Re: [keycloak-dev] Issue with latest Github master and SAML IDP providers?

From: "Bill Burke" <bburke(a)redhat.com&gt; To: keycloak-dev(a)lists.jboss.org Sent: Tuesday, March 17, 2015 12:47:18 PM Subject: Re: [keycloak-dev] Issue with latest Github master and SAML IDP providers? I was going to look into these problems today. Let me know if you've gotten to them. On 3/17/2015 5:05 AM, Stian Thorgersen wrote: > > > ----- Original Message ----- >> From: "Guy Davis" <guydavis.ca(a)gmail.com&gt; >> To: "Stian Thorgersen" <stian(a)redhat.com&gt; >> Cc: keycloak-dev(a)lists.jboss.org >> Sent: Sunday, March 15, 2015 2:17:19 AM >> Subject: Re: [keycloak-dev] Issue with latest Github master and SAML IDP >> providers? >> >> Hi Stian, >> >> I tried the following using the very latest Github master. >> >> 1. Keycloak appliance (built in distribution folder so Wildfly 8.2). >> Had a problem: >> 1. Doesn't list SAML or Open ID Connect in the Identity Providers >> picklist like previous versions. Please see screenshot >> attached. Did the >> IdP choice get moved? >> 2. Deploying Keycloak into a JBoss EAP 6.3 (from Teiid 8.10). Had >> following errors: >> 1. Failed deployment due to lack of org.bouncycastle module. Not >> part of JBoss 6 Adapter? bcprov and bcpix are in >> auth-server.war/WEB-INF/lib, but something is trying to load it >> as a module. >> 2. After adding a org.bouncycastle module manually using the bc >> 1.50 >> jars, I got a resteasy-crypto module missing error. If I add that >> I >> get >> conflicts between resteasy-2.3.8 in JBoss EAP and resteasy 3 >> that provides >> resteasy-crypto. >> >> So, I'm struggling to see the best way forward. I need to remain >> compatible with Teiid which is tied to JBoss EAP, not Wildfly. As well, >> our app is still geared toward JBoss EAP 6.1.0alpha (aka JBoss AS 7). >> Keycloak indicates adapters for WF, EAP, and AS 7 are all supported. I >> was >> able to demo Identity Brokering just two weeks ago successfully on AS7 >> (6.1.0alpha), so this is a recent change on master. >> >> Please advise on the best path forward. A key benefit of Keycloak over >> other IDP/SSO options was that it could exist in the same JBoss container >> as our other apps and frameworks. > > We support adapters for EAP and AS7, but not deploying the server itself. > We will provide an option for other JBoss projects to build their own > Keycloak to embed into their project though, which would be the > recommended route for Teiid if they'd like to include it. > >> >> Thanks, >> Guy >> >> >> On Thu, Mar 12, 2015 at 11:50 PM, Stian Thorgersen <stian(a)redhat.com&gt; >> wrote: >> >>> I assume this happens after you've clicked on 'PicketLink IDP' on the >>> login screen? >>> >>> Can you try the same with the appliance download? We don't support JBoss >>> EAP 6.1.0alpha, so maybe that's the problem. >>> >>> ----- Original Message ----- >>>> From: "Guy Davis" <guydavis.ca(a)gmail.com&gt; >>>> To: "Stian Thorgersen" <stian(a)redhat.com&gt; >>>> Cc: keycloak-dev(a)lists.jboss.org >>>> Sent: Thursday, March 12, 2015 7:52:00 PM >>>> Subject: Re: [keycloak-dev] Issue with latest Github master and SAML IDP >>> providers? >>>> >>>> Hi Stian, >>>> >>>> Thanks for the response. Yes, I'm still seeing this issue with the very >>>> latest Github master (including today's commit #1038). This was working >>>> for me a couple of weeks ago, before more recent commits. We demoed the >>>> identity broker to our management using a PicketLink test idp.war (in >>> same >>>> container) and also using MS WAAD on Azure. It's a key feature for us. >>>> >>>> Let me provide more details about my environment: >>>> >>>> 1. Building/running with Java 1.7 >>>> 2. Building master with 'mvn clean install -DskipTests=true >>>> -Pdistribution' >>>> 3. Running within a JBoss EAP 6.1.0alpha container using the modules >>>> from distribution\as7-adapter-zip\target\unpacked in >>>> my ApplicationServer\modules\system\layers\base with the following >>>> differences: >>>> 1. Had to add 'org/bouncycastle/main/bcprov-jdk16-1.46.jar' >>> otherwise >>>> Keycloak complained on startup in server.log. >>>> 2. Had to remove 'org/jboss/as' and 'org/jboss/aesh' as they were >>>> overwriting older JBoss EAP 6.1.0alpha versions and preventing >>> startup. >>>> 4. Deploying the auth-server.war by zipping the contents and >>>> renaming >>>> 'auth.war', placing in my standalone/deployments folder. >>>> 5. Updating the standalone.xml file with the required Keycloak >>>> config. >>>> Defining the realm and secure deployments in that XML directly. >>>> 6. Starting with a missing H2 datasource to ensure old data/schema >>>> is >>>> not the problem. On startup, I confirm admin's password and then >>> re-build >>>> my DSIS realm. >>>> >>>> Any help you can provide would be most appreciated. I'm using the >>> Keycloak >>>> master as features being added now such as Kerberos/Spnego and Identity >>>> Brokering are critical use cases for our adoption. >>>> >>>> Thanks, >>>> Guy >>>> >>>> >>>> On Thu, Mar 12, 2015 at 3:49 AM, Stian Thorgersen <stian(a)redhat.com&gt; >>> wrote: >>>> >>>>> Are you still having issues or did you figure it out? >>>>> >>>>> ----- Original Message ----- >>>>>> From: "Guy Davis" <guydavis.ca(a)gmail.com&gt; >>>>>> To: keycloak-dev(a)lists.jboss.org >>>>>> Sent: Wednesday, 4 March, 2015 1:10:52 AM >>>>>> Subject: [keycloak-dev] Issue with latest Github master and SAML IDP >>>>> providers? >>>>>> >>>>>> Good day, >>>>>> >>>>>> I've been using a sample Picketlink IDP locally for testing the SAML >>>>> v2.0 ID >>>>>> brokering, however after updating to latest master and re-deploying >>>>>> components, I'm getting the following error. Any tips? >>>>>> >>>>>> >>>>>> >>>>>> Thanks in advance, >>>>>> Guy >>>>>> >>>>>> _______________________________________________ >>>>>> keycloak-dev mailing list >>>>>> keycloak-dev(a)lists.jboss.org >>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev >>>>> >>>> >>> >> > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev