Re: [keycloak-dev] Are we all set?

----- Original Message ----- > From: "Bill Burke" <bburke(a)redhat.com&gt; > To: "Marek Posolda" <mposolda(a)redhat.com&gt;, "Stian Thorgersen" <stian(a)redhat.com&gt; > Cc: keycloak-dev(a)lists.jboss.org > Sent: Wednesday, 10 September, 2014 4:35:53 PM > Subject: Re: [keycloak-dev] Are we all set? > > Yeah, take a break, celebrate! Wish we could all go out and have a beer. Just one beer? ;) > > On 9/10/2014 10:35 AM, Marek Posolda wrote: > > Ok, will just create JIRAs for next version. > > > > Marek > > > > On 10.9.2014 16:31, Bill Burke wrote: > >> Yeah, just wait IMO. > >> > >> On 9/10/2014 10:27 AM, Marek Posolda wrote: > >>> I've pushed the fix for reduced INFO logging level. > >>> > >>> I've found few other things during quick testing like: > >>> > >>> - Users can register with invalid email like "aaa" . Also they can > >>> change their email in account management to "aaa". Just keycloak admin > >>> console is fine and allows to save just valid email ( > >>> > >>> - In account management, when I fill firstName, lastName for admin user > >>> and won't fill email and then click "Save", it displays me error message > >>> "You didn't specify email", which is correct. But firstName and lastName > >>> are cleared too. Similar can be reproduced when updating user. Basically > >>> Account mgmt form is always reading persistent values from DB and > >>> ignores values previously filled by user before failed validation. > >>> > >>> I guess these are not blocker for release and especially the second one > >>> might be risky to fix now? wdyt? > >>> > >>> Marek > >>> > >>> On 10.9.2014 15:49, Marek Posolda wrote: > >>>> Hi Bill, > >>>> > >>>> I am on reducing INFO stuff and will commit the fix in few minutes. > >>>> Will > >>>> let you know again once it's done. > >>>> > >>>> Marek > >>>> > >>>> On 10.9.2014 15:37, Bill Burke wrote: > >>>>> I'll handle the logging stuff if Marek hasn't gotten to it yet. Thanks > >>>>> for doing all the issues reported by Marek last night. > >>>>> > >>>>> i'll run my last tests using IE and EAP 6.3 to make sure we're good on > >>>>> those platforms. > >>>>> > >>>>> On 9/10/2014 9:28 AM, Stian Thorgersen wrote: > >>>>>> There's no Safari issue after all! So we're good to go. > >>>>>> > >>>>>> ----- Original Message ----- > >>>>>>> From: "Bill Burke" <bburke(a)redhat.com&gt; > >>>>>>> To: "Stian Thorgersen" <stian(a)redhat.com&gt; > >>>>>>> Cc: keycloak-dev(a)lists.jboss.org > >>>>>>> Sent: Wednesday, 10 September, 2014 3:03:12 PM > >>>>>>> Subject: Re: [keycloak-dev] Are we all set? > >>>>>>> > >>>>>>> I'm charging up my macbook. I'll look into it. > >>>>>>> > >>>>>>> On 9/10/2014 8:49 AM, Stian Thorgersen wrote: > >>>>>>>> Apparently login with keycloak.js doesn't work on Safari > >>>>>>>> (https://issues.jboss.org/browse/KEYCLOAK-675). We need to fix > >>>>>>>> this before > >>>>>>>> releasing :/ > >>>>>>>> > >>>>>>>> ----- Original Message ----- > >>>>>>>>> From: "Stian Thorgersen" <stian(a)redhat.com&gt; > >>>>>>>>> To: "Bill Burke" <bburke(a)redhat.com&gt; > >>>>>>>>> Cc: keycloak-dev(a)lists.jboss.org > >>>>>>>>> Sent: Wednesday, 10 September, 2014 2:11:34 PM > >>>>>>>>> Subject: Re: [keycloak-dev] Are we all set? > >>>>>>>>> > >>>>>>>>> We also need to reduce info level log output from adapters. I did > >>>>>>>>> this for > >>>>>>>>> the server for rc-2, but completely forgot about adapters. > >>>>>>>>> Marek is > >>>>>>>>> already > >>>>>>>>> working on this, and I guess it shouldn't take very long. > >>>>>>>>> > >>>>>>>>> ----- Original Message ----- > >>>>>>>>>> From: "Stian Thorgersen" <stian(a)redhat.com&gt; > >>>>>>>>>> To: "Bill Burke" <bburke(a)redhat.com&gt; > >>>>>>>>>> Cc: keycloak-dev(a)lists.jboss.org > >>>>>>>>>> Sent: Wednesday, 10 September, 2014 10:37:15 AM > >>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set? > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> ----- Original Message ----- > >>>>>>>>>>> From: "Bill Burke" <bburke(a)redhat.com&gt; > >>>>>>>>>>> To: "Marek Posolda" <mposolda(a)redhat.com&gt;, "Stian Thorgersen" > >>>>>>>>>>> <stian(a)redhat.com&gt; > >>>>>>>>>>> Cc: keycloak-dev(a)lists.jboss.org > >>>>>>>>>>> Sent: Wednesday, 10 September, 2014 3:09:20 AM > >>>>>>>>>>> Subject: Re: [keycloak-dev] Are we all set? > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> On 9/9/2014 5:47 PM, Marek Posolda wrote: > >>>>>>>>>>>> Hi, > >>>>>>>>>>>> > >>>>>>>>>>>> I am sorry to not help more with the release as I needed to > >>>>>>>>>>>> work > >>>>>>>>>>>> especially on some portal related stuff last weeks (hopefully > >>>>>>>>>>>> it's gone > >>>>>>>>>>>> now)... > >>>>>>>>>>>> > >>>>>>>>>>>> Found couple of things: > >>>>>>>>>>>> * AccountService is actually broken for me in Chrome due to > >>>>>>>>>>>> latest CSRF > >>>>>>>>>>>> stuff. In FF it works fine, but in Chrome I can't update > >>>>>>>>>>>> account or > >>>>>>>>>>>> password. For some reason Chrome is always adding "Origin" > >>>>>>>>>>>> header to > >>>>>>>>>>>> the > >>>>>>>>>>>> update requests (even if they are not ajax requests). So the > >>>>>>>>>>>> newly > >>>>>>>>>>>> added > >>>>>>>>>>>> condition for CSRF in AccountService.init will always fail. I > >>>>>>>>>>>> have > >>>>>>>>>>>> Chrome 37.0.2062.94 (64-bit) . > >>>>>>>>>>>> > >>>>>>>>>>> Ok, I thought Origin header wasn't supposed to be sent with > >>>>>>>>>>> Browser > >>>>>>>>>>> requests. I can probably fix this by allowing same origin. > >>>>>>>>>> Added fix to allow same origin. I also added check of 'Referer' > >>>>>>>>>> header to > >>>>>>>>>> make sure it's same origin as well. > >>>>>>>>>> > >>>>>>>>>>>> * ServerInfo request > >>>>>>>>>>>> (http://localhost:8080/auth/admin/serverinfo) is > >>>>>>>>>>>> not available with CORS . I've created JIRA > >>>>>>>>>>>> https://issues.jboss.org/browse/KEYCLOAK-670 and send PR > >>>>>>>>>>>> https://github.com/keycloak/keycloak/pull/683 for this, which > >>>>>>>>>>>> is adding > >>>>>>>>>>>> authentication for ServerInfoAdminResource and then it use > >>>>>>>>>>>> allowOrigins > >>>>>>>>>>>> from the authenticated bearer token. Admin console is already > >>>>>>>>>>>> using > >>>>>>>>>>>> bearer token for sending ServerInfo requests, so no changes > >>>>>>>>>>>> are needed > >>>>>>>>>>>> here. I believe that ServerInfoAdminResource should be > >>>>>>>>>>>> authenticated > >>>>>>>>>>>> (don't know why stuff like available social providers or > >>>>>>>>>>>> themes should > >>>>>>>>>>>> be publicly available). Let me know if you seeing issues with > >>>>>>>>>>>> it. I did > >>>>>>>>>>>> not merge PR so far as version in master is already changed to > >>>>>>>>>>>> 1.0-Final > >>>>>>>>>>>> so not sure what is the state of the release . > >>>>>>>>>>>> > >>>>>>>>>>> Merge it. > >>>>>>>>>>> > >>>>>>>>>>>> * Realm public resource > >>>>>>>>>>>> (http://localhost:8080/auth/realms/master) is > >>>>>>>>>>>> also not available for CORS requests. Not sure if this is an > >>>>>>>>>>>> issue or > >>>>>>>>>>>> not? Thing is that unauthenticated requests can't use CORS at > >>>>>>>>>>>> this > >>>>>>>>>>>> moment as I don't know what allowedOrigins to use. Only option > >>>>>>>>>>>> is to > >>>>>>>>>>>> allow it for all allowedOrigins (send same > >>>>>>>>>>>> "Access-Control-Allow-Origin" > >>>>>>>>>>>> as original value of "Origin" header from the request) > >>>>>>>>>>>> > >>>>>>>>>>>> * There is still quite a lot of INFO logging . For example > >>>>>>>>>>>> when I send > >>>>>>>>>>>> product request from the cors-demo example I have 6 new INFO > >>>>>>>>>>>> messages > >>>>>>>>>>>> in > >>>>>>>>>>>> log (Mainly from org.keycloak.adapters package) > >>>>>>>>>>>> > >>>>>>>>>>> Ping me on your status tomorrow (Wednesday). I'll complete > >>>>>>>>>>> whatever you > >>>>>>>>>>> don't finish above. > >>>>>>>>>>> > >>>>>>>>>>> Thanks. > >>>>>>>>>>> > >>>>>>>>>>> -- > >>>>>>>>>>> Bill Burke > >>>>>>>>>>> JBoss, a division of Red Hat > >>>>>>>>>>> http://bill.burkecentral.com > >>>>>>>>>>> > >>>>>>>>>> _______________________________________________ > >>>>>>>>>> keycloak-dev mailing list > >>>>>>>>>> keycloak-dev(a)lists.jboss.org > >>>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev > >>>>>>>>>> > >>>>>>>>> _______________________________________________ > >>>>>>>>> keycloak-dev mailing list > >>>>>>>>> keycloak-dev(a)lists.jboss.org > >>>>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev > >>>>>>>>> > >>>>>>> -- > >>>>>>> Bill Burke > >>>>>>> JBoss, a division of Red Hat > >>>>>>> http://bill.burkecentral.com > >>>>>>> > >>>> _______________________________________________ > >>>> keycloak-dev mailing list > >>>> keycloak-dev(a)lists.jboss.org > >>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev > >>> > >> > > > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev