ 15.064 s]
[INFO] Keycloak Core ...................................... SUCCESS [ 12.195 s]
[INFO] Keycloak Dependencies Parent ....................... SUCCESS [ 0.130 s]
[INFO] Keycloak Drools BOM ................................ SUCCESS [ 0.129 s]
[INFO] Keycloak Server SPI ................................ SUCCESS [ 3.287 s]
[INFO] Keycloak Server Private SPI ........................ SUCCESS [ 8.419 s]
[INFO] Keycloak Kerberos Federation ....................... SUCCESS [ 0.910 s]
[INFO] Keycloak LDAP UserStoreProvider .................... SUCCESS [ 7.065 s]
[INFO] Keycloak SAML Core Public API ...................... SUCCESS [ 2.849 s]
[INFO] Keycloak SAML Core ................................. SUCCESS [ 9.528 s]
[INFO] Keycloak REST Services ............................. SUCCESS [ 25.199 s]
[INFO] Keycloak JS Integration ............................ SUCCESS [ 5.176 s]
[INFO] Keycloak Themes .................................... SUCCESS [ 9.625 s]
[INFO] Keycloak Dependencies Server Min ................... SUCCESS [ 0.139 s]
[INFO] Keycloak Model Parent .............................. SUCCESS [ 0.139 s]
[INFO] Keycloak Model JPA ................................. SUCCESS [ 7.185 s]
[INFO] Keycloak Model Infinispan .......................... SUCCESS [ 13.296 s]
[INFO] Keycloak SSSD Federation ........................... SUCCESS [ 5.565 s]
[INFO] KeyCloak Authz: Parent ............................. SUCCESS [ 0.222 s]
[INFO] KeyCloak AuthZ: Provider Parent .................... SUCCESS [ 0.182 s]
[INFO] KeyCloak AuthZ: Common Policy Providers ............ SUCCESS [ 2.537 s]
[INFO] KeyCloak AuthZ: Drools Policy Provider ............. SUCCESS [ 1.934 s]
[INFO] Keycloak Dependencies Server All ................... SUCCESS [ 0.195 s]
[INFO] Keycloak Federation ................................ SUCCESS [ 0.220 s]
[INFO] Keycloak Util Embedded LDAP ........................ SUCCESS [ 3.089 s]
[INFO] Keycloak Util Parent ............................... SUCCESS [ 0.209 s]
[INFO] Keycloak WildFly Integration ....................... SUCCESS [ 0.184 s]
[INFO] Keycloak WildFly Add User Script ................... SUCCESS [ 1.151 s]
[INFO] Keycloak WildFly Extensions ........................ SUCCESS [ 1.184 s]
[INFO] Keycloak WildFly Server Subsystem .................. SUCCESS [ 8.763 s]
[INFO] Keycloak Integration ............................... SUCCESS [ 0.133 s]
[INFO] Keycloak Admin REST Client ......................... SUCCESS [ 1.111 s]
[INFO] Keycloak Client Registration API ................... SUCCESS [ 0.736 s]
[INFO] Keycloak Client CLI ................................ SUCCESS [ 0.133 s]
[INFO] Keycloak Client Registration CLI ................... SUCCESS [ 6.737 s]
[INFO] Keycloak Admin CLI ................................. SUCCESS [ 5.972 s]
[INFO] Keycloak Client CLI Distribution ................... SUCCESS [ 3.475 s]
[INFO] Keycloak Adapter SPI ............................... SUCCESS [ 0.939 s]
[INFO] Keycloak Tomcat Adapter SPI ........................ SUCCESS [ 0.822 s]
[INFO] Keycloak Undertow Integration SPI .................. SUCCESS [ 1.166 s]
[INFO] Keycloak Servlet Integration ....................... SUCCESS [ 0.828 s]
[INFO] Common JBoss/Wildfly Core Classes .................. SUCCESS [ 0.591 s]
[INFO] Keycloak Jetty Adapter SPI ......................... SUCCESS [ 0.928 s]
[INFO] Keycloak Client Adapter SPI Modules ................ SUCCESS [ 0.163 s]
[INFO] Keycloak SAML Client Adapter Public API ............ SUCCESS [ 0.621 s]
[INFO] Keycloak SAML Client Adapter Core .................. SUCCESS [ 5.196 s]
[INFO] Keycloak Undertow SAML Adapter ..................... SUCCESS [ 1.009 s]
[INFO] Keycloak SAML Tomcat Integration ................... SUCCESS [ 0.165 s]
[INFO] Keycloak Tomcat Core SAML Integration .............. SUCCESS [ 0.839 s]
[INFO] Keycloak Tomcat 8 SAML Integration ................. SUCCESS [ 0.743 s]
[INFO] Keycloak Tomcat 6 Saml Integration ................. SUCCESS [ 0.617 s]
[INFO] Keycloak Tomcat 7 SAML Integration ................. SUCCESS [ 0.625 s]
[INFO] Keycloak Wildfly SAML Adapter ...................... SUCCESS [ 0.999 s]
[INFO] KeyCloak Authz: Client API ......................... SUCCESS [ 1.963 s]
[INFO] Keycloak Adapter Core .............................. SUCCESS [ 6.558 s]
[INFO] Keycloak WildFly Elytron SAML Adapter .............. SUCCESS [ 1.130 s]
[INFO] Keycloak Wildfly SAML Adapter Subsystem ............ SUCCESS [ 7.527 s]
[INFO] Keycloak SAML Wildfly Integration .................. SUCCESS [ 0.146 s]
[INFO] Keycloak AS7 / JBoss EAP 6 Integration ............. SUCCESS [ 0.183 s]
[INFO] Keycloak AS7 SPI ................................... SUCCESS [ 3.170 s]
[INFO] Keycloak SAML EAP Integration ...................... SUCCESS [ 0.130 s]
[INFO] Keycloak SAML AS7 Integration ...................... SUCCESS [ 1.062 s]
[INFO] Keycloak SAML AS7 Subsystem ........................ SUCCESS [ 5.323 s]
[INFO] Keycloak SAML Servlet Filter ....................... SUCCESS [ 0.804 s]
[INFO] Keycloak Jetty Core SAML Integration ............... SUCCESS [ 0.865 s]
[INFO] Keycloak Jetty 9.2.x SAML Integration .............. SUCCESS [ 0.820 s]
[INFO] Keycloak Jetty 9.3.x SAML Integration .............. SUCCESS [ 0.894 s]
[INFO] Keycloak Jetty 9.4.x SAML Integration .............. SUCCESS [ 1.066 s]
[INFO] Keycloak SAML Jetty Integration .................... SUCCESS [ 0.144 s]
[INFO] Keycloak SAML Client Adapter Modules ............... SUCCESS [ 0.132 s]
[INFO] Keycloak Tomcat Integration ........................ SUCCESS [ 0.140 s]
[INFO] Keycloak Tomcat Core Integration ................... SUCCESS [ 0.758 s]
[INFO] Keycloak AS7 Integration ........................... SUCCESS [ 0.906 s]
[INFO] Keycloak AS7 Subsystem ............................. SUCCESS [ 4.368 s]
[INFO] Keycloak Installed Application ..................... SUCCESS [ 1.609 s]
[INFO] Keycloak Undertow Integration ...................... SUCCESS [ 2.295 s]
[INFO] Keycloak Fuse 7.0 Integration ...................... SUCCESS [ 0.161 s]
[INFO] Keycloak Fuse 7.0 Adapter - Camel + Undertow ....... SUCCESS [ 1.773 s]
[INFO] Keycloak OSGI Adapter .............................. SUCCESS [ 3.531 s]
[INFO] Keycloak Fuse 7.0 Adapter - Undertow ............... SUCCESS [ 1.514 s]
[INFO] Keycloak Jetty Core Integration .................... SUCCESS [ 1.175 s]
[INFO] Keycloak Jetty 9.4.x Integration ................... SUCCESS [ 0.945 s]
[INFO] Keycloak Fuse 7.0 Adapter - Jetty 9.4 .............. SUCCESS [ 1.345 s]
[INFO] Keycloak Tomcat 8 Integration ...................... SUCCESS [ 0.767 s]
[INFO] Keycloak Fuse 7.0 Adapter - Tomcat 8 ............... SUCCESS [ 1.105 s]
[INFO] Keycloak CLI SSO Framework ......................... SUCCESS [ 4.620 s]
[INFO] Keycloak JAX-RS OAuth Client ....................... SUCCESS [ 1.314 s]
[INFO] Keycloak Jetty 9.2.x Integration ................... SUCCESS [ 1.142 s]
[INFO] Keycloak Jetty 9.3.x Integration ................... SUCCESS [ 1.144 s]
[INFO] Keycloak Jetty Integration ......................... SUCCESS [ 0.173 s]
[INFO] Keycloak Servlet Filter Adapter Integration ........ SUCCESS [ 1.061 s]
[INFO] Keycloak Servlet OAuth Client ...................... SUCCESS [ 4.150 s]
[INFO] spring-boot-container-bundle ....................... SUCCESS [ 1.761 s]
[INFO] Keycloak Spring Security Integration ............... SUCCESS [ 8.449 s]
[INFO] Keycloak Spring Boot Adapter Core .................. SUCCESS [ 1.759 s]
[INFO] Keycloak Spring Boot Integration ................... SUCCESS [ 4.437 s]
[INFO] Keycloak Spring Boot 2 Integration ................. SUCCESS [ 4.172 s]
[INFO] Keycloak Tomcat 6 Integration ...................... SUCCESS [ 0.689 s]
[INFO] Keycloak Tomcat 7 Integration ...................... SUCCESS [ 0.761 s]
[INFO] Keycloak Wildfly Integration ....................... SUCCESS [ 0.998 s]
[INFO] Keycloak Wildfly Elytron OIDC Adapter .............. SUCCESS [ 1.763 s]
[INFO] Keycloak Wildfly Adapter Subsystem ................. SUCCESS [ 8.862 s]
[INFO] Keycloak Wildfly 8 Adapter Subsystem ............... SUCCESS [ 5.703 s]
[INFO] Keycloak WildFly Integration ....................... SUCCESS [ 0.138 s]
[INFO] Keycloak OIDC Client Adapter Modules ............... SUCCESS [ 0.124 s]
[INFO] Keycloak Adapters .................................. SUCCESS [ 0.130 s]
[INFO] Keycloak Misc ...................................... SUCCESS [ 0.138 s]
[INFO] Keycloak :: Spring :: Boot ......................... SUCCESS [ 0.148 s]
[INFO] Keycloak :: Spring :: Boot :: Default :: Starter .. SUCCESS [ 0.371 s]
[INFO] Keycloak :: Spring :: Boot ......................... SUCCESS [ 0.139 s]
[INFO] Keycloak :: Legacy :: Spring :: Boot :: Default :: Starter SUCCESS [ 0.388 s]
[INFO] keycloak-test-helper ............................... SUCCESS [ 0.937 s]
[INFO] Keycloak TestSuite ................................. SUCCESS [ 0.128 s]
[INFO] DB Allocator Plugin ................................ SUCCESS [ 14.444 s]
[INFO] Keycloak Arquillian Integration TestSuite .......... SUCCESS [ 0.212 s]
[INFO] Test apps .......................................... SUCCESS [ 0.144 s]
[INFO] Test apps distribution ............................. SUCCESS [ 7.201 s]
[INFO] Keycloak Authz: PhotoZ Test Parent ................ SUCCESS [ 0.145 s]
[INFO] Keycloak Authz Test: Photoz RESTful API ............ SUCCESS [ 1.871 s]
[INFO] Keycloak Authz Tests: Photoz HTML5 Client .......... SUCCESS [ 1.330 s]
[INFO] Keycloak Authz Tests: Photoz Authz Rule-based Policy SUCCESS [ 0.442 s]
[INFO] Keycloak Authz Tests: Hello World Example .......... SUCCESS [ 0.406 s]
[INFO] Keycloak Authz: Servlet Authorization Test ......... SUCCESS [ 0.577 s]
[INFO] Keycloak Authz: Simple Servlet App with Policy Enforcer SUCCESS [ 0.393 s]
[INFO] integration-arquillian-test-apps-servlets .......... SUCCESS [ 1.327 s]
[INFO] Keycloak Test App Profile JEE ...................... SUCCESS [ 0.638 s]
[INFO] integration-arquillian-test-apps-cors-parent ....... SUCCESS [ 0.144 s]
[INFO] Angular Product Portal JS .......................... SUCCESS [ 2.995 s]
[INFO] JAX-RS Database Service Using OAuth Bearer Tokens .. SUCCESS [ 0.728 s]
[INFO] Fuse Test Applications ............................. SUCCESS [ 0.139 s]
[INFO] Customer Portal - Secured in Karaf/Fuse ............ SUCCESS [ 1.778 s]
[INFO] CXF JAXRS Example - Secured in Karaf/Fuse .......... SUCCESS [ 2.099 s]
[INFO] CXF JAXRS Example - Secured in Karaf/Fuse 7.0 on Undertow SUCCESS [ 0.798 s]
[INFO] CXF JAXWS Example - Secured in Karaf/Fuse .......... SUCCESS [ 1.012 s]
[INFO] CXF JAXWS Example - Secured in Karaf/Fuse 7.0 on Undertow SUCCESS [ 0.830 s]
[INFO] Product Portal - Secured in Karaf/Fuse ............. SUCCESS [ 0.960 s]
[INFO] Product Portal - Secured in Karaf/Fuse 7.0 on Undertow SUCCESS [ 1.012 s]
[INFO] Camel endpoint example - Secured in Karaf/Fuse ..... SUCCESS [ 0.779 s]
[INFO] Camel endpoint example - Secured in Karaf/Fuse 7.0 on Undertow SUCCESS [ 0.879 s]
[INFO] Keycloak Fuse Example - Features ................... SUCCESS [ 0.670 s]
[INFO] Keycloak Examples - External Config ................ SUCCESS [ 0.776 s]
[INFO] spring-boot-adapter ................................ SUCCESS [ 1.358 s]
[INFO] spring-boot-adapter-2 .............................. SUCCESS [ 1.571 s]
[INFO] spring-boot-adapter-21 ............................. SUCCESS [ 1.435 s]
[INFO] Servers ............................................ SUCCESS [ 0.152 s]
[INFO] Auth Server ........................................ SUCCESS [ 0.127 s]
[INFO] Auth Server Services ............................... SUCCESS [ 0.129 s]
[INFO] Auth Server Services - Testsuite Providers ......... SUCCESS [ 5.076 s]
[INFO] Auth Server - JBoss ................................ SUCCESS [ 0.131 s]
[INFO] Keycloak TestSuite Utils ........................... SUCCESS [ 2.794 s]
[INFO] Test Util .......................................... SUCCESS [ 1.798 s]
[INFO] Auth Server - Undertow ............................. SUCCESS [ 2.305 s]
[INFO] App Server ......................................... SUCCESS [ 0.137 s]
[INFO] App Server - SPI ................................... SUCCESS [ 0.541 s]
[INFO] App Server - JBoss ................................. SUCCESS [ 0.132 s]
[INFO] App Server - Karaf ................................. SUCCESS [ 0.127 s]
[INFO] App Server - Tomcat ................................ SUCCESS [ 0.130 s]
[INFO] App Server - Undertow .............................. SUCCESS [ 1.122 s]
[INFO] App Server - Jetty Parent .......................... SUCCESS [ 0.151 s]
[INFO] Cache Server ....................................... SUCCESS [ 0.119 s]
[INFO] Cache Server - JBoss Family ........................ SUCCESS [ 0.124 s]
[INFO] Tests .............................................. SUCCESS [ 0.493 s]
[INFO] Base TestSuite ..................................... FAILURE [ 01:45 h]
[INFO] Other Tests Modules ................................ SKIPPED
[INFO] Adapter Tests ...................................... SKIPPED
[INFO] Adapter Tests - JBoss .............................. SKIPPED
[INFO] Adapter Tests - Karaf .............................. SKIPPED
[INFO] Adapter Tests - WAS ................................ SKIPPED
[INFO] Adapter Tests - WLS ................................ SKIPPED
[INFO] SSSD tests ......................................... SKIPPED
[INFO] integration-arquillian-tests-springboot ............ SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:51 h
[INFO] Finished at: 2019-04-23T19:51:55+08:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.19.1:test (default-test) on project integration-arquillian-tests-base: There are test failures.
[ERROR]
[ERROR] Please refer to C:\Users\christopher.smith\Documents\keycloak\workspace\keycloak-parent\testsuite\integration-arquillian\tests\base\target\surefire-reports for the individual test results.
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :integration-arquillian-tests-base
C:\Users\christopher.smith\Documents\keycloak\workspace\keycloak-parent>
5 years, 4 months
Proposal: Improvements to IdpUsernamePasswordForm
by Dmitry Telegin
Hi,
I'm currently working to implement the following requirements:
- users are managed externally via LDAP, self-registrations disabled;
- there is an external IdP;
- generally, there is no way to automatically match IdP identity with Keycloak's one, so IdP linking will always be performed by the user manually;
- in order to do that, the user should click the IdP icon in the login screen, authenticate with the IdP, get back to Keycloak and "claim" his/her Keycloak account by entering correct username and password.
Currently, the closest thing in Keycloak is o.k.authentication.authenticators.broker.IdpUsernamePasswordForm (aka "idp-username-password-form", aka "Username Password Form for identity provider reauthentication").
However, it 1) prefills username field and makes it non-editable, 2) depends on the preceding IdpCreateUserIfUniqueAuthenticator execution to provide existing user model (EXISTING_USER_INFO auth note).
My proposal is to improve IdpUsernamePasswordForm by allowing its execution even without the preceding IdpCreateUserIfUniqueAuthenticator. In the absence of EXISTING_USER_INFO, IdpUsernamePasswordForm should allow the user to manually enter username.
Please let me know if you think it's worth having this in Keycloak. Regards,
Dmitry
5 years, 4 months