Re: [keycloak-dev] Are we all set?

Apparently login with keycloak.js doesn't work on Safari (https://issues.jboss.org/browse/KEYCLOAK-675). We need to fix this before releasing :/ ----- Original Message ----- > From: "Stian Thorgersen" <stian(a)redhat.com&gt; > To: "Bill Burke" <bburke(a)redhat.com&gt; > Cc: keycloak-dev(a)lists.jboss.org > Sent: Wednesday, 10 September, 2014 2:11:34 PM > Subject: Re: [keycloak-dev] Are we all set? > > We also need to reduce info level log output from adapters. I did this for > the server for rc-2, but completely forgot about adapters. Marek is already > working on this, and I guess it shouldn't take very long. > > ----- Original Message ----- >> From: "Stian Thorgersen" <stian(a)redhat.com&gt; >> To: "Bill Burke" <bburke(a)redhat.com&gt; >> Cc: keycloak-dev(a)lists.jboss.org >> Sent: Wednesday, 10 September, 2014 10:37:15 AM >> Subject: Re: [keycloak-dev] Are we all set? >> >> >> >> ----- Original Message ----- >>> From: "Bill Burke" <bburke(a)redhat.com&gt; >>> To: "Marek Posolda" <mposolda(a)redhat.com&gt;, "Stian Thorgersen" >>> <stian(a)redhat.com&gt; >>> Cc: keycloak-dev(a)lists.jboss.org >>> Sent: Wednesday, 10 September, 2014 3:09:20 AM >>> Subject: Re: [keycloak-dev] Are we all set? >>> >>> >>> >>> On 9/9/2014 5:47 PM, Marek Posolda wrote: >>>> Hi, >>>> >>>> I am sorry to not help more with the release as I needed to work >>>> especially on some portal related stuff last weeks (hopefully it's gone >>>> now)... >>>> >>>> Found couple of things: >>>> * AccountService is actually broken for me in Chrome due to latest CSRF >>>> stuff. In FF it works fine, but in Chrome I can't update account or >>>> password. For some reason Chrome is always adding "Origin" header to >>>> the >>>> update requests (even if they are not ajax requests). So the newly >>>> added >>>> condition for CSRF in AccountService.init will always fail. I have >>>> Chrome 37.0.2062.94 (64-bit) . >>>> >>> >>> Ok, I thought Origin header wasn't supposed to be sent with Browser >>> requests. I can probably fix this by allowing same origin. >> >> Added fix to allow same origin. I also added check of 'Referer' header to >> make sure it's same origin as well. >> >>> >>> >>>> * ServerInfo request (http://localhost:8080/auth/admin/serverinfo) is >>>> not available with CORS . I've created JIRA >>>> https://issues.jboss.org/browse/KEYCLOAK-670 and send PR >>>> https://github.com/keycloak/keycloak/pull/683 for this, which is adding >>>> authentication for ServerInfoAdminResource and then it use allowOrigins >>>> from the authenticated bearer token. Admin console is already using >>>> bearer token for sending ServerInfo requests, so no changes are needed >>>> here. I believe that ServerInfoAdminResource should be authenticated >>>> (don't know why stuff like available social providers or themes should >>>> be publicly available). Let me know if you seeing issues with it. I did >>>> not merge PR so far as version in master is already changed to >>>> 1.0-Final >>>> so not sure what is the state of the release . >>>> >>> >>> Merge it. >>> >>>> * Realm public resource (http://localhost:8080/auth/realms/master) is >>>> also not available for CORS requests. Not sure if this is an issue or >>>> not? Thing is that unauthenticated requests can't use CORS at this >>>> moment as I don't know what allowedOrigins to use. Only option is to >>>> allow it for all allowedOrigins (send same >>>> "Access-Control-Allow-Origin" >>>> as original value of "Origin" header from the request) >>>> >>>> * There is still quite a lot of INFO logging . For example when I send >>>> product request from the cors-demo example I have 6 new INFO messages >>>> in >>>> log (Mainly from org.keycloak.adapters package) >>>> >>> >>> Ping me on your status tomorrow (Wednesday). I'll complete whatever you >>> don't finish above. >>> >>> Thanks. >>> >>> -- >>> Bill Burke >>> JBoss, a division of Red Hat >>> http://bill.burkecentral.com >>> >> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-dev >> > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev >