Re: [keycloak-dev] Are we all set?

----- Original Message ----- > From: "Bill Burke" <bburke(a)redhat.com&gt; > To: "Marek Posolda" <mposolda(a)redhat.com&gt;, "Stian Thorgersen" <stian(a)redhat.com&gt; > Cc: keycloak-dev(a)lists.jboss.org > Sent: Wednesday, 10 September, 2014 4:35:53 PM > Subject: Re: [keycloak-dev] Are we all set? > > Yeah, take a break, celebrate! Wish we could all go out and have a beer. Just one beer? ;)

> On 9/10/2014 10:35 AM, Marek Posolda wrote: >> Ok, will just create JIRAs for next version. >> >> Marek >> >> On 10.9.2014 16:31, Bill Burke wrote: >>> Yeah, just wait IMO. >>> >>> On 9/10/2014 10:27 AM, Marek Posolda wrote: >>>> I've pushed the fix for reduced INFO logging level. >>>> >>>> I've found few other things during quick testing like: >>>> >>>> - Users can register with invalid email like "aaa" . Also they can >>>> change their email in account management to "aaa". Just keycloak admin >>>> console is fine and allows to save just valid email ( >>>> >>>> - In account management, when I fill firstName, lastName for admin user >>>> and won't fill email and then click "Save", it displays me error message >>>> "You didn't specify email", which is correct. But firstName and lastName >>>> are cleared too. Similar can be reproduced when updating user. Basically >>>> Account mgmt form is always reading persistent values from DB and >>>> ignores values previously filled by user before failed validation. >>>> >>>> I guess these are not blocker for release and especially the second one >>>> might be risky to fix now? wdyt? >>>> >>>> Marek >>>> >>>> On 10.9.2014 15:49, Marek Posolda wrote: >>>>> Hi Bill, >>>>> >>>>> I am on reducing INFO stuff and will commit the fix in few minutes. >>>>> Will >>>>> let you know again once it's done. >>>>> >>>>> Marek >>>>> >>>>> On 10.9.2014 15:37, Bill Burke wrote: >>>>>> I'll handle the logging stuff if Marek hasn't gotten to it yet. Thanks >>>>>> for doing all the issues reported by Marek last night. >>>>>> >>>>>> i'll run my last tests using IE and EAP 6.3 to make sure we're good on >>>>>> those platforms. >>>>>> >>>>>> On 9/10/2014 9:28 AM, Stian Thorgersen wrote: >>>>>>> There's no Safari issue after all! So we're good to go. >>>>>>> >>>>>>> ----- Original Message ----- >>>>>>>> From: "Bill Burke" <bburke(a)redhat.com&gt; >>>>>>>> To: "Stian Thorgersen" <stian(a)redhat.com&gt; >>>>>>>> Cc: keycloak-dev(a)lists.jboss.org >>>>>>>> Sent: Wednesday, 10 September, 2014 3:03:12 PM >>>>>>>> Subject: Re: [keycloak-dev] Are we all set? >>>>>>>> >>>>>>>> I'm charging up my macbook. I'll look into it. >>>>>>>> >>>>>>>> On 9/10/2014 8:49 AM, Stian Thorgersen wrote: >>>>>>>>> Apparently login with keycloak.js doesn't work on Safari >>>>>>>>> (https://issues.jboss.org/browse/KEYCLOAK-675). We need to fix >>>>>>>>> this before >>>>>>>>> releasing :/ >>>>>>>>> >>>>>>>>> ----- Original Message ----- >>>>>>>>>> From: "Stian Thorgersen" <stian(a)redhat.com&gt; >>>>>>>>>> To: "Bill Burke" <bburke(a)redhat.com&gt; >>>>>>>>>> Cc: keycloak-dev(a)lists.jboss.org >>>>>>>>>> Sent: Wednesday, 10 September, 2014 2:11:34 PM >>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set? >>>>>>>>>> >>>>>>>>>> We also need to reduce info level log output from adapters. I did >>>>>>>>>> this for >>>>>>>>>> the server for rc-2, but completely forgot about adapters. >>>>>>>>>> Marek is >>>>>>>>>> already >>>>>>>>>> working on this, and I guess it shouldn't take very long. >>>>>>>>>> >>>>>>>>>> ----- Original Message ----- >>>>>>>>>>> From: "Stian Thorgersen" <stian(a)redhat.com&gt; >>>>>>>>>>> To: "Bill Burke" <bburke(a)redhat.com&gt; >>>>>>>>>>> Cc: keycloak-dev(a)lists.jboss.org >>>>>>>>>>> Sent: Wednesday, 10 September, 2014 10:37:15 AM >>>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ----- Original Message ----- >>>>>>>>>>>> From: "Bill Burke" <bburke(a)redhat.com&gt; >>>>>>>>>>>> To: "Marek Posolda" <mposolda(a)redhat.com&gt;, "Stian Thorgersen" >>>>>>>>>>>> <stian(a)redhat.com&gt; >>>>>>>>>>>> Cc: keycloak-dev(a)lists.jboss.org >>>>>>>>>>>> Sent: Wednesday, 10 September, 2014 3:09:20 AM >>>>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set? >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On 9/9/2014 5:47 PM, Marek Posolda wrote: >>>>>>>>>>>>> Hi, >>>>>>>>>>>>> >>>>>>>>>>>>> I am sorry to not help more with the release as I needed to >>>>>>>>>>>>> work >>>>>>>>>>>>> especially on some portal related stuff last weeks (hopefully >>>>>>>>>>>>> it's gone >>>>>>>>>>>>> now)... >>>>>>>>>>>>> >>>>>>>>>>>>> Found couple of things: >>>>>>>>>>>>> * AccountService is actually broken for me in Chrome due to >>>>>>>>>>>>> latest CSRF >>>>>>>>>>>>> stuff. In FF it works fine, but in Chrome I can't update >>>>>>>>>>>>> account or >>>>>>>>>>>>> password. For some reason Chrome is always adding "Origin" >>>>>>>>>>>>> header to >>>>>>>>>>>>> the >>>>>>>>>>>>> update requests (even if they are not ajax requests). So the >>>>>>>>>>>>> newly >>>>>>>>>>>>> added >>>>>>>>>>>>> condition for CSRF in AccountService.init will always fail. I >>>>>>>>>>>>> have >>>>>>>>>>>>> Chrome 37.0.2062.94 (64-bit) . >>>>>>>>>>>>> >>>>>>>>>>>> Ok, I thought Origin header wasn't supposed to be sent with >>>>>>>>>>>> Browser >>>>>>>>>>>> requests. I can probably fix this by allowing same origin. >>>>>>>>>>> Added fix to allow same origin. I also added check of 'Referer' >>>>>>>>>>> header to >>>>>>>>>>> make sure it's same origin as well. >>>>>>>>>>> >>>>>>>>>>>>> * ServerInfo request >>>>>>>>>>>>> (http://localhost:8080/auth/admin/serverinfo) is >>>>>>>>>>>>> not available with CORS . I've created JIRA >>>>>>>>>>>>> https://issues.jboss.org/browse/KEYCLOAK-670 and send PR >>>>>>>>>>>>> https://github.com/keycloak/keycloak/pull/683 for this, which >>>>>>>>>>>>> is adding >>>>>>>>>>>>> authentication for ServerInfoAdminResource and then it use >>>>>>>>>>>>> allowOrigins >>>>>>>>>>>>> from the authenticated bearer token. Admin console is already >>>>>>>>>>>>> using >>>>>>>>>>>>> bearer token for sending ServerInfo requests, so no changes >>>>>>>>>>>>> are needed >>>>>>>>>>>>> here. I believe that ServerInfoAdminResource should be >>>>>>>>>>>>> authenticated >>>>>>>>>>>>> (don't know why stuff like available social providers or >>>>>>>>>>>>> themes should >>>>>>>>>>>>> be publicly available). Let me know if you seeing issues with >>>>>>>>>>>>> it. I did >>>>>>>>>>>>> not merge PR so far as version in master is already changed to >>>>>>>>>>>>> 1.0-Final >>>>>>>>>>>>> so not sure what is the state of the release . >>>>>>>>>>>>> >>>>>>>>>>>> Merge it. >>>>>>>>>>>> >>>>>>>>>>>>> * Realm public resource >>>>>>>>>>>>> (http://localhost:8080/auth/realms/master) is >>>>>>>>>>>>> also not available for CORS requests. Not sure if this is an >>>>>>>>>>>>> issue or >>>>>>>>>>>>> not? Thing is that unauthenticated requests can't use CORS at >>>>>>>>>>>>> this >>>>>>>>>>>>> moment as I don't know what allowedOrigins to use. Only option >>>>>>>>>>>>> is to >>>>>>>>>>>>> allow it for all allowedOrigins (send same >>>>>>>>>>>>> "Access-Control-Allow-Origin" >>>>>>>>>>>>> as original value of "Origin" header from the request) >>>>>>>>>>>>> >>>>>>>>>>>>> * There is still quite a lot of INFO logging . For example >>>>>>>>>>>>> when I send >>>>>>>>>>>>> product request from the cors-demo example I have 6 new INFO >>>>>>>>>>>>> messages >>>>>>>>>>>>> in >>>>>>>>>>>>> log (Mainly from org.keycloak.adapters package) >>>>>>>>>>>>> >>>>>>>>>>>> Ping me on your status tomorrow (Wednesday). I'll complete >>>>>>>>>>>> whatever you >>>>>>>>>>>> don't finish above. >>>>>>>>>>>> >>>>>>>>>>>> Thanks. >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Bill Burke >>>>>>>>>>>> JBoss, a division of Red Hat >>>>>>>>>>>> http://bill.burkecentral.com >>>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> keycloak-dev mailing list >>>>>>>>>>> keycloak-dev(a)lists.jboss.org >>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev >>>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> keycloak-dev mailing list >>>>>>>>>> keycloak-dev(a)lists.jboss.org >>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev >>>>>>>>>> >>>>>>>> -- >>>>>>>> Bill Burke >>>>>>>> JBoss, a division of Red Hat >>>>>>>> http://bill.burkecentral.com >>>>>>>> >>>>> _______________________________________________ >>>>> keycloak-dev mailing list >>>>> keycloak-dev(a)lists.jboss.org >>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com >