Will it be useful for other scenarios besides automated tests? I am not
seeing why someone would re-import realm every 10 seconds in real
environment?
Even the tests can be easily fixed by put the keys into JSON reps. And
once we fix the adapter tests to not require realm re-import after every
method, even that won't be needed.
Marek
On 06/03/17 13:07, Stian Thorgersen wrote:
Is this maybe something we should improve in the adapter in the first
place? A blind only allow one request every 10 seconds seems a bit to
forceful. Would it not be better to allow X number of failed attempts
within some window?
On 2 March 2017 at 12:26, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
On 02/03/17 10:08, Marek Posolda wrote:
> On 02/03/17 00:29, Bill Burke wrote:
>> Ok, I just spent 1.5 days on debugging a problem and I was ready to
>> throw my Laptop out of the window I was getting so frustrated.
>>
>> #1 I copied code from the arquillian adapter tests to deploy my own
>> servlet. When running in IntelliJ, all logging messages by the
servlet
>> and OIDC adapters were eaten and never displayed.
> Keycloak logging disabled in
>
testsuite/integration-arquillian/tests/base/src/test/resources/log4j.properties
> . AFAIK it's disabled just because running whole testsuite
produces very
> big logs, which caused issues with travis.
>
> I hope it's possible to fix that and have Keycloak logging
enabled when
> running from IDE, but still keep it disabled when running from
command
> line with "mvn" command. Will try to look into it. Created :
>
https://issues.jboss.org/browse/KEYCLOAK-4520
<
https://issues.jboss.org/browse/KEYCLOAK-4520>
Fixed now. Logging for both server and adapters is enabled now when
running test from IDE.
Marek
>
>> #2 If you have a @Deployment it deploys it in @BeforeClass and
only once
>> for all tests run in the class
>>
>> #3 I recreate/destroy my realms for every test
>>
>> #4 The default "min-time-between-jwks-requests" is 10
seconds...Because
>> my servlet doesn't get redeployed per test, the 1st test would
set up
>> the cache for the realm key for the servlet. The 2nd test would
run,
>> because the realms were recreated, there is a different key,
but the
>> min-time-between-jwkds-requests was 10 seconds so it wasn't
updating the
>> key and my logins would fail. This was extermely frustrating
to debug
>> because of #1 and because it only happened if I was running all
tests in
>> the class.
>>
>> The workaround is to set "min-time-between-jwks-requests" to
zero in
>> your adapter configuration. This is an FYI just in case
somebody else
>> runs into this. Took me awhile to figure out.
> Another possibility is to put private/public keys into your
realm JSON.
> Then there is always same keys and same "kid" and application
doesn't
> need to re-download it.
>
> FYI. with my latest changes, there is no realm reimport for
every test
> for most of the tests (see other thread I sent yesterday). But
> unfortunately this is not yet the case for Adapter tests
(subclasses of
> AbstractAdapterTest)...
>
> Marek
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
>>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
<
https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
<
https://lists.jboss.org/mailman/listinfo/keycloak-dev>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org <mailto:keycloak-dev@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
<
https://lists.jboss.org/mailman/listinfo/keycloak-dev>