Re: [keycloak-dev] Are we all set?

From: "Bill Burke" <bburke(a)redhat.com&gt; To: "Marek Posolda" <mposolda(a)redhat.com&gt;, "Stian Thorgersen" <stian(a)redhat.com&gt; Cc: keycloak-dev(a)lists.jboss.org Sent: Wednesday, 10 September, 2014 4:35:53 PM Subject: Re: [keycloak-dev] Are we all set? Yeah, take a break, celebrate! Wish we could all go out and have a beer.

On 9/10/2014 10:35 AM, Marek Posolda wrote: > Ok, will just create JIRAs for next version. > > Marek > > On 10.9.2014 16:31, Bill Burke wrote: >> Yeah, just wait IMO. >> >> On 9/10/2014 10:27 AM, Marek Posolda wrote: >>> I've pushed the fix for reduced INFO logging level. >>> >>> I've found few other things during quick testing like: >>> >>> - Users can register with invalid email like "aaa" . Also they can >>> change their email in account management to "aaa". Just keycloak admin >>> console is fine and allows to save just valid email ( >>> >>> - In account management, when I fill firstName, lastName for admin user >>> and won't fill email and then click "Save", it displays me error message >>> "You didn't specify email", which is correct. But firstName and lastName >>> are cleared too. Similar can be reproduced when updating user. Basically >>> Account mgmt form is always reading persistent values from DB and >>> ignores values previously filled by user before failed validation. >>> >>> I guess these are not blocker for release and especially the second one >>> might be risky to fix now? wdyt? >>> >>> Marek >>> >>> On 10.9.2014 15:49, Marek Posolda wrote: >>>> Hi Bill, >>>> >>>> I am on reducing INFO stuff and will commit the fix in few minutes. >>>> Will >>>> let you know again once it's done. >>>> >>>> Marek >>>> >>>> On 10.9.2014 15:37, Bill Burke wrote: >>>>> I'll handle the logging stuff if Marek hasn't gotten to it yet. Thanks >>>>> for doing all the issues reported by Marek last night. >>>>> >>>>> i'll run my last tests using IE and EAP 6.3 to make sure we're good on >>>>> those platforms. >>>>> >>>>> On 9/10/2014 9:28 AM, Stian Thorgersen wrote: >>>>>> There's no Safari issue after all! So we're good to go. >>>>>> >>>>>> ----- Original Message ----- >>>>>>> From: "Bill Burke" <bburke(a)redhat.com&gt; >>>>>>> To: "Stian Thorgersen" <stian(a)redhat.com&gt; >>>>>>> Cc: keycloak-dev(a)lists.jboss.org >>>>>>> Sent: Wednesday, 10 September, 2014 3:03:12 PM >>>>>>> Subject: Re: [keycloak-dev] Are we all set? >>>>>>> >>>>>>> I'm charging up my macbook. I'll look into it. >>>>>>> >>>>>>> On 9/10/2014 8:49 AM, Stian Thorgersen wrote: >>>>>>>> Apparently login with keycloak.js doesn't work on Safari >>>>>>>> (https://issues.jboss.org/browse/KEYCLOAK-675). We need to fix >>>>>>>> this before >>>>>>>> releasing :/ >>>>>>>> >>>>>>>> ----- Original Message ----- >>>>>>>>> From: "Stian Thorgersen" <stian(a)redhat.com&gt; >>>>>>>>> To: "Bill Burke" <bburke(a)redhat.com&gt; >>>>>>>>> Cc: keycloak-dev(a)lists.jboss.org >>>>>>>>> Sent: Wednesday, 10 September, 2014 2:11:34 PM >>>>>>>>> Subject: Re: [keycloak-dev] Are we all set? >>>>>>>>> >>>>>>>>> We also need to reduce info level log output from adapters. I did >>>>>>>>> this for >>>>>>>>> the server for rc-2, but completely forgot about adapters. >>>>>>>>> Marek is >>>>>>>>> already >>>>>>>>> working on this, and I guess it shouldn't take very long. >>>>>>>>> >>>>>>>>> ----- Original Message ----- >>>>>>>>>> From: "Stian Thorgersen" <stian(a)redhat.com&gt; >>>>>>>>>> To: "Bill Burke" <bburke(a)redhat.com&gt; >>>>>>>>>> Cc: keycloak-dev(a)lists.jboss.org >>>>>>>>>> Sent: Wednesday, 10 September, 2014 10:37:15 AM >>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ----- Original Message ----- >>>>>>>>>>> From: "Bill Burke" <bburke(a)redhat.com&gt; >>>>>>>>>>> To: "Marek Posolda" <mposolda(a)redhat.com&gt;, "Stian Thorgersen" >>>>>>>>>>> <stian(a)redhat.com&gt; >>>>>>>>>>> Cc: keycloak-dev(a)lists.jboss.org >>>>>>>>>>> Sent: Wednesday, 10 September, 2014 3:09:20 AM >>>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 9/9/2014 5:47 PM, Marek Posolda wrote: >>>>>>>>>>>> Hi, >>>>>>>>>>>> >>>>>>>>>>>> I am sorry to not help more with the release as I needed to >>>>>>>>>>>> work >>>>>>>>>>>> especially on some portal related stuff last weeks (hopefully >>>>>>>>>>>> it's gone >>>>>>>>>>>> now)... >>>>>>>>>>>> >>>>>>>>>>>> Found couple of things: >>>>>>>>>>>> * AccountService is actually broken for me in Chrome due to >>>>>>>>>>>> latest CSRF >>>>>>>>>>>> stuff. In FF it works fine, but in Chrome I can't update >>>>>>>>>>>> account or >>>>>>>>>>>> password. For some reason Chrome is always adding "Origin" >>>>>>>>>>>> header to >>>>>>>>>>>> the >>>>>>>>>>>> update requests (even if they are not ajax requests). So the >>>>>>>>>>>> newly >>>>>>>>>>>> added >>>>>>>>>>>> condition for CSRF in AccountService.init will always fail. I >>>>>>>>>>>> have >>>>>>>>>>>> Chrome 37.0.2062.94 (64-bit) . >>>>>>>>>>>> >>>>>>>>>>> Ok, I thought Origin header wasn't supposed to be sent with >>>>>>>>>>> Browser >>>>>>>>>>> requests. I can probably fix this by allowing same origin. >>>>>>>>>> Added fix to allow same origin. I also added check of 'Referer' >>>>>>>>>> header to >>>>>>>>>> make sure it's same origin as well. >>>>>>>>>> >>>>>>>>>>>> * ServerInfo request >>>>>>>>>>>> (http://localhost:8080/auth/admin/serverinfo) is >>>>>>>>>>>> not available with CORS . I've created JIRA >>>>>>>>>>>> https://issues.jboss.org/browse/KEYCLOAK-670 and send PR >>>>>>>>>>>> https://github.com/keycloak/keycloak/pull/683 for this, which >>>>>>>>>>>> is adding >>>>>>>>>>>> authentication for ServerInfoAdminResource and then it use >>>>>>>>>>>> allowOrigins >>>>>>>>>>>> from the authenticated bearer token. Admin console is already >>>>>>>>>>>> using >>>>>>>>>>>> bearer token for sending ServerInfo requests, so no changes >>>>>>>>>>>> are needed >>>>>>>>>>>> here. I believe that ServerInfoAdminResource should be >>>>>>>>>>>> authenticated >>>>>>>>>>>> (don't know why stuff like available social providers or >>>>>>>>>>>> themes should >>>>>>>>>>>> be publicly available). Let me know if you seeing issues with >>>>>>>>>>>> it. I did >>>>>>>>>>>> not merge PR so far as version in master is already changed to >>>>>>>>>>>> 1.0-Final >>>>>>>>>>>> so not sure what is the state of the release . >>>>>>>>>>>> >>>>>>>>>>> Merge it. >>>>>>>>>>> >>>>>>>>>>>> * Realm public resource >>>>>>>>>>>> (http://localhost:8080/auth/realms/master) is >>>>>>>>>>>> also not available for CORS requests. Not sure if this is an >>>>>>>>>>>> issue or >>>>>>>>>>>> not? Thing is that unauthenticated requests can't use CORS at >>>>>>>>>>>> this >>>>>>>>>>>> moment as I don't know what allowedOrigins to use. Only option >>>>>>>>>>>> is to >>>>>>>>>>>> allow it for all allowedOrigins (send same >>>>>>>>>>>> "Access-Control-Allow-Origin" >>>>>>>>>>>> as original value of "Origin" header from the request) >>>>>>>>>>>> >>>>>>>>>>>> * There is still quite a lot of INFO logging . For example >>>>>>>>>>>> when I send >>>>>>>>>>>> product request from the cors-demo example I have 6 new INFO >>>>>>>>>>>> messages >>>>>>>>>>>> in >>>>>>>>>>>> log (Mainly from org.keycloak.adapters package) >>>>>>>>>>>> >>>>>>>>>>> Ping me on your status tomorrow (Wednesday). I'll complete >>>>>>>>>>> whatever you >>>>>>>>>>> don't finish above. >>>>>>>>>>> >>>>>>>>>>> Thanks. >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Bill Burke >>>>>>>>>>> JBoss, a division of Red Hat >>>>>>>>>>> http://bill.burkecentral.com >>>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> keycloak-dev mailing list >>>>>>>>>> keycloak-dev(a)lists.jboss.org >>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev >>>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> keycloak-dev mailing list >>>>>>>>> keycloak-dev(a)lists.jboss.org >>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev >>>>>>>>> >>>>>>> -- >>>>>>> Bill Burke >>>>>>> JBoss, a division of Red Hat >>>>>>> http://bill.burkecentral.com >>>>>>> >>>> _______________________________________________ >>>> keycloak-dev mailing list >>>> keycloak-dev(a)lists.jboss.org >>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev >>> >> > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com