From: "Bill Burke" <bburke(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Tuesday, March 17, 2015 12:47:18 PM
Subject: Re: [keycloak-dev] Issue with latest Github master and SAML IDP providers?
I was going to look into these problems today. Let me know if you've
gotten to them.
On 3/17/2015 5:05 AM, Stian Thorgersen wrote:
>
>
> ----- Original Message -----
>> From: "Guy Davis" <guydavis.ca(a)gmail.com>
>> To: "Stian Thorgersen" <stian(a)redhat.com>
>> Cc: keycloak-dev(a)lists.jboss.org
>> Sent: Sunday, March 15, 2015 2:17:19 AM
>> Subject: Re: [keycloak-dev] Issue with latest Github master and SAML IDP
>> providers?
>>
>> Hi Stian,
>>
>> I tried the following using the very latest Github master.
>>
>> 1. Keycloak appliance (built in distribution folder so Wildfly 8.2).
>> Had a problem:
>> 1. Doesn't list SAML or Open ID Connect in the Identity Providers
>> picklist like previous versions. Please see screenshot
>> attached. Did the
>> IdP choice get moved?
>> 2. Deploying Keycloak into a JBoss EAP 6.3 (from Teiid 8.10). Had
>> following errors:
>> 1. Failed deployment due to lack of org.bouncycastle module. Not
>> part of JBoss 6 Adapter? bcprov and bcpix are in
>> auth-server.war/WEB-INF/lib, but something is trying to load it
>> as a module.
>> 2. After adding a org.bouncycastle module manually using the bc
>> 1.50
>> jars, I got a resteasy-crypto module missing error. If I add that
>> I
>> get
>> conflicts between resteasy-2.3.8 in JBoss EAP and resteasy 3
>> that provides
>> resteasy-crypto.
>>
>> So, I'm struggling to see the best way forward. I need to remain
>> compatible with Teiid which is tied to JBoss EAP, not Wildfly. As well,
>> our app is still geared toward JBoss EAP 6.1.0alpha (aka JBoss AS 7).
>> Keycloak indicates adapters for WF, EAP, and AS 7 are all supported. I
>> was
>> able to demo Identity Brokering just two weeks ago successfully on AS7
>> (6.1.0alpha), so this is a recent change on master.
>>
>> Please advise on the best path forward. A key benefit of Keycloak over
>> other IDP/SSO options was that it could exist in the same JBoss container
>> as our other apps and frameworks.
>
> We support adapters for EAP and AS7, but not deploying the server itself.
> We will provide an option for other JBoss projects to build their own
> Keycloak to embed into their project though, which would be the
> recommended route for Teiid if they'd like to include it.
>
>>
>> Thanks,
>> Guy
>>
>>
>> On Thu, Mar 12, 2015 at 11:50 PM, Stian Thorgersen <stian(a)redhat.com>
>> wrote:
>>
>>> I assume this happens after you've clicked on 'PicketLink IDP'
on the
>>> login screen?
>>>
>>> Can you try the same with the appliance download? We don't support
JBoss
>>> EAP 6.1.0alpha, so maybe that's the problem.
>>>
>>> ----- Original Message -----
>>>> From: "Guy Davis" <guydavis.ca(a)gmail.com>
>>>> To: "Stian Thorgersen" <stian(a)redhat.com>
>>>> Cc: keycloak-dev(a)lists.jboss.org
>>>> Sent: Thursday, March 12, 2015 7:52:00 PM
>>>> Subject: Re: [keycloak-dev] Issue with latest Github master and SAML
IDP
>>> providers?
>>>>
>>>> Hi Stian,
>>>>
>>>> Thanks for the response. Yes, I'm still seeing this issue with the
very
>>>> latest Github master (including today's commit #1038). This was
working
>>>> for me a couple of weeks ago, before more recent commits. We demoed
the
>>>> identity broker to our management using a PicketLink test idp.war (in
>>> same
>>>> container) and also using MS WAAD on Azure. It's a key feature for
us.
>>>>
>>>> Let me provide more details about my environment:
>>>>
>>>> 1. Building/running with Java 1.7
>>>> 2. Building master with 'mvn clean install -DskipTests=true
>>>> -Pdistribution'
>>>> 3. Running within a JBoss EAP 6.1.0alpha container using the
modules
>>>> from distribution\as7-adapter-zip\target\unpacked in
>>>> my ApplicationServer\modules\system\layers\base with the following
>>>> differences:
>>>> 1. Had to add
'org/bouncycastle/main/bcprov-jdk16-1.46.jar'
>>> otherwise
>>>> Keycloak complained on startup in server.log.
>>>> 2. Had to remove 'org/jboss/as' and
'org/jboss/aesh' as they were
>>>> overwriting older JBoss EAP 6.1.0alpha versions and preventing
>>> startup.
>>>> 4. Deploying the auth-server.war by zipping the contents and
>>>> renaming
>>>> 'auth.war', placing in my standalone/deployments folder.
>>>> 5. Updating the standalone.xml file with the required Keycloak
>>>> config.
>>>> Defining the realm and secure deployments in that XML directly.
>>>> 6. Starting with a missing H2 datasource to ensure old data/schema
>>>> is
>>>> not the problem. On startup, I confirm admin's password and
then
>>> re-build
>>>> my DSIS realm.
>>>>
>>>> Any help you can provide would be most appreciated. I'm using the
>>> Keycloak
>>>> master as features being added now such as Kerberos/Spnego and Identity
>>>> Brokering are critical use cases for our adoption.
>>>>
>>>> Thanks,
>>>> Guy
>>>>
>>>>
>>>> On Thu, Mar 12, 2015 at 3:49 AM, Stian Thorgersen
<stian(a)redhat.com>
>>> wrote:
>>>>
>>>>> Are you still having issues or did you figure it out?
>>>>>
>>>>> ----- Original Message -----
>>>>>> From: "Guy Davis" <guydavis.ca(a)gmail.com>
>>>>>> To: keycloak-dev(a)lists.jboss.org
>>>>>> Sent: Wednesday, 4 March, 2015 1:10:52 AM
>>>>>> Subject: [keycloak-dev] Issue with latest Github master and SAML
IDP
>>>>> providers?
>>>>>>
>>>>>> Good day,
>>>>>>
>>>>>> I've been using a sample Picketlink IDP locally for testing
the SAML
>>>>> v2.0 ID
>>>>>> brokering, however after updating to latest master and
re-deploying
>>>>>> components, I'm getting the following error. Any tips?
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thanks in advance,
>>>>>> Guy
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-dev mailing list
>>>>>> keycloak-dev(a)lists.jboss.org
>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>>
>>>>
>>>
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev